This article provides guidance to organizations seeking to modernize their remote access solutions, drawing from insights shared in the Gartner report ‘Solving the Challenges of Modern Remote Access’
Remote access is one of the hottest topics in IT and security right now – a dramatic turnaround from this time last year. Gradual shifts to the cloud have created a lot of momentum around categories such as CASB and IAM, and more recently SDP and ZTNA. This trend has been accelerated by the events of 2020, and as we approach the second half of the year a large number of organizations are reevaluating their remote access strategies. The question facing a lot of I&O leaders is relatively simple, yet can be extremely challenging for some (especially those that have had the same legacy VPN for years): where do we start?
Start at … the start
It may be tempting to race to the purchase decision itself, scoping out the websites of different vendors and researching the various options available on the market. The biggest risk here is that organizations get distracted by the features and perceived benefits of a solution without truly understanding what they needed in the first place. This will often lead to poor performance and even potential security risks – a viewpoint shared in Solving the Challenges of Modern Remote Access, published by Gartner in April 2020 and authored by Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne.
There are four key areas that I&O leaders should closely examine before starting the process of vendor evaluation. By scoping out these requirements, a better foundation can be created for determining where to look for a solution. The guidance from Gartner includes a decision tree for following this framework, once requirements have been gathered.
“Once use cases are determined based on the four variables, users can be put into different service offerings such as cloud-only, remote user or highly regulated and secure. IT can then build the appropriate technology required to meet these use cases.“Solving the Challenges of Modern Remote Access, Gartner 2020 (Rob Smith, Steve Riley, Nathan Hill and Jeremy D’Hoinne.)
Requirement one: users
It may seem obvious, but spending time considering the various users that may need to use the remote access solution. A law firm, for example, has a wide variety of user types, from partners to backroom staff. Organizations should carefully map out the different use-cases that each user type may have. Many will have much more intense day-to-day needs than other employees. Ask how these varying functions may impact bandwidth demands, for example.
Requirement two: devices
The proliferation of devices has been well documented. The average American is expected to have over 13 network-connected devices by the end of next year – a trend mirrored by shifts inside businesses too. IT teams should inventory every device type being used by remote workers, as well as the OS each one may be running. Even if 90% of devices are Windows, it’s important to remember that the exceptions can be the downfall of any investment. It’s also worth thinking about how the blend might change in years to come. No iOS or MacOS devices today doesn’t mean the organization will never need to support them in the future. Finally, the ownership model must be taken into account. BYOD strategies are significantly more difficult to secure and manage than corporate-owned models, influencing how and when you might wish to implement novel remote access technologies.
Requirement thee: resources
Perhaps the most crucial of all the requirement gathering categories. It’s absolutely essential to identify which applications and data users will be using. Again, these may change over time. The overwhelming majority of organizations have at least one on-premise application, but almost all are in the gradual process of migrating to the cloud – either consuming as a service or in private infrastructures such as Azure or AWS. Understanding exactly which resources need to be used and how they are hosted is a crucial step to take before selecting a remote access solution.
Requirement four: location
Requirement four: location
Employees are more dispersed than they’ve ever been before. Workers operate in the field, such as in airports or hotels, on client sites or – increasingly – in their own homes. They’re also progressively mobile, meaning locations may change frequently (even over international borders). Identifying these geographical locations in which workers get their jobs done is fundamental in designing the scope for a new remote access product.
After gathering requirements, the next recommended stage is to begin stress-testing potential tools and their ability to scale and handle fluctuations in capacity. This is another topic detailed in the full research.
Over the near-term, the majority of SDP deployments will co-exist with VPN to provide end to end access security.Quadrant Knowledge Solutions Market Insights: Software Defined Perimeter (SDP) for Zero Trust Network Security, 2020
Ultimately, as organizations navigate the new normal and the wild growth in remote working, it is obvious that a modernization in remote access technologies will be necessary at some point. The vast majority of enterprises will likely find themselves in a transition period for several years as they plot the journey from a primarily desktop, on-premise world to a largely mobile, cloud one. I&O leaders must select remote access software that accommodates this shift, providing an elegant means to continue using the tools that provide value today (eg VPN) while also embracing the critical solutions of tomorrow (eg ZTNA). NetMotion is the only major ZTNA vendor to also include a VPN as part of the same platform, granting organizations with exactly that.