As non-essential businesses shut down over coronavirus concerns, many enterprises have ordered their employees to work from home, to stop the spread of COVID-19. Suddenly, companies found themselves supporting large numbers of remote employees with existing networking technologies — a challenge for many unprepared businesses.
The VPN Problem
Under normal circumstances, a virtual private network (VPN) is an effective way of granting teleworkers access to company resources. VPNs use virtual connections routed through the Internet from a company’s private network to a remote site or person. Security is ensured through some form of authentication, whether it’s passwords, tokens, or biometrics.
The problem with VPNs is that performance can be affected by several factors, such as the Internet service used, the device a person is connecting from, and the encryption method. Add the strain of thousands of teleworkers trying to connect to bandwidth-hungry applications, such as video conferencing, and what you get is a network that overloads and crashes.
Companies can easily rack up additional costs setting up new users since VPN accounts are licensed. The unplanned expense of scaling quickly as the entire organization moves to working from home overnight is daunting. Although licensing costs vary depending on vendors, companies generally pay per user with corporate VPN solutions.
Even if a company has the budget for an unexpected influx of teleworkers, most employees aren't tech-savvy, and something as simple as firing up a VPN client can be confusing. When logging in at home, users can run into various problems with VPN connections. For example, a VPN connection can be rejected, requiring a user to troubleshoot, and they might be unable to get access at all. I interviewed one company recently, and the CIO told me provisioning VPNs is overwhelming the help desk as it takes about 30 minutes of phone time to get a user up and running. VPNs were designed for occasional access for a subset of users, not to have everyone in the organization access at once.
How Providers are Responding
Networking technology has come a long way since the early days of VPNs. Secure access service edge (SASE), a new tech category first
introduced by Gartner, addresses scale, bandwidth, and cost challenges companies typically face with VPNs. SASE converges the WAN edge and network security into a cloud-based, as-a-service delivery model.
Business demand for simplicity and scalability is what’s driving some vendors to come up with new SASE-based solutions that can equip an entire workforce with instant remote access without the extra expense of deploying hardware and software.
Cato Networks is one of them. The SASE platform provider just launched a clientless service, called Instant Access for Cato SDP, which lets businesses support an unlimited number of remote users. Cato already offers a client-based service as part of its SASE platform, called Mobile Client. The services are configured and managed through a single networking and security portal.
Since the coronavirus outbreak, companies have been scrambling to deploy large-scale, remote access for employees. In the past two months alone, Cato observed traffic from remote users more than double across its global network and launched a clientless option for its software-defined perimeter (SDP) solution that leverages SASE.
With Instant Access, users click a URL and are authenticated through single sign-on (SSO) to gain access. Multi-factor authentication enabled by SASE simplifies the login process by eliminating the many steps it takes to authenticate VPN users. Users are then presented with a portal of authorized applications, eliminating the risk of attackers stealing a user’s credentials and accessing unauthorized network resources. For secured access to the rest of the corporate network, users would run Cato’s mobile client on their devices.
Cato SDP sends remote traffic across a global private backbone instead of the public Internet and provides continuous threat prevention, ensuring more protection than a VPN. SASE is identity-driven (not only driven by IP addresses), so an identity is attached to every person, application, service, or device within a company. The identity follows a person or device wherever they need access and makes the experience seamless for the user.
In the current situation where most employees are working remotely, the security implications of them accessing enterprise apps on personal, unmanaged devices over home Wi-Fi networks can be serious.
SASE can address these growing security and scalability demands in ways that traditional VPNs no longer can. It’s a new reality that companies must face.
