In the wake of COVID-19, many organizations are seriously considering supporting “work from anywhere” programs for a large percentage of their workforce. However, traditional security infrastructure is ill-suited to securing a large remote workforce. When trying to build the infrastructure required to support a large-scale remote workforce, it is important to understand SD-WAN benefits and how it can effectively support and secure the modern business.
The Growing Push for “Work from Anywhere”
While the COVID-19 pandemic forced many organizations to rapidly switch to supporting telework, the move toward remote work existed long before 2020. Research has demonstrated that allowing remote work provides a number of benefits to the teleworker and organization alike. During COVID-19, many organizations discovered that many objections to telework were invalid and have considered transitioning some or all of their workers to full or partial telework on a permanent basis.
While the intent behind this change may have been to enable “work from home”, many have seen that “work from home” and “work from anywhere” are not that different. As employees seek added flexibility in their work locations, organizations must be capable of securing their new remote workforce.
To make it so, organizations must put all their efforts into finding a service provider or consultant that can team up and make network management a hassle-free process. For those of you who are searching, here you have FlexiWan
Remote Work Introduces New Security Challenges
Securing a remote workforce is different and more challenging than securing a fully on-site one. When all workers are using corporate-owned machines and connected directly to the enterprise network, maintaining full security visibility and enforcing corporate security policies is much easier than when employees may be using personal devices and are connecting to the corporate network via untrusted personal or third-party networks.
Securing these teleworkers requires securing both the remote worker’s device and their network connection. While endpoint security can be complex, it is a solvable problem through a mix of organizational policy and security solutions. By requiring the use of a corporate-owned device for remote work and installing corporate security solutions, such as an antivirus, an organization can reduce the vulnerability of teleworkers’ devices to malware infections and other cybersecurity incidents.
Securing the teleworker’s network connection is a greater challenge for an organization. Remote workers are connecting to the enterprise network via untrusted networks. While many organizations use virtual private networks (VPNs) to help solve this problem, they are not a perfect solution.
Traditional Security Infrastructure is Insufficient
VPNs are a common solution to the need to secure the network connections of remote workers. If a teleworker connects via VPN, their traffic flows encrypted between their device and the VPN endpoint on the enterprise network. There, it can be decrypted and inspected by the organization’s security infrastructure.
One of the major challenges associated with VPNs is that they scale poorly. Part of the reason for this is that a teleworker sends much more traffic through the network perimeter than an on-premises worker. For someone working from the office, any traffic intended for internal destinations does not pass through the corporate security infrastructure.
For a teleworker, all traffic passes through the enterprise’s perimeter-based defenses at least once. If the traffic is intended for a destination outside of the enterprise network, such as the organization’s cloud-based infrastructure, teleworker’s traffic passes through the perimeter twice (inbound and outbound), increasing the strain on the organization’s network infrastructure. When a large percentage of the organization’s employees are working remotely, the additional load on the organization’s network and security infrastructure can have a significant impact on network performance and employee productivity.
Beyond the scalability issues associated with VPNs, the fact that they are deployed solely on the enterprise network impacts network performance. As organizations increase their reliance upon cloud-based infrastructure, a high percentage of employees’ network traffic is destined for locations outside of the network perimeter. For all of this traffic, routing traffic through the enterprise network, by way of the teleworker’s VPN connection, increases network latency and degrades network performance.
SD-WAN Enables Secure and Scalable Telework
As organizations increasingly support “work from anywhere”, it is essential that they put in place security solutions capable of protecting and securing a growing remote workforce. This includes both enforcing strong endpoint security and maintaining visibility and security inspection for business traffic.
VPNs are a commonly used but ineffective solution for securing teleworkers’ network connectivity.
While they provide a secure connection between the teleworker and the enterprise network, they do so at the expense of network performance and employee productivity. VPN infrastructure scales poorly and dramatically increases latency for traffic bound for destinations outside the enterprise network.
SD-WAN enables an organization to take advantage of a secure, efficient network by moving network routing and security functionality to the network edge. By distributing SD-WAN appliances, which include integrated security functionality, throughout the corporate WAN, an organization can remove the need to route all traffic through the enterprise network for security inspection. This mitigates the network latency incurred by inefficient routing and reduces load on the headquarters network, enabling much higher performance than a VPN-based solution.
However, SD-WAN alone is not enough to address teleworkers’ needs as many SD-WAN solutions rely upon physical appliances. Secure access service edge (SASE) moves the functionality of a secure SD-WAN deployment to the cloud.
By distributing an array of SASE points of presence (PoPs) in the cloud and connecting them with high-performance, secure network links, an organization can rapidly and efficiently route traffic throughout the corporate WAN. With widely distributed PoPs, geographic distances to the nearest PoP are minimized, making it possible for a teleworker to achieve secure connectivity to and through the enterprise WAN with minimal performance impacts.