The Only Constant Is Change — Rethinking Secure Access for a New Workforce

It seems like a long time ago now when IT teams had their annual strategy meeting, where topics related to network modernization with SASE or SD-WANs, remote access, threat prevention, and cloud adoption were likely discussed. COVID-19, however, has caused a lot of these initiatives to take a backseat and put the spotlight on business continuity.

Business continuity means keeping the business in operation as its leaders navigate the current realities of employees working remotely, closed office buildings, and other challenges. From an IT perspective, it’s about making sure all corporate applications of any nature remain available to all employees, regardless of where the applications or employees reside. One good thing: Business continuity encompasses some of the objectives of that strategy meeting earlier in the year, such as secure remote access, threat prevention, and availability of corporate applications.

Cybersecurity Live - Boston

There are three steps IT departments need to take in order to engage business continuity best practices. Step one relates to application discovery. A lot of our customers have recently identified lack of application visibility as a top concern as employees are working remotely. Knowing which applications were being accessed by employees was a challenge because access logs contained network layer information, i.e., IP addresses and port numbers. The second step is to enable cloud and on-premises application access with equally secure measures. Providing the best performance for these applications is important, as it affects employee productivity. Step three requires enabling non-employees with the same security and access as workers. In the past, internal policies may have required that some business-critical applications were accessed only from within office buildings. As a result of the COVID-19 pandemic, those employees have to be provided laptops with secure access to those applications.

To get started, IT managers may look to increase utilization of their existing solutions. Some businesses may have embarked on network modernization by deploying SD-WAN (software-defined wide-area network) solutions within their enterprise network. These are used to intelligently link office locations using multiple WAN technologies and allow for flexible routing of traffic, –that is, the ability to control very easily how data is sent and which path it should take. This makes the network more agile, reduces operational overhead, and improves the overall performance of applications. However, it doesn’t address user mobility. When users leave the office location, there’s no way to connect them to the SD-WAN. The pandemic has caused employee homes to become office locations, and it’s not scalable to deploy multiple SD-WAN appliances to employees’ homes.

To address remote employee connectivity, IT managers may turn to existing VPN solutions. Traditional VPN solutions have been around for decades but present a myriad of challenges. They don’t offer much-needed visibility into user-to-application workflows for IT admins, they are difficult to manage, and introduce performance issues when applications are accessed. As users began working remotely, these issues were exacerbated. Many companies never planned for a 100% remote workforce. They saw their operational overhead rise as additional VPN user licenses and data center concentrators had to be purchased to meet their needs. Employees and contractors with non-remote work status had to be provided laptops with software licenses for use remotely. Those additional licenses, and laptop shipping costs, also added to operational overhead.

As employees continue to work remotely for extended periods of time, businesses need to ensure users are provided with all they need to maintain pre-COVID-19 productivity levels. This includes a high level of performance when accessing corporate applications. Applications, such as those used for collaboration, might require a certain quality of service that a traditional VPN is unable to provide. VPNs are an overlay technology and rely on the internet for functionality. If an employee’s internet service is poor, application performance suffers when accessed through a VPN.

Some companies may implement BYOD policies, allowing employees access to corporate applications using any personal device through a traditional VPN. However, this approach is not without corporate security risk. These unmanaged devices are being used for company as well as personal use and are outside the control of IT. Some websites have been set up for phishing purposes and serve as delivery sources for malware to employees’ machines. We saw a nearly 400% spike in the number of DNS queries to malware-associated websites in March. Once malware is resident on devices with active VPN connections, it’s able to access and move laterally across the internal private network, putting corporate applications at risk.

As businesses reopen, only a handful of employees will be allowed to be in the office. Some companies have allowed all their employees to work remotely permanently. This presents an opportunity to explore more secure longer-term solutions to address remote access and application security requirements. Traditional VPN solutions are decades-old, inherently risky, and don’t provide an ideal user experience for today’s remote workers. Don’t just take it from me — you can read about experiences with traditional VPNs from one of our customers here.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Chinedu Egonu. Read the original post at: