Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Are You Ready to Support the “Branch Office of One”?

Work from home
(Source: Pixabay)

While the pandemic is often credited with creating the current work-from-home movement, the fact is it simply accelerated a process of network expansion that was already in process, creating literally billions of new network edges. For many years, digital innovation efforts have been focused on moving applications and network resources to environments that can be reached by any user or any device from any location. Public, private, and hybrid cloud networks, virtualized data centers, and SaaS applications have enabled the broad distribution of networks, resulting in millions of new network edges across LANs, WANs, data centers, and cloud edges. Hybrid work models and the widespread adoption of even permanent remote work has created a “branch office of one.”

While this remote work strategy has enabled organizations to be agile, resilient, and adaptive, it has also created complex issues around networking and security that few were ready to address when the pandemic hit. As a result, many responded with temporary fixes without considering long-term implications – from network architecture to real estate planning.  For example, many organizations now rely on VPN, a technology that has been around for decades, to provide secure remote access. However, temporary solutions are not ideal for permanent changes because many companies accelerated cloud migrations and are now trying to optimize networking and security after the fact.

The challenge is that this new “branch office of one” has a number of serious liabilities. The biggest challenge is that most remote workers now access corporate resources from a home network that may have little to no actual security in place.  In addition to the vulnerable devices also running on that network, like entertainment systems and IoT devices, it is also shared with other users accessing school, work, entertainment, shopping, or just general browsing.  Second, there is probably no one at that location capable of implementing or troubleshooting complex security and connectivity solutions. This means whatever solution your organization puts in place needs to be as simple to deploy and manage as possible and yet, deliver enterprise-grade performance. Consider this: if you have 1,000 remote workers, and each worker only experiences a connection outage once a year, your IT team is suddenly having to troubleshoot three complex system failures a day—a workload that didn’t exist before, now added to a team already stretched to the breaking point.

In such a situation, simplicity is critical. As much as possible, organizations should be looking for a converged solution that combines networking with advanced security. This will allow them to do things like segment corporate resources from the home network and create and maintain self-healing connections while providing deep inspection on all data, including streaming video and rich media services.

Note, the home network is only one scenario that needs to be addressed. Devices and users are also highly mobile.  So, converged connectivity and security needs to be extended everywhere: at home, in the car, at the coffee shop, or from a park bench or hotel room.  Today, secure remote access solutions must not only secure connections back to corporate resources, but they also must protect the enterprise edge where data, applications, and decision-making all happen locally, often on a temporary, ad hoc network.

The need for a security-driven network

In these cases, it’s more important than ever to implement a security-driven network that allows networking technology and security to be deployed, managed, and operated as a single, unified system. These solutions can range from new Zero Trust Internet Access (ZIA) solutions that provide a more advanced and more secure VPN connectivity option to SD-WAN and SASE working together to optimize user experience while providing end-to-end protection for applications and workflows. 

Of course, as systems converge, they have to support a wider variety of functions, including connectivity, availability, security, and more. That is why these tools also need to be integrated with artifical intelligence and machine learning. When transactions happen locally and at extreme speeds—think smart cars making split-second safety decisions at freeway speeds—then security cannot afford to make a round-trip to some remote location to decide what to do. Lag times in security don’t just affect business outcomes and user experience. In today’s hyperconnected world, they can also affect public safety.

The challenge is that in an era of specialization, it is extremely difficult to find a vendor capable of blending advanced network technology, enterprise-grade security, and best-in-class AI and ML. The better approach is to work with a security vendor that has blended critical networking functionality into an advanced security system that can be easily deployed in the cloud, whether as an infrastructure solution or a service, in the data center, on edge network devices, and even as an advanced endpoint security solution.

In today's networks, computing, networking, and security must operate as an integrated solution. The security-driven networking approach provides organizations with the flexibility to deploy security wherever it is needed, whether on-premises, in cloud, or delivered as a cloud-based service. However, this flexibility should not be a reason for security to be a “bolted-on” as an afterthought. If you’re not looking at your increasingly distributed network through a security lens, then you’re setting yourself up for a more complex and less secure network.

Of course, since protecting distributed and mobile networks has become a critical issue, there is a growing number of networking vendors trying to stitch these different technologies together. The problem is that most of the time, the resulting solution is highly complex, very expensive, and extremely inefficient to deploy and manage. Indeed, in many instances, when the vendor is a networking company, the security capabilities do not meet even minimal standards for protection. The practical reality is that enterprises need best-in-class security that has a proven track record, backed by independent testing and validation.

Networks based on ad hoc solutions and lacking strategic planning often create so much complexity that it’s virtually impossible to effectively support hundreds or thousands of users and devices. Instead, the key elements of any effective security-driven networking strategy must be broad, integrated, and automated. Security needs to be an organic extension of the network, where all functions can be easily and remotely deployed, configured, managed, and orchestrated through a unified console. With a unified and integrated approach to security and networking, digital innovation can proceed uninterrupted, enabling users to effectively and securely operate from a branch office of one or from just about any location.

Jonathan Nguyen-Duy is vice president, global field CISO team at Fortinet.