Remote access needs strategic planning right now
IT pros should start work on a better remote-access architecture, perhaps the secure access service edge
8 May 2020 | 0
The future of remote work has arrived.
With the work-at-home mandates triggered by COVID-19 quarantines, businesses have adapted on-the-fly to create remote-networking environments that maintain corporate security. Largely, they have done so by expanding traditional remote access solutions including VPN infrastructure and services, virtual desktop infrastructure, secure Wi-Fi access points and even SD-WAN for home use.
These traditional VPN-based solutions can have some significant disadvantages, including poor performance, security vulnerabilities and are not necessarily easy to use. So with the likelihood that work-at-home will become a permanent circumstance, IT departments need to look for a better long-term answer.
Over the next two to four years, enterprises have the opportunity to strategically plan for a converged architecture that addresses both networking and security: the secure access service edge or SASE (pronounced “sassy”).
SASE combines WAN capabilities with security, and delivers them via services based on identity, time, context, compliance with enterprise policies and risk assessment, according to Gartner, which created the term.
Technology suppliers are moving rapidly to extending their network and security solutions from the data centre and branch office to the remote office, and this could fit the SASE model.
Employees working out of their houses need access to any application, from any device, from any location and on any available network. They use critical applications such as VoIP, video and SaaS that require fast, low-latency connections. And because this access is deployed widely, the solution must be easy to install, simple to operate, flexible and cost effective.
Work-at-home users must have direct internet access to cloud-based applications to overcome performance and latency issues with traditional remote access VPNs that route traffic from the user to the data centre to the cloud, back to the data centre and finally back to the user.
Security for home workers must be based on identity, not location, and single-sign-on and identity-access technology can streamline the access process. Sensitive data should be encrypted on the end device and when in motion. User context is critical to understand what application is being accessed and where data is moving. Cloud-based security technology can provide malware protection, anti-phishing, and data-loss prevention.
Centralised provisioning, management and intelligence troubleshooting is critical for IT staff to support remote users. That support is complicated by the broad number of devices, networks and applications employed at home.
Regardless of the length of the current pandemic disruption, IT must plan for situations in which it will have to support a large distributed workforce. They should evaluate the pluses and minuses of their current solutions based on the following:
- Can the solution scale up and scale down?
- What is the level of protection against external threats and data loss, and how well does the solution integrate with existing security architecture?
- What is the performance of critical applications, and how can slowdowns be addressed?
- What percent of the time are applications and data unavailable?
- How much support does each remote user require?
- Including hardware, software and as a service solutions, what does the solution cost?
Long-term migration to SASE
The convergence of network and security with cloud-based intelligence within the SASE architecture dramatically expands the options for IT and security teams to support a distributed workforce.
SASE acknowledges that enterprise use of cloud and SaaS have changed network traffic patterns that require fundamental changes to networking and security. It also notes that advances in both networking and security software, and cloud intelligence have enabled new solutions that are quick to deploy, scalable, flexible and simple to manage. In addition, edge computing and IoT applications require distributed, low-latency networking and security that are likely to be delivered in cloud-based as-a-service model.
By combining on-premises and cloud-based services, SASE delivers a broad range of network and security functionality – including SD-WAN, routing, VPN, firewall, data-loss protection, identity, zero trust and software defined perimeter – in a unified model.
The advantages of SASE can be applied to work at home solutions and thus integrated into an overall SASE-based network/security architecture. This will provide IT organisations significant benefits in terms of ease of deployment, centralised management, and uniform security and compliance.
This integration of remote access into SASE architectures will take time due the complexity of technology and the need to combine multiple solutions that are incompatible today. But meanwhile, it is important to keep an eye on what the technology suppliers are doing toward that goal and to evaluate their individual strengths and weaknesses.
IDG News Service