Remote work isn’t just the future – it’s here and now. With most, if not all, of your users working from home, you need to deliver the same level of protection for the sensitive, business-critical data on their laptops and mobile devices as if they were working in the office. Cybercrime hasn’t slowed down during 2020, and the persistent work-from-home situation is a prime candidate for exploits.
The VPN blind spot
Many remote employees skip connecting to the VPN, which leaves their unprotected machines exposed to malware and data exfiltration. But why would so many users bypass the easy safety net of the VPN? In some cases, a user simply forgets to connect at the start of a workday. Sometimes, if everyone tries to connect at the beginning of the workday on Monday, a user might have problems connecting, and decides to get started on work without the VPN (and forgets to try again later). After all, many SaaS applications, like O365, can be configured to work without a VPN connection.
Sometimes, however, a user will disconnect from the VPN because of network performance issues. Maybe the SaaS applications perform better without it, and since they no longer need to be on the VPN for these applications to function, it’s easy to want to trade speed and productivity for protection from cyberthreats.
More traffic, higher costs
Most organizations designed their VPN hardware-based framework to handle a predictable population of remote and roaming users. When every employee suddenly moves to 100% remote work, the hardware-based VPN faces an unexpected surge in bandwidth requirements. With no clear end to remote working in sight, IT teams are forced to make some tough decisions: should they redesign their network to handle the new surge in VPN traffic? This requires purchasing new hardware and access to a building to install it, along with spending budget that may or may not be available to spend.
Enter cloud-delivered security
New research from Gartner investigates how to secure access in a cost-effective way, today and in the future. To achieve these goals, Gartner recommends a Zero Trust Network Access (ZTNA) identity and access framework, in conjunction with a Secure Access Service Edge (SASE) networking and security infrastructure. By deploying these two cloud-delivered frameworks in unison, organizations can deliver secure access at scale while keeping costs down and enable better workplace productivity.
By taking the pressure off existing hardware (like firewalls and VPN endpoints), a combined ZTNA and SASE approach gives organizations the speed and flexibility they need in their networks to aid remote worker productivity, without compromising security posture. And by choosing providers that can deliver these capabilities from the cloud, IT teams can deploy, configure, and manage the services quickly without the need for physical access to hardware inside buildings. After all, the IT administrators are working from home, too.
In addition to ZTNA, the research recommends the use of a secure web gateway (SWG) for URL and malware filtering and a cloud access security broker (CASB) for visibility and control of activities inside SaaS applications. Many IT teams are dealing with smaller budgets than expected for the upcoming fiscal year and seek to cut costs wherever possible. One easy way to simplify purchasing and save on overlapping functionality is by selecting vendors that can deliver multiple capabilities in one converged, cloud-delivered service and bill based on consumption today, not on expected scale for tomorrow.
Learn more by reading the rest of the research report here.
Start today, plan for tomorrow
Cisco Umbrella combines multiple security functions, including SWG and CASB, into a single cloud-delivered service — helping you deliver the right level of security anywhere your users work. If your users skip the VPN, Umbrella keeps them covered from whatever threats might be falling out of the digital clouds. If you already use Cisco AnyConnect as a VPN client, then you can simply enable the Umbrella roaming security module — no additional agents required. Easily add more functionality as your network evolves and grows, delivering flexible access and security when and how you need it.
