This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Preparing for a Permanent Teleworking Environment
In the second and third quarters of 2020, we saw the acceleration and near mass adoption of teleworking in response to the global pandemic. Fortunately, the older remote-access virtual private network (VPN) technologies that were in place for road warriors held up well and generally provided a solid foundation. As the world enters the second wave in late 2020, however, enterprises are contemplating remote working as a permanent situation. As such, they require better ways to manage and secure remote-access services. SD-WAN technology, which has seen growing adoption for managing branch connectivity, could meet this teleworking need.
The home office
The kinds of workers that require robust teleworking setups are those that need to be treated from a data security and operational standpoint as if they are still on the premises. They aren’t so much working remotely as setting up a true home “office.”
Take, for example, radiologists, who moved home during the pandemic and brought some very expensive imaging and diagnostic equipment with them. They are a good example of the kind of worker who needs to have a near-instantaneous connection to what their colleagues are working on without having to worry about access privileges, security, and the hassle of signing into a VPN.
At the same time, the explosion of these permanent home offices means that IT managers are spending much more time on managing services to remote workers, such as the underlying connectivity, authentication, and the security of end devices. SD-WAN improves manageability, security, and business continuity using central, policy-based management of branch services and security.
Limits of VPN remote access
Although remote access to the corporate WAN has held up well during the pandemic, there are several issues with the current paradigm for home workers.
First, there is the cost and complexity associated with managing the IT-based network and security policies, which are different between users connecting remotely and those on the office local area network. IT needs to manage rules about what can and can’t be accessed remotely, set up additional authentication systems for access to sensitive systems, and manage remote access to the Internet and the cloud for workers.
Additionally, with reference to the Internet and the cloud, the home worker is only subject to IT controls for as long as they are on the VPN. Once they drop the connection, they are open to the Internet where they can expose their device to infection. This means that IT also has to manage a suite of device endpoint protection services such as anti-virus and firewall functions — as well as a robust process for keeping those up to date.
The branch at home
SD-WAN eliminates the operational complexity for IT by treating the home environment as a branch extension of the corporate network. The SD-WAN gateway, which is fully under the control of IT, replaces the employee’s device as the hardware demarcation point.
The SD-WAN gateway also eliminates the issue of employee usage and behavior, as they no longer have the option of disengaging from the corporate network and thereby avoiding its policy controls. The gateway sets up a secure and separate network segment from other home users. This also has the advantage of protecting the corporate devices from infection by other residential users in the home.
Under this setup, the teleworker becomes a micro-branch and appears to IT as a single management domain. In other words, the same network controls, application visibility, and business and security policies that apply across the enterprise also apply here. Even advanced IT policies, such as direct to cloud/software as a service (SaaS) connections that utilize secure access service edge (SASE) functions, can be deployed using the SD-WAN gateway.
With SASE, the gateway can provide secured local Internet breakout, avoiding the tromboning that occurs with remote-access VPNs that route traffic from the home user through the corporate network and then to SaaS cloud services, such as Office365. The direct cloud connection is secured via the stateful firewall and security policies on the SD-WAN gateway, but the path to the application is shortened.
The SD-WAN home office gateway can’t compete with remote-access VPNs in terms of upfront cost, but the long-term total cost of ownership will be competitive. This means that for ad hoc teleworking situations and mobile workers, remote-access VPNs will be preferred. However, for a certain class of strategic employee that is setting up a permanent or semi-permanent WFH office, SD-WAN may be the most secure and efficient solution.