By Jean-Yves Bisiaux, CTO and co-founder of EfficientIP
In an attempt to slow down the spread of COVID-19, many companies are announcing precautionary measures – often including recommendations to work remotely. While working from home can serve as an effective safety measure, it poses major challenges to the IT infrastructure of many companies, increasing network complexity and creating additional opportunities for cyberattacks. The use of SASE (Secure Access Service Edge), which includes protection of DNS services, can help mitigate security risks.
Last week, the Italian Government announced extraordinary measures to keep the spread of Coronavirus at bay, declaring the entire country a “red zone” and asking citizens to stay home except for work and emergencies. As the virus continues to spread across Asia, Europe, and North America, corporations followed suit and the likes of Google, Apple, Box, Facebook, Match Group, Amazon, Eli Lilly, Biogen and Takeda, and Twitter among others have advised employees to work from home if possible.
However, is this feasible at a major scale? And what challenges do companies encounter?
Advancements in technology in recent years have enabled telework, yet most companies, even technology giants, lack the digital infrastructure to enable this at a large scale. While most companies have policies, technology, and procedures in place to allow employees to work remotely, corporations normally anticipate only about 15% of employees connecting remotely at one time. As such, investment and deployment in VPN and VDI infrastructure is tailored and appropriate for this level, leaving many corporations vulnerable and ill-equipped to manage this new reality that requires dynamic access to network services for a larger number of employees.
The drastic shift to mass remote work therefore brings additional security risks for companies. As devices are installed outside a company's network infrastructure and connected to new networks and WLAN, the potential attack surface for cybercriminals expands exponentially.
Bar a readily available vaccine, we are set to see the true litmus test for remote work. Corporations large and small will require a quick solution for a limited duration. While to many, Virtual Private Networks (VPN) seem to be an appropriate solution, VPN for workforces are often only dedicated to specific employees and are cost prohibitive and complex to implement globally, resulting in insufficient capacity.
For corporations lacking the infrastructure, time, and liquid capital to expand access to VPN, it will be critical (and highly cost-effective) to externalize this service, allowing for accessibility on-demand. A key component of this solution is enabled by SASE platforms , a set of services offered by internet service providers and telecommunications corporations to enable NaaS (Network as a Service) to allow remote employees to connect coupled with Network Security as a Service (NSaaS) offerings which include VPN, Firewall as a Service (FWaaS), DNS and Cloud Secure Web Gateways (SWG) to minimize vulnerabilities.
A central element f the SASE offer is a secure and high-performance DNS service which protects Apps, Users and Data against potential DNS attacks and ensures that business operations are not impacted – especially when most employees are connecting to the network remotely. DNS should ideally be complemented by Edge GSLB (Global Server Load Balancing) distributing the load of network traffic for servers. And for service deployment automation of a telco's SASE infrastructure, DDI (DNS-DHCP-IPAM) is fundamental, bringing the velocity required to scale easily and rapidly, aligned with market demand.
Taken together, these measures ensure that company networks are running smoothly - despite increasing network complexity in the new remote work reality that will define 2020 and perhaps beyond.