As IT teams struggle to cope with the network and security needs of hyper-mobile employees, secure remote access tools provide an alternative to legacy technologies.
It seems that there are no longer any right or wrong places to get work done. With the pandemic forcing people to work from home for more than a year, our offices and cubicles and shared meeting spaces may seem like a distant memory. Today we work from our kitchen tables, our bedrooms, our home offices and our living rooms. But as restrictions ease and IT teams cope with another huge shift in employee mobility, what’s next for secure remote access?
As these organizations consider how and when to bring employees back to the office safely – or whether to bring them back at all – there’s a lot to consider from technology and enablement vantage points. Many of these organizations are re-evaluating their technology stack to see what holes they may have in security or usability, but understanding what employees deal with when working remote is another critical factor.
IDC’s Phil Hochmuth, the Program Vice President for Enterprise Mobility had some thoughts about this very issue, which he shared during a webinar session with NetMotion’s VP of worldwide sales engineering and alliances, Jay Klauser, and NetMotion CMO, Joel Windels.
“The two biggest challenges are creating flexibility in the work environment, which is not just how you work with your computer and your desktop and your phone, but the infrastructure environment that you’re surrounded by when a lot of the technology… was really built for infrastructure from 10 years ago. The second issue is around trust. How do you apply trust to technologies that may be owned or not owned by the organization, and how do you allow people to be productive in environments that you may not have control over from a security standpoint?”Phil Hochmuth, Program Vice President, Enterprise Mobility, IDC
A fractured landscape presents security risks
As the pandemic spread, enterprises adapted in the short-term by increasing their use of VPNs and remote network access solutions. This knee-jerk reaction was natural, particularly given the lack of information we had about how long restrictions would be in place. But as these same organizations now start to bring employees back, IDC’s research shows that there is very little consensus about what the ‘return to work’ landscape should look like.
Some employers are trying to bring workers back en masse, while others have announced that workers will stay exclusively remote. Many fall somewhere in the middle, with employees likely to go back-and-forth between the office and their home office for several days per week.
This change presents a genuine challenge from a security perspective, with all of these different, moving environments.
“We’re shifting the targets in terms of where people are working, how they’re trying to be productive from all these different environments. It’s really challenging to a lot of enterprise IT folks, as the solutions they put in place aren’t going to match this new model of working.”Phil Hochmuth, Program Vice President, Enterprise Mobility, IDC
Hochmuth continues, saying “We’re seeing escalating issues around attacks and cyber threats that start with end users as the targets. Attackers go after people that might be insecure or lacking certain credentials or having not having the ability to protect what they’re doing. So, phishing malicious applications, bad Wi-Fi connections, people working from home having their Wi-Fi compromised.”
“All these are things that people are seeing, not just once in a while, but frequent or daily incidents that organizations are seeing happening among their workforce. Over 40 percent of organizations are seeing daily, frequent challenges around staying compliant or keeping data safe and keeping data from leaking in these new types of hybrid and remote workforce environments.”
The role of Zero Trust in a world without perimeters
Because the ‘perimeter’ of the office is no longer important, new technologies are stepping in to take the place of legacy solutions. For that reason, zero trust and software defined perimeter (SDP) solutions are high on many organizations’ roadmap wish lists. Taking it a step further, organizations may choose to look at solutions built on a SASE framework that may take years to fully implement.
In the meantime, IT teams should do their own due diligence by asking important questions such as, what is their risk profile, and will these solutions actually help reduce risk? Where should they invest in order to get the most benefits and the best ROI? And, after all of that, how do they measure the success of their deployment?
Software defined perimeters are a new model for access management. SDP allows IT teams to protect devices and assets by creating secure, granular access controls that take advantage of a VPN for authentication. Ultimately, this gives end users a more unified experience where they can switch between applications inside and outside their environment without worrying whether they are behind a firewall or part of a cloud application.
What we’ve learned about ourselves
Going into the work from home shift, there was trepidation on the part of the employees and their employers. The big question was whether employees could still be effective while being so distributed. What we all discovered was that employees basically all want to get their job done and be productive. But that also has some inherent risks.
“There were a lot of first-time remote workers who did what they had to do. They took out the old tablets maybe in a drawer, setup webcams on mobile devices, they found an old Windows XP laptop that they used for email… We had some really interesting activity going on in terms of the types of IPs and new devices that were hitting the network.”Phil Hochmuth, Program Vice President, Enterprise Mobility, IDC
“The positive takeaway,” Hochmuth continued, “is that people want to be productive and will do that by any means necessary, even using personal communications tools, setting up Zoom accounts on credit cards. It was a story of bringing consumer technologies and experiences into the workplace. All of a sudden the shackles came off in terms of being able to bring that into the workplace.”
Start with low-hanging fruit
The return to work is going to be messy for a while, but implementing a secure and easy-to-manage zero trust or SDP framework will at least simplify the journey. Jay Klauser, VP of Worldwide Sales Engineering and Alliances at NetMotion had some advice for where to begin that journey:
“Start with the low-hanging fruit. Look across the environment and focus in on one or two use-cases. It may seem experimental, but just get your feet wet. By starting with use-cases that can easily be implemented and measured, you’ll have a good baseline for what to expect. It may be tempting to take on a big project, but a lot of organizations try to bite off too much and never get anywhere. If you can get a quick win – like enabling traffic splitting, for example – then you’ll be on your way to a successful implementation.”
To watch the full panel discussion with IDC on the evolution of secure remote access, check out the webinar here.
Download the IDC Technology Spotlight, “The Evolution of the Software-Defined Perimeter for Mobile Remote Access.”