Planning for the Cloud-First Future: The User Is the New Office
As the world transitions to a post-pandemic “new normal,” the way we work will never be the same. Many companies — from Salesforce to Uber — are making plans to continue with either a fully-remote or a hybrid work model. With employees regularly accessing company data outside the four walls of the office, organizations need to follow suit and migrate the network infrastructure and security that protected their physical headquarters to the Cloud.
IT professionals and CIOs are acutely aware that outdated, appliance-based security and networking solutions are not capable of keeping up with dispersed workforces.
By definition, the on-premises appliances of yesterday are simply not up to the task of a remote, Cloud-based future. However, many organizations still employ older technology in their corporate headquarters, which serve as band-aids instead of long-term solutions.
The shift to the Cloud, which began well before the pandemic, led to increased use of Virtual Private Networks (VPNs) to ensure that all employee data was scanned and secure. Routing network traffic through a VPN and back to the security racks at company headquarters made sense when remote workforces were significantly smaller. But with more employees working from everywhere and Cloud applications like Microsoft 365, Google Docs and DropBox now standard, the limitations of VPNs became clear.
When the world went remote last spring, throughput demands exploded and VPNs simply could not keep up because they can only handle so much traffic at once. This leads to bottlenecks that result in slow connections (and decreased employee productivity). When VPNs are overloaded, some organizations use split tunneling to improve speed. This traffic is sometimes not inspected as closely, though, presenting risks that were clear even before April’s Pulse Connect Secure hack that demonstrated VPNs may actually lead to some unforeseen security vulnerabilities.
So where does that leave us? We simply cannot trade off security for productivity (or vice versa).
In fact, these dual needs of security and productivity are the two highest business priorities according to a recent study by IDG. In it, 56% of CIOs surveyed said they planned to prioritize increasing operational efficiency and productivity, while 57% answered that increasing cybersecurity protections is a top priority.
To move forward with the migration toward network security that follows the user, many organizations are now turning away from the on-prem appliances and the VPNs they require by adopting Secure Access Service Edge (SASE) architecture, a networking model first described by Gartner in 2019. This new model combines security functions such as secure web gateways, firewalls and more with the networking capabilities. SASE is ideal for the future of remote and hybrid workplaces because it delivers these combined functions in a single solution directly to each employee and device no matter where they are located.
Despite the desire to move to a new model, we hear from clients every day who have no idea how to migrate their network security to the Cloud and make the change from on-prem appliances to SASE.
These are the initial steps needed to make the move to SASE:
1) Take inventory so you know what actually needs to be phased out
Migrating your on-premise security to a modern, Cloud architecture can at first seem daunting. The existing appliance-based system may be filled with years of policies and network security rules that need to be moved to the Cloud. Your first step is to identify areas where a move to SASE can help reduce cost and complexity. Ultimately, transitioning to SASE and decommissioning hardware appliances will help lower both CAPEX and OPEX costs by reducing the number of physical appliances as well as the ongoing maintenance cost and management they require.
2) Evaluate your current technology to help consolidate vendors
As you look to adopt a SASE platform, evaluating what vendors you currently employ for security functions such as secure web gateway, Cloud access security broker, malware defense and data loss prevention will help you understand the benefits of consolidation. This evaluation will lead you to identify which on-prem security solutions can be decommissioned and help you reduce the number of appliances in your network security environment.
3) Adopt Zero Trust principles
Implementing Zero Trust allows organizations to ensure fast, compliant and secure connections from any location. Regardless of your current security architecture, you can begin embracing zero trust principles across your organization today by defining access to information based on who the user is, including the user’s role within an organization. SASE network security helps simplify this process by constantly applying these policies based on identity, while streamlining policy management for administrators.
4) Employ solutions with the best visibility and control
As you evaluate potential SASE Cloud offerings, consider solutions based on containerized gateways instead of multi-tenant platforms. Containerized gateways segment your information and guarantee that you have full control over all security aspects and full visibility over the user data and activity. This approach is the best at ensuring strong security and privacy regulations.
The future of work is rapidly changing.
Headquarters today are no longer central locations, the user is the new office. More employees than ever before will continue to access more information on the go. The Secure Access Service Edge model is best equipped to meet the needs of the modern workplace. While transitioning to a new, cloud-based security and networking HQ model may be intimidating, by taking the process one step at a time, any organization can take the path toward modernizing their defenses.
[To share your insights with us, please write to firstname.lastname@example.org]