Securing network access as employees work from anywhere

This article is sponsored by StarHub.

Image created by DreamStudio.

The advent of working from anywhere has allowed enterprises to maintain operations amid the COVID-19 lockdowns.

But despite the many benefits it delivered, the ‘anytime, anywhere enterprise’ also presented a lot of challenges, especially on IT teams. Suddenly, the old ways of providing employees secure access to data and applications are not so secure and agile anymore.

To decrypt the issue, senior IT experts gathered for a forum titled “Secure Access for the Anytime, Anywhere Enterprise,” organised by Jicara Media and hosted by StarHub.

According to Radu Stefan, Product Manager, Enterprise Business Group, StarHub, one of the pivotal components of the remote working landscape that will transcend into the post-pandemic enterprise is video communications. Because of this, businesses must assess and reconfigure their IT infrastructure sooner rather than later.

“These video calls are here to stay, because depending on the enterprise — there were some that had everybody back to the office. For others, people are still working from home. We are in an era of hybrid networking and hybrid applications. When we go back to the office, the existing network, which in many cases has not been changed in the past few years, has to support all those video calls, for example. That puts a strain on the legacy networks built on the central internet breakout model. Because now, there are many sessions going through that firewall that need to be changed, or something needs to be done,” he remarked.

The evolving network landscape

The massive growth in internet traffic has no doubt put tremendous pressure on the enterprise network, especially since employees need to have seamless and secure access to various applications, wherever they may be.

Hence, many have turned to SD-WAN to solve latency and security issues. However, there are a few areas to consider before making the big move, noted Shamil Fernando, Systems Engineer Manager, Cisco.

“When you are looking for SD-WAN, you need to have a correct SD-WAN solution. The control plane and the data plane separation are extremely important, because if you have a large environment, if you have multiple data centres, and you do not have that control principle separation, you will not be able to scale. Also, the correct rerouting will not happen if you have multiple control planes — every router participating in the control plane does not work as software-defined,” Fernando said.

“If anybody talks about software-defined, ask this question: ‘Where is your control plane?’ If you have the control plane in the router, it’s a traditional router with IPsec connection, but if a control plane is separated within one location, instead of multiple control planes/one control plane — that is their true SD-WAN solution,” he added.

While many businesses are choosing SD-WAN to save on costs, it is actually more of a case-to-case basis, Stefan pointed out.

“What do you actually consider for your budget? Do you consider just your MPLS links? Or do you also consider the firewalls, because if you’re thinking about SD-WAN, you need to add internet, probably in your branches,” he said.

“The internet is much more powerful now. Before, people bought two MPLS connections; that was the best network that you can have, and (it was) also the most expensive. Now, losing the internet in one site or in multiple sites can actually be more catastrophic for the enterprise than losing one private connection, because most of the applications have moved to the internet. And the user experience from that branch may be a bit affected,” Stefan added.

Besides connectivity issues, cyberthreats have also dramatically grown in number, scope of attack, and sophistication. During the pandemic, many business organisations have adopted multiple security solutions from different vendors, and although the strategy managed to keep malicious actors at bay, managing everything proved to be a headache for the IT team, and especially for CISOs everywhere.

To save on costs and reduce complexity, enterprises have thus adopted secure access service edge (SASE) architecture.

Aside from these, SASE provides enterprises with visibility, said Lu Baojian, Senior Manager, Enterprise Business Group, StarHub.

“Having multiple stacks of solutions, such as secure web gateway or VPN — these are actually operationally intensive for the IT to manage. This is where SASE comes in handy, because SASE is a cloud-based solution that has all these solutions integrated. It’s basically a single pane of glass, or a single dashboard experience to see everything that’s happening in your organisation,” Lu explained.

To this end, Lu shared about StarHub’s ADEM (autonomous digital experience management) solution, which aims to do two things: lower mean time to resolution (MTTR), and perform guided remediation.

“For example, maybe there was a session loss in terms of application access. The ADEM solution can also monitor that incident, understanding that it could be caused by a home router issue if you’re working from home, so you can determine that there’s a possible network latency issue, or jitter, or packet loss. That itself, gives the IT that additional information to inform the end users on what to do next.,” Lu said.

“With guided remediation, the system can actually automatically trigger notifications to the end user without IT involvement. So they (end users) can just see a notification that says, ‘You are having a Wi-Fi issue, can you try to reset your router?’ With this kind of solution, with full network visibility, you can help your IT to reduce operational workload,” he added.

Managed services

With SD-WAN and SASE powering the ‘anytime, anywhere enterprise,’ the next question therein, is whether managed services are more efficient than implementing everything in-house?

For Fernando, enterprises could save time and effort when they partner with service providers, instead of trying to run and manage everything.

“It’s important to get somebody who has already done it, and already validated these things, and tested them, to make it happen. It reduces deployment resources as well as cost, so that as a business, you can have a lean IT team, and you can actually focus more on your business rather than your IT. The managed service will provide you that connectivity, and reconstitute the network,” he said.

Lu shared Fernando’s sentiments, banking on industry partnerships across multiple vendors as an answer to the current IT talent crunch.

“If you talk about SASE solution, we have engineers who can provide you, if necessary, support and implementation. And that’s very helpful because of the talent shortage. We also have the certifications, as well as our strong partnership with Cisco,” he said.

Looking ahead, both Cisco and StarHub are investing heavily on analytics and automation to improve their customers’ network further.

“We are also building on some of the other things, like AI and ML, so you will be able to predict whether the system will be pretty crappy, and what’s going to happen in your network. Based on that, you will automatically change the network, or it will alert you of what’s happening,” Fernando said.

“We are investing a lot in these, because we think these are future services and are where the network is evolving. We are driving the network towards automation and machine learning in order to get to a point where the applications signal into the network what it needs, then the resources, the right quality of services are provided for that application,” Stefan concluded.