With VPN and VDI too cost prohibitive, Secure Access Service Edge (pronounced ‘sassy’) may be the next big thing in teleworking.
In the ongoing coronavirus pandemic many companies are taking precautionary measures—including recommendations for certain staff to work remotely. While working from home can serve as an effective safety measure, it poses major challenges to the IT infrastructure of many companies, increasing network complexity and creating additional opportunities for cyberattacks. The use of Secure Access Service Edge (SASE, pronounced ‘sassy’), which includes protection of DNS services, can help mitigate security risks.
As the virus continues to spread across Asia, Europe, and North America, corporations are following suit and the likes of Google, Apple, Box, Facebook, Match Group, Amazon, Eli Lilly, Biogen and Takeda, and Twitter among others have advised employees to work from home if possible.
However, is this feasible at a major scale? And what challenges do companies encounter?
Advancements in technology in recent years have enabled telework, yet most companies, even technology giants, lack the digital infrastructure to enable this at a large scale. While most companies have policies, technology, and procedures in place to allow employees to work remotely, corporations normally anticipate only about 15% of employees connecting remotely at one time. As such, investment and deployment in virtual private network (VPN) and virtual desktop infrastructure (VDI) infrastructure is tailored and appropriate for this level, leaving many corporations vulnerable and ill-equipped to manage this new reality that requires dynamic access to network services for a larger number of employees.
Remote-working brings additional risks
The drastic shift to mass remote working brings additional security risks for companies. As devices are installed outside a company’s network infrastructure and then connected to new networks and WLAN, the potential attack surface for cybercriminals expands exponentially.
Bar a readily available vaccine, we are set to see the true litmus test for remote work. Corporations large and small will require a quick solution for a limited duration. While to many, VPN seems to be an appropriate solution, it is usually only dedicated to specific employees and is cost prohibitive and complex to implement globally, resulting in insufficient capacity.
For corporations lacking the infrastructure, time, and liquid capital to expand access to VPN, it will be critical (and highly cost-effective) to externalize this service, allowing for accessibility on-demand. A key component of this solution is enabled by SASE platforms , a set of services offered by internet service providers and telecommunications corporations to enable Network-as-a-Service (NaaS) to allow remote employees to connect coupled with Network Security-as-a-Service (NSaaS) offerings that include VPN, Firewall as-a-Service (FWaaS), domain name system (DNS) and Cloud Secure Web Gateways (SWG) to minimize vulnerabilities.
A central element of the SASE proposition is a secure and high-performance DNS service which protects apps, users and data against potential DNS attacks and ensures that business operations are not impacted—especially when most employees are connecting to the network remotely.
DNS should ideally be complemented by Edge Global Server Load Balancing (GSLB) distributing the load of network traffic for servers. For service deployment automation of a telco’s SASE infrastructure, DDI (the integration of DNS, Dynamic Host Configuration Protocol and IP Address Management) is fundamental, bringing the velocity required to scale easily and rapidly, aligned with market demand.
Taken together, these measures ensure that company networks are running smoothly—despite increasing network complexity in the new remote work reality that will define 2020 and perhaps beyond.