Network security is not a product, it is a process. If you can not afford to lose a certain piece of data or a critical system, do not connect it. There is no such thing as 100% secure, so start with a policy - deny everything and then only allow applications you explicitly desire. Over complexity will introduce security risks, so keep things simple. Do not forget to invest in training; otherwise processes and people could undermine any technical solution that you may implement. Take advice from security specialists, balancing investment in security proportionally against the value of the assets at risk. Finally, don’t forget threats can come from inside, as well as outside, your business.