A Modern Approach to Enterprise Remote AccessAugust 23, 2020
Remote work has become the new normal as a result of the COVID-19 pandemic, and according to a survey by collaboration software provider Slack, most knowledge workers believe remote-work-friendly policies will continue after the pandemic as well.
At the same time this unprecedented shift to remote work is occurring, businesses are realizing traditional enterprise remote access solutions, like Internet-based VPN, often aren’t capable of addressing all the needs of large-scale work from home. As a result, user experience and productivity can suffer. That’s why many enterprises are turning to more modern and scalable remote access solutions like SDP (software-defined perimeter) and SASE (Secure Access Service Edge) that can deliver enterprise-grade performance and security at scale.
But what exactly do enterprises need from a remote access solution and why are SDP solutions capable of meeting those needs better than traditional solutions? Let’s take a look.
What businesses need from enterprise remote access solutions
To remain productive when working from home, employees need access to the same data and applications they used in the office. Additionally, the importance of collaboration tools like Slack and Microsoft Teams increases dramatically. Enterprise IT needs to provide access to these resources, which are often scattered across the public cloud and corporate datacenters, in a way that allows employees to remain productive without sacrificing security.
Therefore, enterprise remote access solutions need to:
- Deliver high quality user experience. When everyone is working from home, there is a direct relationship between network connectivity and productivity. If a user cannot attend a teleconference due to latency or business applications become unusable or inaccessible, productivity comes to a screeching halt. Simply put, the network cannot become a productivity bottleneck.
- Provide predictable and reliable performance. Predictable and reliable performance go hand-in-hand with user experience. Latency, packet loss, and network outages can all wreak havoc on remote workforce. This means enterprises need enterprise remote access solutions that are both reliable and fault tolerant.
- Provide enterprise-grade security. Remote work makes it even harder to address the challenges of enterprise network security. Endpoints are now effectively deployed at every employees’ home, expanding attack surfaces and adding to the risk posed by phishing attacks and malware. As a result, enterprises need remote access solutions that can enforce granular security policies, rapidly detect and mitigate threats, and reduce lateral movement in the event a breach occurs.
- Scale easily. Capacity constraints and network complexity can become major bottlenecks as a remote workforce scales. Enterprise remote access solutions need to be able to scale easily without adding significant complexity to the network.
The problems with traditional enterprise remote access solutions
Point solutions like Internet-based VPN aren’t entirely without a use case. For small-scale and affordable connectivity between a few sites, a point solution may be the right answer. However, the continuous use and scale of organization-wide work from home isn’t a use case that traditional point solutions can effectively address. Issues that enterprises using these solutions to enable large-scale remote work have encountered include:
- Latency and poor user experience. VPN servers have a limited amount of capacity, as more users connect, the server can become overworked and performance degradation occurs. As a result, user experience suffers.
- Unreliable performance. Point solutions that depend on the Internet are also subject to all the problems with Internet routing. When an enterprise remote access solution is entirely dependent on the Internet, that means unpredictable performance can become the norm.
- Lack of granular security controls. Generally, point solutions restrict access at the network-level. Once a user authenticates, they have network access to everything on the same subnet. This lack of granular security and visibility creates a significant risk and leaves gaps in network visibility.
- Difficult to scale. The client/server architecture of point solutions simply isn’t scalable. To increase capacity for a network based on point solutions, IT needs to either deploy new appliances or upgrade existing ones. Further, addressing security and performance optimization challenges requires additional appliances to be deployed and integrated, which increases network complexity.
How SDP and SASE solves these issues
SDP, also known as ZTNA (Zero Trust Network Access), is a software-defined approach to application access. It is based on three core functionalities:
- Strong user authentication
- Application-level access based on user profiles
- Continuous risk assessment during sessions
This software-defined approach that enables delivers application-level security policies helps to address several of the security and scalability challenges enterprises face. While SDP alone is useful, when it is when used as a part of a broader SASE platform that enterprises derive the most value from an optimized and secure remote access solution.
SASE includes WAN optimizations and network security functions like NGFW (next-generation firewall), and IPS (intrusion prevention system) that help eliminate the need for complex deployments with multiple appliances while improving security and performance. Further, because SASE is cloud-based, enterprises benefit from the hyper-scalability of the cloud in their remote access solution.
For example, businesses that use Cato’s SASE platform benefit from an enterprise remote access solution that:
- Optimizes performance for all applications and improves user experience. Traffic is optimally routed over a global private backbone that eliminates the performance issues of VPN servers that depend on the Internet. Additionally, WAN optimizations increase throughput for use cases like video conferences and sharing large files. Further, with client-based or clientless access options and integrations for authentication services like Azure Active Directory, users benefit from a simple and secure SSO (single-sign-on) experience with MFA (multifactor authentication).
- Provides predictable performance and a 99.999% uptime SLA. Cato’s network backbone consists of over 50 PoPs (points of presence) across the globe and is backed by a 99.999% uptime SLA. This gives enterprises a level of performance reliability and fault tolerance point solutions cannot.
- Enforces granular security policies and continuously monitors for threats – SDP coupled with NGFW, IPS, and threat detection deliver enterprise-grade security in a single, easy-to-manage platform.
- Brings the scalability of the cloud to remote access. The cloud approach of SASE delivers scalability point solutions simply cannot match. The underlying appliances and infrastructure are abstracted away from the enterprise, reducing complexity and allowing IT to focus on core business functions.
Interested in learning more about SDP, SASE, and enterprise remote access solutions?
As we have seen, SDP and SASE provide a modern approach to enterprise remote access and enable digital businesses to effectively support large scale remote work. If you’d like to learn more about SDP, SASE, or enterprise remote access solutions, contact us today or download this Work from Anywhere for Everyone eBook. If you’d like to see the world’s first SASE platform in action, we invite you to sign up for a demo.