The COVID-19 pandemic and the resulting shift to remote work demonstrated the shortcomings of many organizations’ existing network infrastructures. Solutions designed and developed for a mostly on-site workforce failed to meet the needs of employees working from outside of the office.

Legacy Network Architectures Cannot Support Post-COVID Telework

As companies consider permanently supporting telework programs, a network upgrade is required. Deploying modern network optimization solutions can enable organizations to empower their remote workforces without sacrificing network visibility and security.

Table of Contents

Most Employees Expect to Continue Working Remotely

The COVID-19 pandemic forced many organizations to rapidly switch to a mostly or wholly remote workforce. In order to continue operations while following quarantine and shelter in place guidance, these organizations have allowed employees to work from home for months, and many expect to continue to do so until the end of the pandemic.

While COVID-19 will not last forever, many businesses have acknowledged the benefits of allowing employees to work from home at least part-time. In fact, 80% of full-time workers expect to work from home at least three days a week once COVID-19 restrictions are no longer in place.

Traditional Network Infrastructures are Ill-Suited for Telework

During the COVID-19 pandemic, many organizations were willing to accept some level of degraded network performance and security. With no time to prepare, companies needed to work with the solutions that they already had in place.

However, the widespread telework forced by COVID-19 demonstrated that legacy remote access solutions, like virtual private networks (VPNs), were ill-suited for a mostly or wholly remote workforce. VPNs scale poorly and are typically designed to support occasional, short-term use by a fraction of the workforce, not daily-full time usage. The gulf between network design and COVID reality meant that many employees were struggling to work with overloaded networks.

The solutions to these issues created their own problems. A common suggestion was the use of split-tunnel VPNs, where some fraction of an employee’s network traffic is routed directly to its destination (typically the public Internet or cloud services). However, this deprives this traffic of the protection of the corporate security deployment, increasing the probability of malware infections and other cyberattacks. A remote worker’s compromised machine could then be used as a stepping stone to attack the corporate network via their VPN connection.

Supporting Remote Work Requires a New Security Model

Even if VPNs were capable of scaling to meet the needs of companies’ remote workforces, they are still an inefficient solution for network routing and security. VPNs are designed to be point-to-point solutions and are commonly used to route a remote worker’s traffic to the enterprise network, from which it can be sent on to its destination.

However, the growing use of cloud infrastructure means that a significant portion of employees’ traffic is destined for locations outside the corporate network. Routing this traffic through the enterprise network for security inspection is inefficient and creates network latency and additional load on the corporate network. This additional latency can render some Software as a Service (SaaS) applications unusable and decreases employee productivity.

A modern corporate WAN, designed for the post-COVID world, needs to acknowledge that a significant percentage of business traffic does not need to pass through the enterprise network. Companies require network infrastructure that is designed and optimized to route traffic efficiently to its destination without compromising enterprise security or network visibility.

Secure SD-WAN Offers Optimized Networking and Security

Software-defined WAN (SD-WAN) is the first piece to achieving this goal. SD-WAN appliances are designed to create a web of connections between an organization’s distributed network resources. SD-WAN optimizes traffic routing across the network of SD-WAN appliances, so all traffic can go to its destination by the quickest possible route.

Secure SD-WAN solutions integrate a full security stack into each SD-WAN appliance. This allows all traffic to undergo content inspection and security policy enforcement at its origin, rather than being diverted through the enterprise network. This reduces the load on the enterprise network and decreases network latency without sacrificing enterprise security or traffic visibility.

SASE Extends Network Optimization to Remote Workers

Secure SD-WAN is an effective network optimization and security solution. However, it has one major limitation: its capabilities are limited by the footprint of the network of SD-WAN appliances. If an organization can only deploy SD-WAN appliances where it has physical sites, traffic from remote workers or cloud infrastructure may be required to make a significant detour on its way to and from the nearest SD-WAN appliances to its source and destination.

Secure Access Service Edge (SASE) solves this problem by relocating Secure SD-WAN appliances to the cloud. This enables them to be deployed close to common destinations (like cloud infrastructure) and geographically dispersed (to minimize latency for remote workers). A corporate WAN based upon SASE provides high network performance and security for the modern enterprise supporting a remote workforce.