COVID-19 showed many organizations the value of “work from home”. As a result, some companies are considering extended or permanent “work from home” and “work from anywhere” programs.
While this can be a benefit to the organization’s bottom line and employee satisfaction, it does have its downsides. Supporting a “work from anywhere” program requires the ability to ensure the productivity and security of a globally distributed remote workforce.
Traditional approaches to network security are inadequate when the corporate WAN expands to include cloud-based infrastructure and a growing remote workforce. Even software-defined wide area networking (SD-WAN), with all of its associated benefits, is not enough. Deploying effective and efficient security for the modern WAN requires an understanding of what is SASE and its benefits for companies wishing to embrace the trend of “work from anywhere”.
The Growth of “Work from Anywhere”
The COVID-19 pandemic accelerated an existing trend toward remote work. Some organizations had begun experimentation with the concept of allowing employees to work from home either part of all of the week in an effort to increase employee job satisfaction and reduce overhead associated with operating large offices. With COVID-19, organizations were forced to suddenly shift most or all of their workforce to telework with largely positive results.
In the wake of the COVID-19 pandemic, many organizations are considering continuing support for telework programs, potentially indefinitely. This enables them to reduce costs and take advantage of a global workforce, increasing the size of the talent pool available to the organization.
In the process, some organizations and employees have discovered that “work from home” and “work from anywhere” are not that different from a productivity standpoint. However, in terms of the balance between network security and employee efficiency, a relatively localized workforce and a global one have very different requirements.
Traditional Network Security is No Longer Effective
Traditionally, most organizations have relied upon the corporate LAN as a centralized clearing house for network security. By routing all traffic through the cybersecurity deployment located at the network perimeter, it is possible to maintain complete visibility and security inspection.
However, this is only an efficient method of managing WAN security if most or all of the organization’s business traffic has a source or destination within the organization’s network perimeter. Otherwise, traffic must take a detour through the corporate WAN before being routed on to its destination.
As organizations increasingly support a remote workforce, this second case is increasingly common. As a result, organizations require a new, modernized approach to securing their network infrastructure.
SD-WAN Is a Good Start for Modern WAN Security
The advent of SD-WAN was a step in the right direction for securing the modern network. At its core, SD-WAN is intended to change how the corporate WAN is implemented.
SD-WAN appliances are capable of optimally routing traffic over the best of multiple transport media, providing reliability and throughput guarantees similar to legacy multiprotocol label switching (MPLS) infrastructure. By deploying these SD-WAN appliances throughout the corporate network, organizations move network routing functionality to the network edge. This enables a transition to a more fully connected network from legacy “hub and spoke” models.
Secure SD-WAN takes this a step further. By integrating security functionality into the SD-WAN appliances, including a next-generation firewall (NGFW) and secure web gateway (SWG), secure SD-WAN provides security guarantees similar to those of an organization’s traditional perimeter-based protections. This enables an organization to optimally route its traffic between geographically distributed sites with no impact on network security.
The problem with SD-WAN is that its benefits are limited to the geographic sites where SD-WAN appliances are deployed. Remote workers or cloud-based infrastructure with no “local” SD-WAN appliance must route their traffic through the nearest site in order to maintain network visibility and security. For a growing percentage of an organization’s network traffic, this provides little or no benefit compared to legacy approaches that route all traffic through the enterprise LAN.
SASE Enables Scalable, Efficient Security
As organizations’ network and infrastructure becomes more geographically distributed and cloud-based, network security should follow suit. SASE takes all of the functionality associated with secure SD-WAN and moves it to the cloud.
This enables an organization to secure their corporate WAN with minimal performance impacts. If cloud-based SASE points of presence (PoPs) are located geographically close to the source and destination of network traffic, then routing traffic through the corporate WAN has little or no performance impact for cloud-based services and remote users. Since security functionality is integrated into each SASE PoP, traffic can be optimally routed through the WAN while receiving the full benefits of the integrated security functionality.
As modern WANs expand to include more off-site users, security must move to the network edge to ensure a balance of network performance and security. Traditional security solutions that depend upon all business traffic passing through an enterprise LAN – whether centralized or including multiple SD-WAN appliances – are inadequate. SASE is the logical choice for businesses considering an extended or permanent transition to telework.
Kidal Delonix is a contributor to Mr. Hoffman's blog. The views and opinions are entirely his/her own and may not reflect Mr Hoffman's views.
