Homeworkers and SD-WAN

As we struggle with the implications of Coronavirus, IT professionals are readying themselves for what’s being called the largest work-from-home experiment in human history.  A lot of efforts are currently underway to deploy additional equipment, capacity and processes to accommodate home workers. But is this really necessary? 

Several IT managers already had plans to switch to SD-WAN, and therefore ask the logical question: Is SD-WAN a solution for home workers too? Their dream is to invest in only one corporate network, serving both home and office workers, worldwide. In this article, we consider this possibility.

Security appeared to be part of SD-WAN

SD-WAN was always about replacing, well, the WAN. Security was seen as something else. However, the security component turned out to be more relevant than that: Potential SD-WAN customers withdrew their RFPs to add security as a component. 

It was only logical, as seen from the CIO perspective:  Before switching to SD-WAN, one needs to assess the impact on security of the IT infrastructure. Unfortunately we have seen that SD-WAN technology vendors do not always have a complete answer.

Is Remote Access part of SD-WAN?

When it comes to the subject of Remote access, this is presently being seen as something not only separate from SD-WAN, but even entirely unrelated! Most SD-WAN vendors simply ignore this topic altogether. Even before Coronavirus, that approach made increasingly less sense to us. Why? Because work has extended outside of the office. What was once the exception, today, working remotely is a rule. Most of us are checking our e-mails from the road, while we walk, and at home. Hence, our networks need to extend outside of the office. 

Upgrading VPN concentrators is the fastest option

Rethinking remote access for your SD-WAN will not be as easy as upgrading your VPN concentrators. Hence most companies go for the upgrade, the fastest and -seemingly- easiest way. However, there is a bit more to it:

A remote worker is online quite literally the entire working day; and most employees have suddenly turned into remote workers. This significantly impacts the oversubscription ratio at the VPN concentrator. Before Corona, you only needed 200 concurrent licenses for 2,000 employees. Now you need capacity for 2,000 concurrent users and that’s going to mean a significant investment in the size of your VPN concentrator (or firewall). 

Building a global network of VPN concentrators

Besides upgrading existing VPN concentrators, you’ll also need to think about purchasing more of them. Since remote users need to connect to the VPN concentrator in order to access corporate or cloud applications, it’s important that VPN concentrators are nearby. Otherwise you leave the data traffic exposed to the latency and unpredictability of the Internet. 

When all corporate users are in a specific geographic region, organizations can get away with a single VPN concentrator at a single site in that region. But when companies depend on remote access as their primary communications, IT needs to think about installing at least two concentrators for redundancy purposes, at different sites. For global enterprises the same applies, for each geographical region that they operate in. Hence they deploy and run a worldwide network of VPN concentrators, besides their WAN.

Remote Access Poses Significant Security Risks 

Keep in mind that issuing 100 more VPN licenses to your users is like making 100 copies of your front door keys and giving them to your best friends. You better trust those friends. Unfortunately too often users aren’t as trustworthy as those friends. Threat actors exploit those credentials, to gain access to network access. In fact, 29% of breaches involved the use of stolen credentials according to Verizon’s 2019 DBIR report. And if your Remote VPN Access solution is like most, it puts those threat actors only a password away from essential applications. 

Management and Process is Essential

Rolling out remote access to your employee base involves several management issues. There’s the obvious, how easy it is to get users equipped for remote access. But in addition there’s configuring the security policies to restrict network access. Once users are onboard, you’ll need the management and monitoring tools for those remote users. Global companies would need to set up remote access for all users, implement and maintain their various access policies, and manage and monitor this, besides their WAN.

Coronavirus: The Argument For OneWAN? 

It may very well be that Coronavirus becomes the best argument for OneWAN integrated architecture. Having all types of access —  mobile access, SD-WAN, cloud connectivity, etc. — in one global platform with security built-in would allow organizations to respond faster and easier to these kinds of situations. Of course you can upgrade and deploy VPN concentrators globally, and effectively build a whole new network for home workers, besides the WAN. However we believe you’d be better off with one single integrated infrastructure, the OneWAN. Rather than investing in additional equipment, capacity and processes for your remote users, you’d be able to use one single infrastructure that accommodates both home and office workers alike. 

One single network for the entire organization —  it’s a radical concept whose time has finally come…. 

Would you also like to serve your home and office workers with the exact same IT infrastructure? Do it now and contact us here to invest in only one network.