Remote Access: Network Architecture & Security Considerations

4 Min read

The global pandemic spurred a massive work-from-home (WFH) wave quite literally overnight. Hundreds of millions of people worldwide were told to stay home to stay safe, but they needed to keep working as best as possible. Enterprises responded to this sudden need for extensive remote network access by focusing on getting people connected—but connectivity often came at the expense of security.

As WFH (or telework) becomes a long-term model for many organizations, it’s time to rethink the remote access network architecture with security as a priority, not just a “nice to have” consideration. Zero Trust Network Access (ZTNA) must be part of the long-term solution, and Secure Access Service Edge (SASE) can deliver ZTNA with ease.

Reduce your AWS costs by over 50%

Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.

Reduce your AWS costs 
by over 50%

Long-term Telework Is Becoming the Norm

The pandemic forced people out of their office and onto the dining room table with barely any notice to the IT teams who had to enable and support remote access. The immediate priority was to give people access to their work environment by any means available so they could maintain productivity. VPNs were the connectivity solution of choice for most harried IT teams.

A year into the pandemic, many workers are still connecting to corporate resources from remote locations. What’s more, several large organizations have announced that WFH will be a permanent option for employees at least some of the time. Capital One, Facebook, Amazon, Gartner, Mastercard, Microsoft, Salesforce, PayPal, Siemens—these are just some of the companies that have adopted long-term remote work as the norm.

VPNs are Giving Way to Zero Trust Security

While VPNs provide traffic encryption and user authentication, they still present a security risk because they grant access to the entire network without the option of controlling granular user access to specific resources. There is no scrutiny of the security posture of the connecting device, which could allow malware to enter the network. To maintain proper security, traffic must be routed through a security stack at the VPN’s terminus on the network. In addition to inefficient routing and increased network latency, this can result in having to purchase, deploy, monitor, and maintain security stacks at multiple sites to decentralize the security load. Simply put, VPNs are a challenge – an expensive one at that – when it comes to remote access security.

Enterprises are turning to a much more secure user access model known as Zero Trust Network Access (ZTNA). The premise of ZTNA is simple: deny everyone and everything access to a resource unless it is explicitly allowed. This approach enables tighter overall network security and micro-segmentation that can limit lateral movement in the event a breach occurs.

The main advantage of ZTNA is its granular control over who gains and maintains network access, to which specific resources, and from which end user devices. Access is granted on a least-privilege basis according to security policies.

But Zero Trust is only one part of a remote access solution. There are performance and ongoing security issues that aren’t addressed by ZTNA standalone offerings. For example, all traffic still needs to undergo security inspection en route to its destination. This is where having ZTNA fully integrated into a SASE solution is most beneficial.

SASE is a Secure Remote Access Solution Designed for the Modern Enterprise

SASE converges Zero Trust Network Access, NextGen firewall (NGFW), and other security services along with network services such as SD-WAN, WAN optimization, and bandwidth aggregation into a cloud-native platform. Enterprises that leverage a SASE networking architecture receive the benefits of ZTNA, plus a full suite of converged network and security solutions that is both simple to manage and highly-scalable. SASE provides all this in a cloud-native platform.

A key component of SASE is a series of global Points of Presence (PoPs) located in virtually every region of the world. These PoPs house integrated security stacks comprised of Next-generation firewalls, secure web gateways, anti-malware, intrusion prevention systems, and of course, the ZTNA technologies.

The PoPs are where all traffic from an organization’s corporate offices, branch offices, and remote and mobile users connect to their network. Thus, security is conveniently applied to all traffic at the PoP before going to its final destination—whether it’s to another branch, remote user, SaaS application, cloud platform, or the Internet.

The PoPs themselves are interconnected by a private, high performance network. This network utilizes routing algorithms that factor in latency, packet loss, and jitter to get traffic to and from its destination optimally, favoring performance over the cost of transmission. To further enhance security, the connections between PoPs are completely encrypted.

SASE Simplifies Secure Remote Access for WFH

What does this mean for the remote access worker? SASE makes it very quick and easy to give optimized and highly secure access to any and all workers. For users in the office, access can be limited only to designated resources, complying with zero-trust principles.

For remote and mobile users, SASE provides the flexibility to choose how best to securely connect them to resources and applications. SASE Client is a lightweight application that can be set up in minutes and which automatically connects the remote user to the SASE Cloud. Clientless access allows optimized and secure access to select applications through a browser. Users simply navigate to an application portal, which is globally available from all PoPs, authenticates with the configured SSO, and are instantly presented with a portal of their approved applications. Both client-based and clientless approaches also use comply ZTNA to secure access to specific network resources.

Contact us to upgrade your MPLS / SD WAN to a secure, cost-effective SASE.

Originally published by Cato Networks.

Latest Articles

On-Demand Webinar: CISO’s Roadmap to Cloud Security Excellence

Today’s CISOs face a daunting array of security threats. From ransomware and cloud misconfigurations to zero-day exploits and code vulnerabilities, the stakes have never been higher. Join our cloud security expert engineers for an enlightening webinar that delves deep into the state of cloud security in 2023. Learn about the best tools and practices that […]

18th June, 2023
The fastest Zero Trust browsing & app access service

Welcome to our Solution Brief on Zero Trust, the future of cybersecurity. Our expert team at GlobalDots has prepared this to help you understand the key components of Zero Trust, and its role in securing modern business applications and data. Our Zero Trust solution covers all the critical components of ZTNA, including VPN replacement and […]

9th March, 2023
Remote work & WFH Policies: FAQs Answered

We were recently approached by the press to provide some policy guidelines for companies adopting the hybrid or 100%-remote model. Truth be told, GlobalDots’ legacy of remote work dates back to the surge of Skype. Yes, we’ve been working remotely for quite a while, so for us, the Pandemic didn’t change much. Reduce your AWS […]

Manuel Reischl Head of Customer IT Support @ GlobalDots
20th April, 2022
How to Keep Hackers Out of Your Distributed Environment

New normal, new challenges One of the outcomes of COVID-19 has been our newfound openness to remote work. According to a recent PwC survey, 41% of workers would now prefer their workdays to be fully remote, compared with 29% in January 2021, signaling the desire to work remotely is only ramping up. For cybersecurity teams, this new reality brings […]

Manuel Reischl Head of Customer IT Support @ GlobalDots
19th December, 2021

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential