Eugenio Marongiu - Fotolia
How to secure remote access for the hybrid work model
With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access.
The hybrid work model looks to remain in place as more enterprises begin to coax employees back into the office. COVID-19 vaccinations are helping to fight the pandemic spread, while new cases are decreasing in several areas. With these transitions in motion, a solid and secure remote access strategy should continue to top the list of IT priorities, as many workers now expect the ability to do their jobs anywhere from the living room to the Starbucks parking lot.
To best secure the enterprise network, IT must think long term with investments in technology initiatives that include Secure Access Service Edge (SASE), zero-trust network architecture (ZTNA), SD-WAN and software-defined perimeters (SDP) as supplementary tools to support workforces in the present and protect them from future disruptions.
The overarching enterprise work style has undergone a permanent shift with the COVID-19 pandemic. "A lot of companies have decided to not bring their entire workforce back, and to reduce office space to some meeting space for people coming in occasionally," said Steve Garson, president and consultant at SD-WAN Experts. "They've discovered that people are very productive working from home."
While securing an enterprise network is more complex than ever before in this new era, analysts point out that the pandemic served to accelerate trends already in motion.
"For years, we have been thinking about IT pendulum swinging toward the distributed [workforce] model," said John Grady, senior analyst at Enterprise Strategy Group (ESG), a division of TechTarget. "The pandemic has accelerated the velocity of that. It's not only applications and IT gear that are becoming highly distributed -- it's the employees as well."
IT leaders need both visibility and observability -- the concept of knowing a system's internal state based off its external output -- to ensure secure remote access not possible within traditional secure perimeter security platforms. A more distributed workforce means a larger attack surface and more opportunities for hackers and cybercriminals to penetrate the network.
Future of the VPN
"VPNs represent significant liabilities, hamper productivity and introduce latency," said Anurag Kahol, CTO of Bitglass, a data and threat protection company in Campbell, Calif. "They can be difficult to scale and can grant excessive access to internal resources."
Analysts and IT leaders agree VPN technology can no longer support largely remote and hybrid workforces, but the transition away from VPNs will not be immediate. As with any legacy technology, a long-standing reliance on VPNs remains, and many of the potential replacement technologies do not support all the applications and protocols enterprises may need in place.
The pandemic also highlighted the shortcomings of VPN technology as more workers relied on it to access necessary company resources than ever before.
As a technology currently active and maintained at most enterprises, VPNs will likely continue to exist longer than they should, said John Burke, principal research analyst at Nemertes Research Group. "They will mostly be supplanted by cloud-based services over the next couple years. This past year gave VPNs a good hard push out of the door."
According to a recent Nemertes study, one company that replaced its VPN with SDP technology experienced a 75% reduction in user login time. Beyond that, the VPN went from being the top source of IT help desk tickets to vanishing from help desk queues completely.
Moving toward SASE
To take the place of perimeter-based security tools, enterprises are looking to cloud-based SASE frameworks to protect an increasingly disparate and cloud-based enterprise network. The ultimate goal of a SASE framework is to unify all networking and security tools into a single management dashboard to cut costs and increase agility. Grady emphasized IT leaders must think about their SASE strategy in conjunction with the remote access problem. With hybrid and remote work shifting more applications to the cloud, SASE is positioned as the top replacement option in securing remote access, he said.
John GradySenior analyst, ESG
According to Nemertes' Burke, "SASE is the most widely discussed option on the market for providing secured access and finer-grain control over what people can do once it's confirmed they are who they say they are and based on where they are."
As enterprises begin SASE implementations, SD-WAN technology also can serve as an important transition. Burke singled out performance degradation as one challenge workers returning to the office may experience; but, with SD-WAN in place, the traffic can run directly out of the branch rather than through a centralized data center before it reaches the worker, he said.
"SD-WAN is one more blip point for companies to move themselves toward SASE and makes it more attractive because most of those platforms have a remote worker functionality," said Garson of SD-WAN Experts.
Growing use of zero trust
Zero-trust strategies, which were already gaining traction pre-COVID-19, have seen an uptick as enterprises look to adopt the ZTNA framework to better address modern cybersecurity threats -- including identity- and credential-based attacks, as well as attackers gaining access through the cloud. Zero trust operates with the assumption that every user is a potential threat by default, requiring identity authentication throughout the network rather than just initial login. ESG's Grady foresees many organizations will increase their ZTNA spending even though the implementation process will be gradual.
From the enterprise IT perspective, zero trust makes oversight easier in this new heterogenous environment. Bitglass' Kahol is confident ZTNA will ultimately be the technology to replace the VPN.
ZTNA segments network access into smaller trust zones, so even if a hacker were to breach the network, their access would be quite limited, Kahol said. "A ZTNA solution offers the ease of deployment small businesses need, while also providing superior security and visibility across all corporate environments.
Gartner reported that by 2023, 60% of enterprises will phase out most of their remote access VPNs in favor of ZTNA, which provides granular, policy-based access.
The post-pandemic security roadmap
While security is always a main concern, analysts stress consistent performance has equal importance as IT departments strategize for the future.
The environment has become more complex, so it's about how to make it more efficient, Grady said. "From a user perspective, it is essential that IT break down the boundaries between what workers can do at home versus at the office. It should be a seamless experience regardless of location."
A secure remote access strategy will remain an ongoing initiative regardless of how enterprises choose to operate in the post-pandemic world: fully remote, all on site or a hybrid approach.
But the right technology is just one piece of the secure remote access puzzle. "The biggest challenge we face in the year ahead is scale," said Marshall Frost, vice president of corporate systems at Avita Pharmacy in Attleboro, Mass. "Honestly, our challenge has not been technology -- it's been making sure we have things in place that we can quickly scale all over the country."
With businesses beginning to transition back to some pre-pandemic normalcy, they must remember that light at the end of the pandemic tunnel doesn't mean another seismic event can't strike in the future to disrupt day-to-day work life.
Bob Laliberte, senior analyst at ESG, points out that IT departments across the world achieved a remarkable feat to orchestrate a massive transformation to a fully remote workforce in what was originally intended to be an interim 90-day period. "Companies are asking themselves how they can use this new technology better and prepare themselves so that next time, it's not a scramble at all."