Secure and Remote
Managing a secure “environment” in a remote-focused workforce
Global Workplace Analytics estimates that “25–30% of the workforce will be working-from-home multiple days a week by the end of 2021.”
What is an “Environment”?
Before we dig into the depths of security, let’s define an environment. For our purposes, we will define an environment as a location and its surroundings. A network environment is a network of devices that communicate with one another and can route traffic to and from its boundaries. The surroundings of a network environment can be other devices, routers, switches, servers, tunnels, or more. A network device that is local to another network device is the surrounding the the latter device.
Defining an environment is important because of locality. What is local is part of the environment. If 2 devices are on the same network, then they are local, and part of the others surrounding environment. A traditional network environment is just that, traditional.
Traditional Security Approach
We discussed a traditional network environment, but it is also important to secure that environment. Traffic can be routed in and out of the boundaries, yes, but we want to make sure the traffic coming in and going out is safe, requested, and properly routed.
Traditionally, this is done inline at the network edge using a firewall. A firewall is a device to monitor the traffic in and out for malicious properties and traffic that matches a set o rules defined by the administrator. This is usually paired with a router to route the traffic after it has been vetted against the firewall rules.
The traffic from there can be sent through switches, secondary routers, IPS/IDS systems, or directly to endpoints. The endpoint devices can have additional firewall capabilities to prevent unwanted traffic or unwanted applications from communicating. If the device is not within the network, a VPN solution is usually implemented to allow the device to have traffic routed through the network.
Traditionally, this is how infrastructure security is implemented. Note that this is a low-level example and not a recommended implementation, you will want to consult a network security expert if you are looking for that.
Remote Security
As mentioned previously, a VPN is the traditional approach to remote security. This allows a device that is not on your local network to communicate and function as if it were. The advantage of this is the security policies at your firewall and other network security devices are in place, whereas a remote device not connected to a VPN on your network is fully open to the internet, putting the data on the device at a higher risk.
With the modern workforce going remote, this approach cannot be sustained. Decentralizing your corporate network is important to allow for continued remote work and the growth of the work from home movement. If there is no central location to house a firewall and VPN, how can we secure the traffic of endpoint devices?
Network Security of the Modern Network
The modern network is decentralized. To have a decentralized network, you have to layer it upon the internet. The network of tomorrow is a secure connection between devices using the public internet. Why is this? With more and more remote devices, it is pointless to maintain a single area and define it as the network due to the lack of physical locality to the place.
Modern toolsets exist to assist with this. In 2019, Gartner introduced a new software product category known as a Secure Access Service Edge, or SASE (pronounced sassy. I know, it could be better.). A SASE can give the network security characteristics you expect from a centralized LAN to a fully remote fleet of devices communicating over the internet.
Palo Alto Networks, for example, has a SASE tool that can be accessed from a laundry list of locations to provide low-latency access to your cloud network. Using the cloud as your LAN provides a decentralized network structure, accessible over secure tunnels from anywhere in the world. Speaking of the Palo Alto tool, because they offer service endpoints in almost every region of cloud data centers, they show the true potential of a SASE product.
No matter the toolset you use, a SASE is a must for the modern network infrastructure. The way we think about networking is changing. There will always be data centers with switches and gateways, but they will live within the cloud, powering the cloud-centric infrastructure of tomorrow. Developing strategies for cloud LAN networking today will prepare you for success tomorrow.
Security while Remote
With all necessary technologies in place, a secure environment is never without its faults. A simple human error can be the downfall of an organization. Luckily, if we put safeguards in place to prevent this, our chances of this happening become lower. With a remotely operating user base, we dismantle the ‘hub’ of the ‘hub and spoke’ network model. We must build to sustain the future, and the future is remote. An always-on connection to your cloud network is a necessity for modern network implementations.
Without getting too far into the weeds on other topics, we should cover lightly the advancements in network technologies that allow us to work remote and create secure tunnels from remote locations without latency increase.
Modern home Wi-Fi technologies offered by most ISP’s have gained well-deserved criticism over the years. Lately, these devices have become better than ever, allowing for more reliable connections over a tunnel.
The introduction of SaaS applications hosted in cloud infrastructure allow your network to be local to the application you are running. In some cases, it may be faster to utilize an app over a tunnel into a cloud provider than it would be to access it over the public internet.
5G is here wether we like it or not, and a 5G connection allows for unmatched speed when in line-of-sight to an access point. This allows for new opportunities for the mobile worker, creating a consistent tunnel between mobile user and cloud wherever they are in the world, securing them at all times.
We must be prepared for the massive increase in remote work, mobile work, and work from home. The best way to prepare for this from a security perspective is to revamp the idea of your network. Broaden the concept of a network from a physical space to a virtual environment hosted in the cloud, and the possibilities will show themselves.
