If trends continue, 2021 may be remembered as the year hybrid work went mainstream. As organizations look toward their post-COVID operations, many of them are planning to let a significant number of their employees continue to work remotely at least part of the time. Because they have already invested in tools and solutions to help their employees remain productive, there's no reason to deny those employees who prefer remote work the ability to keep doing it.
Some organizations also are expanding their talent pool by hiring employees who are fully remote and other organizations are increasing their number of remote office locations. All of these changes add up to an increasing need to provide IT services that can support a "work from anywhere" (WFA) model.
Securely supporting the ability to work any time and from virtually any place means SD-WAN, SD-Branch, Secure Access Service Edge (SASE), and Zero Trust Network Access (ZTNA) all will become more important. And the increase in cloud-based operations for everything from infrastructure to software offers flexibility and agility. But everything must be secured with consistent policies and controls across all of your operating environments, especially across multiple clouds.
Work from Anywhere and Cloud
Effective and flexible WFA requires security and networking solutions that work consistently and efficiently. If tools aren't transparent or easy to use, people are more likely to find ways to work around them, which compromises security. A good user experience requires an SD-WAN solution that can respond to issues like latency and provides granular application access from branch offices and home networks. Cloud on-ramp and application steering also help optimize application performance, which keeps users happy. Whether applications hosted on-premises or in the cloud, an ideal SD-WAN solution takes an application-aware approach to manage and monitor traffic to ensure an optimal user experience.
The move to WFA also means more users need to access cloud-based applications directly without routing traffic to on-premises data center for inspection. And not surprisingly, these applications that store, transmit and process sensitive information have become a target for threat actors. Because of this, security deployed in the cloud to protect applications and cloud infrastructures must be able to share and correlate threat information with the security technologies embedded in SD-WAN to maintain broad visibility and prevent the spread of malware. Security policies and protocols also need to be communicated among different network environments, both to make sure policies are enforced consistently and to avoid performance-killing security bottlenecks.
The most effective way to make WFA work is for security and networking to be integrated. By creating a security-driven networking strategy, organizations can adapt to inevitable changes and expansion. With a unified strategy in place, whenever their networking infrastructure evolves or expands, the security adapts and scales automatically along with it. Making security an integrated part of the networking infrastructure protects user or device extended identity because policy can follow applications and services from end-to-end, ensuring that protection remains consistent and accelerated performance is enabled across all network edges.
Farewell to the VPN
Long-time remote workers are extremely familiar with VPN, which has been around for years. Part of the "morning routine" for many remote workers has been to launch their VPN client to connect to the network. But that's been increasingly difficult because of the inherent security and resource limitations of VPN technology, especially in a distributed environment where resources may be in a variety of places and things like collaboration tools and other applications may exceed the functionality of a traditional VPN tunnel.
Another problem with VPN is that it basically acts as a gatekeeper to the network, with the assumption that anyone or anything that passes the network perimeter controls using an encrypted connection can be trusted. Unfortunately, with today's distributed networks, this perimeter-based approach can lead to serious security issues.
The zero-trust security model takes the opposite approach: no user or device can be trusted to access anything until proven otherwise. Zero Trust Network Access (ZTNA) is the natural evolution of VPN technology because it offers better security, more granular control, and a better user experience.
Unlike a VPN, the ZTNA application access policy and verification process are the same whether a user is on or off the network. By default, users on the network are assumed to be no more trustworthy than users that are off the network. And it extends traditional ZTA network access to per-application usage, so systems administrators not only know who is on the network, but even which applications they are currently using, with transactions and usage constantly being monitored and inspected. The other difference from a traditional VPN is that ZTNA extends the zero-trust model beyond the network, further reducing the attack surface by hiding applications from the internet behind a proxy point, eliminating them as a potential target.
A ZTNA solution should include an automated encrypted tunnel for instantaneous secure connectivity from the user device to the ZTNA application proxy point the moment access to an application is initiated. This level of awareness and automatic tunnel creation makes ZTNA easier to use and more reliable than traditional VPN tunnels.
Connecting Anywhere
As more organizations work to maintain or even expand a WFA strategy, they need to focus on simplicity. Even "best of breed" solutions don’t always communicate with one another, share actionable intelligence, or function as part of a coordinated system to respond to a potential threat. The reality is, an integrated platform will outperform any array of non-platform point solutions and have advantages in terms of automation and policy consistency. And simplicity is the heart of any effective security strategy.