Protection for tomorrow’s distributed workforce

Remote working used to be an option for a minority, with most of us commuting each day to a central location. Now, post pandemic, we have entire business ecosystems operating on a much more varied basis. Many people are still based at home, while others have returned to a traditional workplace setting. A proportion are dividing their days as they choose between home and office, while others expect to keep busy on the road as they transit between a variety of locations.

Workers need the ability to function productively at any time and require secure access to essential workloads and applications, regardless of their whereabouts. That’s what modern hybrid working is all about and it’s here to stay. A recent report  from Microsoft indicates that 73% of employees desire to continue with flexible remote working post-pandemic, while 66% of employers are actively looking into rethinking the design of workspaces to better accommodate hybrid work needs.

One of the biggest barriers to success for a hybrid workforce is security. The balancing act is to enable easy access to the enterprise network from anywhere, without compromising network security. Using traditional security tools, in conjunction with legacy networking standards, is just not possible.

The good news is that network managers can now take advantage of a new solution called Secure Access Service Edge (SASE) that is well equipped to deal with the fluidity and unpredictability of hybrid working patterns.

SASE actually predates the pandemic-driven rush to remote working. It was established as a technology category by Gartner in an August 2019 research report. That report codified SASE as a series of 15 components that are harmonised in a unified architecture. The tech industry is still working towards a SASE solution that has all 15 attributes. The goal remains a sustainable long-term solution that can support working from home or office on a level playing field, allowing for seamless access to the network from anywhere and from any device without compromising the integrity of network or data security.

How to get the most from a SASE deployment

The objective of any SASE deployment is to deliver as secure a network as possible, available from a mix of locations. To help network managers get there, here is some guidance on the steps to get the best results, including an idea of what an optimal SASE solution should look like and consideration of some of the pitfalls that might lie in wait.

Defining your security and business objectives

If a SASE deployment is to be a success, then it needs clearly defined objectives from the start. Without considering in detail what you want SASE to achieve, you might be on track for disappointment.

A common objective for SASE is to replace a disorderly jumble of disparate solutions with simplicity and manageability. Many organisations currently struggle with a messy mix of security appliances and point solutions, provisioned at different times by different departments and with different needs in mind. The right SASE solution will replace this with secure network access of a uniform quality at all end points. It functions, if done right, as a single pane of glass offering a full view of your network.

You will also need to decide how you want to deploy SASE. You might have in-house IT expertise on hand to make your choice of SASE solution work. Or you might prefer to turn to a partner to deliver it as a managed service. Doing it this way means you can rely on ongoing support to ensure day-to- day operational success. Your partner will be part of ensuring that your network is able to grow and evolve along with your business requirements. A partner can also help you navigate the increasingly complex network environment in which we all find ourselves.

You will also need to give thought to capital and operational costs. What is the best way to balance increasingly complex networking requirements with budgetary constraints? What returns can you

expect from an outlay on SASE if you buy your own solution? How might the alternative of a managed SASE service help with cost of ownership and return on investment?

Understanding your perimeter

A SASE deployment is all about enabling businesses to activate secure connectivity wherever it is needed. With a hybrid workforce, the perimeter of your business is no longer fixed and defined. It will embrace remote locations and on-prem ones. It might be in the cloud, out in the field, or a combination of all these. All enterprises will have different types of requirement that must be considered before SASE can be effective.

You need to understand where your users are, how they’re connecting and which devices they’re using. It will also be necessary to define their access profile. The inherent attributes of SASE makes this easier than with legacy security methods. Remember that SASE security is policy-driven, and not contingent on the location of the user. It is also open to a range of different device types. Access and security are based on a user’s identity rather than a physical

IT-controlled device or network access point. SASE offers flexibility in where and when security services are applied, and meshed traffic patterns are handled with efficiency. You will need a handle on what security you already have in place, and how that might fit with SASE. You must consider the security requirements of individual applications too, and have an idea of their performance needs, mapped by location groups.

Avoiding short-term fixes

Organisations need to be planning for the long term and secure networks must be central to that process. We’re well beyond the early days of the pandemic when network technology rose to the challenge of keeping huge numbers of remote workers connected and operational. Looking ahead, the challenge is no longer about a quick fix to get us through an emergency.

The short-term solutions put in place at the beginning of the pandemic, like legacy VPN connections, will not be up to supporting the complexities of hybrid work. Older solutions, created before the cloud era, will not protect against latest threats, and are difficult to scale and expensive to operate. These drawbacks will inevitably have a negative impact on network performance. New approaches and new technologies are needed, either to replace all older solutions wholesale or perhaps just to manage them better under a single platform. This is where a managed SASE solution can fit in.

Avoiding a piecemeal approach to security

Network managers must be aware that not all SASE solutions are the same. A common pitfall is to invest in SASE that is made up of many different bits and pieces, only superficially united under one fabric. It is important to ask if the solution you have in mind follows the Gartner guidelines:

  • Can it be delivered as a managed service?
  • Is it designed for the cloud from the ground up by people who fully understand the needs of the cloud?
  • Does it offer a truly integrated approach based around a single dedicated platform?

SASE with the right qualities is a sustainable solution that is secure and scalable – both in terms of the number of end points and geographic reach – as well as cost-effective, easy to manage and quick to set up. All in all, it should provide a good experience for many different types of end-user.

SASE must provide policy-based, software-defined access to work with the most fluid of network fabrics. It should let network managers and security professionals specify the level of performance, reliability and security of every network session, based on identity and context. It must define and control all the dynamic access requirements that digital transformation entails, allowing secure connectivity between a variety of distributed users, locations and cloud-based services. If it doesn’t do all this it is not true SASE, and may well end up as an expensive headache.

Delivering world-class secure access for the hybrid generation

Colt has formed a partnership with leading SASE vendor Versa Networks to deliver a truly integrated approach to networking and security. Colt’s global next generation network and leadership in the SD WAN market has been teamed with VOS™ (Versa Operating System) to answer the needs of today’s hybrid working patterns.

The latest Remote Access feature, one of the first to be based on Versa SASE, builds on the success of Colt’s award-winning SD WAN service to allow remote access without compromising network security, integrity and performance, and is based on an easy-to-scale, cost-effective model.

Colt and Versa offer SASE connectivity that is built from the ground up as a true enterprise- grade solution. The result is a wide global footprint combined with massive bandwidth and a software layer designed for both networking and security.

As the market continues to evolve, it’s important to have a partner with a strong roadmap. Colt and Versa together have the resources and skills to make connectivity both secure and future proof.

About Colt

Colt’s global network services are delivered over a highly available and secure network that spans four continents with Colt-owned infrastructure in 32 countries. The Colt IQ Network is a 100Gbps optimised intelligent network distributed to 900+ data centres and carrier hotels around the world, providing best in class service and optimised for SDN, NFV and cloud services.

About Versa

Versa Networks, the leader in SASE, combines extensive security, advanced networking, full- featured SD-WAN, genuine multitenancy, and sophisticated analytics via the cloud, on-premises, or as a blended combination of both to meet SASE

requirements for small to extremely large enterprises and Service Providers. Versa SASE is available on- premises, hosted through Versa-powered Service Providers, cloud-delivered, and via the simplified Versa Titan cloud service designed for Lean IT. Thousands of customers globally with hundreds of thousands of sites trust Versa with their networks, security, and clouds.

Contact your Colt sales representative. See www.colt.net/contact-us