Hybrid workforce model requires long-term safety roadmap
Business leaders looking for advice on how to best manage a hybrid workforce model from a security perspective often find themselves with more questions than answers. I spoke to Abe Ankumah of VMware, Senior Director of Product Marketing and Partnerships, about how companies might want to redesign their infrastructures to best secure and support the hybrid workforce of the future.
Hybrid access to the workforce to become permanent
As pandemic restrictions continue to ease and companies plan their strategies in a post-COVID-19 world, it seems increasingly likely that one major business change that has occurred over the past 18 months will remain: flexible work environments.
Surprising to some, many companies have seen productivity gains throughout 2020 and attribute them to employees working from home or in a hybrid work model. Additionally, companies are beginning to realize the benefits in terms of lower electricity costs and building maintenance, as well as the opportunity to access new pools of talented employees who may not want to come to the office. five days a week.
If a hybrid workforce model is to become a permanent fixture, it is important to assess the remote workforce technologies to ensure that employees can work efficiently and with consistent safety and performance, regardless of their physical location. Remote access VPN, for example, is a technology that many companies relied on during the pandemic. Yet VPN may not be the ideal remote workforce connectivity strategy from a long-term perspective.
“Due to COVID-19, IT departments have had to scramble to support a massive proportion of employees in a work-from-home setting,” Ankumah said. “Scaling the existing remote access VPN technologies was the most practical stopgap option at the time. However, VPNs were never designed to work on this scale, which ultimately created unintended security consequences. “
In many situations, once a user successfully authenticates and an encrypted tunnel is established between the end user and the corporate network, the user gains full and unimpeded access to the whole. of the corporate network. This creates a major target for bad actors and nation states to attack various vulnerabilities in legacy VPN devices, added Ankumah, which easily spreads malware using unrestricted VPN sessions as a conduit. This is why so many companies are looking for other remote access methods, such as zero trust network access (ZTNA), which alleviate many VPN scalability, performance, and security issues.
Hybrid workforce goals require new security architecture strategies
If companies anticipate the need to support hybrid workforce models in the future, traditional access and security tool deployments will likely need to change.
“At VMware, we think of the approach to security and feature placement in very simple terms,” Ankumah said. “The goal of a business should be to centralize security and processes when they can and distribute them when they have to.”
Abe ankumahSenior Director of Product Marketing and Partnerships, VMware
This philosophy is driven by how VMware sees businesses and employees consuming applications, in addition to the geographic location of users, he said. In a rapidly developing business world where users are distributed and applications no longer reside completely within the confines of the corporate data center, traditional perimeter-based security architectures are rarely the best option. Instead, the security deployment should move to where it is closest to the end user, Ankumah added.
Secure Access Service Edge (SASE) is an architecture option that achieves this goal. By decoupling security tools and processes from hardware located in the corporate network and distributing these services across multiple points of presence using advanced computing technologies, administrators have full control to scale and move security functions with unprecedented flexibility. As a result, end users can access applications, data, and digital assets with the same performance and the same unified security policy, regardless of their location. In addition, tool and security policy control remains centralized within the SASE deployment model, while only the security functions themselves are distributed.
According to Ankumah, companies are also going through a significant paradigm shift when it comes to how IT supports remote employees, both from a performance / resiliency and data security perspective.
“While network and security administrators have long supported and secured traditional branch offices, a single employee working from home should now be considered a ‘branch to one,’ Ankumah said.
This means that the same capabilities found in traditional branch offices can and should be reflected in the home office. In some cases this may include dual ISP connections for network redundancy, Software-defined WAN (SD-WAN) to improve application performance and use of AI-based security visibility tools in the form of Endpoint Discovery and Response (EDR) platforms, a- he added.
Putting the hybrid workforce puzzle together
There’s a reason network and security technologies including SASE, ZTNA, SD-WAN, and EDR are so popular these days. IT decision makers conclude that the the hybrid workforce is here to stay, and they are looking for ways to better support and secure these employees as effectively as possible. It is important not to realize any single technology or tool that will solve all the problems.
A holistic approach needs to be taken to address redundancy, QoS, authentication, access and data security for “one-branch branches,” Ankumah said.
“At the start of the pandemic, companies just weren’t prepared for this type of scenario. But, now that the dust has settled, it seems increasingly likely that the hybrid workforce is here to stay. “, did he declare.
Ankumah added that it is time to develop a technology roadmap using all the necessary models and methodologies that will improve end-user performance, security and remote user manageability, now and in the future.