Over the past several years, technology has advanced significantly. Even a few years ago, having a mostly or wholly remote workforce, as many organizations had to switch to as a result of COVID-19, likely would not have been possible for many companies.
The technology required to maintain “business as usual” while most workers were off-site was either unavailable or not deployed by many organizations.
The success of organizations rapidly transitioning over to telework in response to COVID-19 demonstrates that technological advances have made remote work possible at scale. However, while technology has evolved, so has the modern enterprise network.
As a result, organizations relying upon traditional solutions to secure teleworkers, such as virtual private networks (VPNs) have experienced significant issues in scaling their infrastructure to meet the needs of their remote workforce.
The COVID-19 pandemic has demonstrated a number of ways in which organizations should update their business continuity strategies to address previously overlooked contingencies. An important component of this is evaluating the potential of VPN alternatives to provide secure, scalable connectivity for remote workers.
The Evolution of the Enterprise Network
In the past, the majority of an organization’s resources were located on the corporate network. Organizations maintained an array of servers, file shares, and applications that employees used as part of their daily business.
This is still true for some organizations, and many companies maintain some of their network infrastructure on-site.
However, the vast majority of organizations have migrated some or all of their network infrastructure to the cloud. In fact, 94% of organizations are using a public cloud, a private cloud, or both.
This evolution of the enterprise WAN dramatically changes how employees interact with the company network. In the past, the majority of business traffic had at least one endpoint within the corporate network.
Now, with remote work and increased cloud adoption, business traffic may originate from employees working from outside of the enterprise network and be destined for servers on the company’s cloud infrastructure.
Challenges with Network Visibility
This evolution of the enterprise network and how it is used, especially by remote workers, creates security and infrastructure challenges for an organization.
Many organizations desire complete visibility into business traffic in order to detect and block inbound malicious content or outbound data exfiltration.
A common approach to this challenge is to require teleworkers to use a corporate VPN at all times. This ensures that all business traffic is routed through the company network, where it can be scanned before being sent on to its destination.
For traffic intended for the corporate network, such as connections to internal file shares or email servers, this approach makes perfect sense. However, for traffic bound for cloud-based resources, this creates significant network latency.
Additionally, the load on the corporate network’s perimeter firewalls and network connection, which must process every packet both on its way in from its source and on its way out to its destination, can be significant and create performance issues.
Split Tunnel VPNs Are an Imperfect Solution
During the COVID-19 pandemic, many organizations experienced significant load and degraded performance on their perimeter firewalls.
This was caused by the fact that many organizations had the infrastructure necessary to support simultaneous VPN connections from 20-30% of their workforce but had upwards of 90% attempting to connect during business hours.
Guidance from providers of cloud-based software, such as Microsoft, was to enable split-tunnel VPN support for their applications.
With this model, an organization would route all traffic intended for their internal network over their VPN connection while any traffic intended for the public Internet or, more restrictively, for a trusted service like Office 365 went directly to its destination.
However, this approach to scaling an organization’s telework infrastructure has its problems. For one, configuration can be complex if an organization is not willing to allow all Internet-bound traffic to continue to its destination without security scanning (opening the teleworker up to potential attack).
To do so, an organization must specify the IP addresses of trusted destinations, which could be numerous and dynamic.
Additionally, enabling split tunneling for remote workers degrades an organization’s visibility into business traffic. Unless traffic is intended for a cloud resource under the organization’s control and with its own security solutions installed, the organization loses visibility into it with split-tunnel support.
Secure Telework with Modern WAN Solutions
The evolution of the corporate network and the need to include scalable telework as part of business continuity strategies (as demonstrated by COVID-19) have shown that VPN solutions are not up to the task of supporting a fully remote workforce.
The modifications required to enable VPNs to scale, such as split-tunnel support, can compromise the security of the teleworker and an organization’s visibility into business traffic.
As organizations adapt their business continuity plans to cover situations such as COVID-19, which require a fully remote workforce, considering alternatives to VPNs for a corporate WAN is important.
Supporting “business as usual” for a fully remote workforce and for an extended period of time requires a solution that scales with the needs of the enterprise and does not compromise visibility or security.
Modern WAN solutions, such as software-defined WAN (SD-WAN) and secure access service edge (SASE) are designed to secure and connect a distributed enterprise.
By moving security to the network edge, where an increasing percentage of users and endpoints are located, these solutions enable full visibility and security for business traffic, regardless of its source and destination.