What does a CIO, IT manager or IT architect do when almost the entire workforce must be able to work remotely? Often the first reaction is to use the most common technology for remote access, namely Virtual Private Networking (VPN). But whether it is wise to invest in traditional VPN servers in the head office or within the data center is the question. Therefore, we will discuss some of the challenges of VPN and name a scalable alternative introduced by Gartner.
VPNs are built for short connectivity duration and a small subset of users. As an example, an account manager logs in at night to provide the CRM system with new customer information. More challenges exist with regard to performance, scalability and accessibility. VPN is not compatible for company-wide activities and was never intended to scale up and to connect all employees at home full-time to critical business applications.
In addition, the user may turn off the VPN tunnel, causing internet traffic to go directly to the internet without the usual controls and visibility. And if all traffic to the internet is forced over the VPN tunnel, there is another challenge in terms of scalability. For example, the required corporate internet VPN bandwidth suddenly doubles, with the result that users are confronted with a performance impact!
Improving performance is expensive
The VPN performance can of course be improved if additional VPN servers and VPN concentrators are deployed within geographical regions. But that significantly increases costs, especially if every part of this complex VPN architecture needs to be configured for security, high availability and potential peak loads during the day. These peak loads have become less predictable due to all COVID-19 problems.
The security challenge
The fact that VPN uses the unpredictable public internet and is not optimized for worldwide access also means that VPNs are not always the right choice to facilitate working everywhere for every employee. Especially now that connections outside the office are getting faster due to 5G, this poses an increasing challenge regarding security risks while traveling or from the home workplace. The temptation increases to work “outside” the VPN. As a result, IT may lose a great deal of visibility and the level of security is a lot lower compared to when the user works in the office.
SD-WAN too limited
Many IT managers have plans to switch to SD-WAN, but only want to invest in one network. They therefore ask logical questions such as: Is SD-WAN completely secure? Is SD-WAN the solution for fully facilitating my home workers? Unfortunately, SD-WAN vendors do not have a complete answer to these questions. We wrote about this earlier in the blog “Can work from home with SD-WAN?“
The Scalable alternative
Gartner introduced in the summer of 2019 a new cloud-native architectural framework to provide a safe, fast global connectivity for all business applications regardless of the number of offices or users: Secure Access Service Edge” SASE “. Based on this architectural framework, working remotely is optimally integrated in a modern way with working from the office. In addition to significant cost savings through the ‘as-a-Service’ concept, these are 3 advantages of SASE:
- With SASE your company network is suddenly everywhere. This ensures worldwide access for an unlimited number of applications, offices and users. You don’t have to invest in additional VPN servers, because SASE is built on top of dozens of globally distributed public cloud nodes. Data traffic therefore always takes the shortest route to the user.
- Optimal availability and flexibility, because with SASE you are no longer dependent on sensitive equipment that requires a lot of knowledge and attention. Your network is now easily delivered from the cloud with built-in redundancy at all levels with unlimited scalability.
- Digital security is achieved because every location or user or cloud solution is connected via an encrypted ‘tunnel’ to the nearest cloud node. The global SASE nodes are securely interconnected through a redundant private backbone. As a result, your colleagues are not dependent on the vagaries of the public internet.
For the Security Officer, this means that there is protection, control and visibility of all user traffic again!
WAN transformation step by step
You can easily start with SASE as an alternative to remote VPN. Some of our other customers started with secure internet access (‘local breakout’) for their offices. Whatever is the first step, you can choose your own pace to gradually transform the WAN until MPLS connections, firewalls and WAN accelerators are phased out. So it doesn’t have to be complex to switch to a new architecture.
Want to work smart, super fast and safely without worries?
With the SASE cloud native architecture, on-premise, cloud and data center environments can be connected in minutes. SASE is already used by hundreds of organizations to support thousands of locations worldwide and tens of thousands of mobile users at work anywhere, anytime. IPknowledge OneWAN ‘network as-a-service’ is fully built in accordance with the SASE architecture principles.
Discover an attractive VPN alternative by contacting us to discuss the benefits for your organization without obligation.