COVID-19 triggered what’s likely to be a permanent increase in work-from-home employees, so IT pros should start work on a better remote-access architecture, perhaps the secure access service edge (SASE). Credit: Riverbed-SDWAN The future of remote work has arrived. With the work-at-home mandates triggered by COVID-19 quarantines, businesses have adapted on-the-fly to create remote-networking environments that maintain corporate security. Largely, they have done so by expanding traditional remote access solutions including VPN infrastructure and services, virtual desktop infrastructure, secure Wi-Fi access points and even SD-WAN for home use. These traditional VPN-based solutions can have some significant disadvantages, including poor performance, security vulnerabilities and are not necessarily easy to use. So with the likelihood that work-at-home will become a permanent circumstance, IT departments need to look for a better long-term answer. Over the next two to four years, enterprises have the opportunity to strategically plan for a converged architecture that addresses both networking and security: the secure access service edge or SASE (pronounced “sassy”). SASE combines WAN capabilities with security, and delivers them via services based on identity, time, context, compliance with enterprise policies and risk assessment, according to Gartner, which created the term. Technology suppliers are moving rapidly to extending their network and security solutions from the data center and branch office to the remote office, and this could fit the SASE model. Work-at-home requirements Employees working out of their houses need access to any application, from any device, from any location and on any available network. They use critical applications such as VoIP, video and SaaS that require fast, low-latency connections, and the need for collaboration apps has blossomed. And because this access is deployed widely, the solution must be easy to install, simple to operate, flexible and cost effective. Work-at-home users must have direct internet access to cloud-based applications to overcome performance and latency issues with traditional remote access VPNs that route traffic from the user to the data center to the cloud, back to the data center and finally back to the user. Security for home workers must be based on identity, not location, and single-sign-on and identity-access technology can streamline the access process. Sensitive data should be encrypted on the end device and when in motion. User context is critical to understand what application is being accessed and where data is moving. Cloud-based security technology can provide malware protection, anti-phishing, and data-loss prevention. Centralized provisioning, management and intelligence troubleshooting is critical for IT staff to support remote users. That support is complicated by the broad number of devices, networks and applications employed at home. Regardless of the length of the current pandemic disruption, IT must plan for situations in which it will have to support a large distributed workforce. They should evaluate the pluses and minuses of their current solutions based on the following: Can the solution scale up and scale down? What is the level of protection against external threats and data loss, and how well does the solution integrate with existing security architecture? What is the performance of critical applications, and how can slowdowns be addressed? What percent of the time are applications and data unavailable? How much support does each remote user require? Including hardware, software and as a service solutions, what does the solution cost? Long-term migration to SASE The convergence of network and security with cloud-based intelligence within the SASE architecture dramatically expands the options for IT and security teams to support a distributed workforce. SASE acknowledges that enterprise use of cloud and SaaS have changed network traffic patterns that require fundamental changes to networking and security. It also notes that advances in both networking and security software, and cloud intelligence have enabled new solutions that are quick to deploy, scalable, flexible and simple to manage. In addition, edge computing and IoT applications require distributed, low-latency networking and security that are likely to be delivered in cloud-based as-a-service model. By combining on-premises and cloud-based services, SASE delivers a broad range of network and security functionality – including SD-WAN, routing, VPN, firewall, data-loss protection, identity, zero trust and software defined perimeter – in a unified model. The advantages of SASE can be applied to work-at-home solutions and thus integrated into an overall SASE-based network/security architecture. This will provide IT organizations significant benefits in terms of ease of deployment, centralized management, and uniform security and compliance. This integration of remote access into SASE architectures will take time due the complexity of the technology and the need to combine multiple solutions that are incompatible today. But meanwhile, it’s important to keep an eye on what the technology suppliers are doing toward that goal and to evaluate their individual strengths and weaknesses. Related content feature What is MPLS, and why isn't it dead yet? Multi-protocol label switching is reliable but expensive, leading enterprises to supplement it with cheaper and more flexible SD-WAN. By Josh Fruhlinger Apr 01, 2024 9 mins SD-WAN MPLS VPN opinion Network services in 2024: 3 off-the-wall ideas If not VPNs, then what? These three ideas for connectivity might change the network future by rethinking the traditional service provider concept. By Tom Nolle Dec 14, 2023 7 mins VPN Networking opinion Can enterprises trust the internet? Enterprises IT pros who trust the internet as an MPLS VPN alternative say MPLS is more reliable but the difference isn’t worth the cost. By Tom Nolle Oct 24, 2023 7 mins Internet VPN Networking news analysis Tailscale, Mullvad partner to deliver secure, private web browsing Mullvad’s privacy VPN capabilities coupled with Tailscale peer-to-peer mesh connections can provide secure internet browsing from any location while preserving user anonymity. By Denise Dubie Sep 26, 2023 3 mins Network Security VPN PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe