Note: This blog is part of a series of articles and discussions developed and presented in partnership with Gestalt IT.
The way many people work changed dramatically in 2020 because of COVID-19. Most of the world went into lockdown and people had to adapt how they worked. No longer was it recommended to work from an office if you did not need to.
I work for a value-added reseller (VAR) and managed service provider (MSP). Businesses we support that did not have a business continuity plan in place, scrambled to mobilize their workforce. Things that we took for granted became difficult, such as ordering a new laptop. Everyone was trying to order a new laptop! Many companies used VPN functionality that was available on their firewalls. This works, but it is difficult to manage and not as secure as it could be. It was a quick solution to a problem that no one could have predicted.
Success in the new normal
Some companies that made a seamless transition to enabling a work from anywhere strategy were those that had already embraced solutions like Office 365, virtual desktop infrastructure (VDI), and SD-WAN. Regardless of whether a company was prepared or not, increased work from anywhere activity only amplified the fact that a business’s security boundary lies at the edge, where the end user is, and not in the center, where the data is. It is not enough to only secure traditional internal resources, The end user’s entry point needs to be secured first and foremost.
Focus on VMware SD-WAN
Arguably, SD-WAN is the foundation and the key to success for a work from anywhere strategy. Yes, you can access resources from an internet connection using a VPN, but this solution offers no control over the edge and no intelligence about how traffic is routed to the resources and it is difficult to enforce network security for traffic going directly to the cloud.
The beauty of SD-WAN is its ability to put a control layer over existing physical networks such as broadband circuits, traditional MPLS, or indeed across public cloud backbone networks like those run by AWS or Azure. Similarly to how server virtualization is an abstraction layer for compute resources, SD-WAN is an abstraction layer for wide area network resources.
The way this works is by leveraging Dynamic Multipath Optimization™ (DMPO), WAN traffic is continually monitored and optimized in real-time to allow for intelligent traffic steering. This means that WAN traffic is routed to its destination over the most efficient path possible. This also avoids situations like hairpinning connections over a VPN to a central location, which can be the cause of traffic bottlenecks in a more traditional approach to network traffic routing. If traffic is bound for a SaaS service, why send it to a corporate data center first and then to the SaaS solution? It is more efficient to go direct.
VMware SD-WAN™ has entry points to all of the major public clouds, telcos, and major data center players using our network of hosted Gateways to make DMPO a reality.
Security, the bigger picture
How does this help to control the edge where does the new security risk lies? By deploying a VMware SD-WAN platform at each edge location, be that in a branch office or someone’s home, that location now becomes part of the corporate WAN. Policy and control are managed from a cloud-based orchestrator. Policies can be applied to inspect the network traffic that traverses it and determine how to steer it, and to apply security services to it using both services hosted on the edge device on in the cloud.
SD-WAN is an important piece of the puzzle, that can integrate security for the edge. For a complete solution, we need to consider a combination of tools to ensure a zero-trust network is in place, and cloud access security brokers can be linked in use along with a local stateful firewall using SD-WAN. All of this comes together to form a Secure Access Service Edge, or SASE, to help protect data at every step it takes when in flight and at rest.