Work-From-Home Networking Requirements, Part II

by Cal Braunstein

As COVID-19 continues to reshape the business landscape, there is a need for a unified security enforcement in WFH and Hybrid WFH situations.

If the employees are working from home and office – and they are doing so in different geographic locations, then an organization has to acknowledge that data security procedures will vary from geography to geography, and from country to country.

One way to solve that problem is to adopt standards within geographic regions that comply with the local data protection (GDPR in the European Union, CCPA in the U.S.) and data security standards that vary from country to country (e.g., Canada, China, Germany, the U.S.). However, data management should be consistent throughout the global network, applying global policies throughout and inserting local policies where appropriate.

Adapting Network Policies

With most WFH employees now “off” or partially off the traditional corporate network, managers must examine their access patterns to applications and data. Given the fluid situation regarding end-user access, it is inevitable that changes will be made to networking policies, including access methods, APIs, and the use of networking protocols.

Applications are migrating to the public cloud, to colocation sites and to the private cloud (on-premises), making it hard to control data access when at least 50 percent of users, transports and devices are outside of typical networking controls. In some cases, a new approach to SASE (secure access/service edge) may need to be put in place to address the new network topology.

One unexpected consequence of this is that network control – which was centralized in the data center – may now be enforced from the edge of the cloud, rather than from the center of the corporate network. The most vulnerable resources on the network can be isolated or accessed only by means of multi-factor authorization.

Geographic Considerations, Worldwide

Another approach to managing a global corporate network is to manage the systems and data according to the geographic restrictions in each region, or country.  On July 16, 2000, the EU-U.S. Privacy Shield Framework was declared invalid. Now, there is no longer a valid mechanism for transferring personal data from the EU to the United States. Initial lawsuits to prevent transfer have already been filed – and many businesses are waiting to see whether fines are imposed on the companies that were sued. Enterprises must act now to address these data and networking challenges before a wave of wider enforcement for PII data privacy begins.

Move the Laptop, Move the “Dock”

When it comes to WFH, everything is “local” for the end-users. The employees want their work environment at-home to replicate the one they knew in the office. This can be done in at least two ways: replicating the platforms and software they used in the office – and bringing that environment home. Another approach uses virtual desktops (VDI) to support end-user access to centrally secured data.

Laptops are mobile, by design. That’s why Network managers need to decide whether to move beyond the traditional network “perimeters” as they work to secure users’ devices. The reality of WFH/office is that changes will have to be made in any case – due to concerns about cybersecurity, ransomware and malware attacks – although the specific changes will vary from company to company.

One solution: having a dedicated line brings greater security to the employee’s set-up – and greater end-to-end security to the business, because the line is no longer shared between business and personal uses. For those employees who will continue to primarily be using the WFH option, employers should consider paying for a second, dedicated line into the home – a deployment that was once considered to be a “perk” reserved for top managers and company executives. WFH may require it either for redundancy or to provide the needed bandwidth and latency as others in the household may be consuming too much of the existing “personal” Internet connection.

Creating a Cloud-First Networking Topology

 The waves of cloud migration over the last 10 years suggest it may be time to implement a “cloud-first” network topology that recognizes that most applications reside in the cloud – whether they are cloud-native or not.

With the shift to a WFH/office paradigm, companies should re-evaluate their networking topology, especially if the message transport logic forces all transactions to be routed through the data center, even if no other local processing is performed there. The switch to a cloud-first network topology could reduce latency and costs.

Companies could implement these changes themselves and continue to provide the ongoing networking support – or they could enlist the services of cloud service providers (CSPs), MSPs, system integrators (SIs) or channel partners to get the work done.

Too Many Collaboration Tools

Then, there is the matter of collaboration with other employees, to get their daily work accomplished. The collaboration is an inherent part of the employees’ everyday work environment. But the RFG100 panel acknowledged that most large companies already support multiple collaboration tools.

RFG100 attendees agreed that WFH is causing a proliferation of collaborative software tools on employees’ desktops. A small sampling would include: Cisco WebEx; Citrix; Google Docs; Microsoft Office 365; Microsoft Teams; Slack; Zoom and other software platforms. The sheer variety of collaborative tools is admirable, but it is often complex to manage.

Employees have preferences also, using a mix of collaborative software tools during their working hours. Organizations are finding that the rapid rise in multiple collaborative platforms is challenging their goal of adopting collaboration software standards that can be supported in a consistent way across the corporate network.

Further, this mixed environment can impair employee productivity, depending on what software is deployed – and the end-user’s customer experience may suffer. While there is no single “correct” answer to selecting the perfect collaborative tools, this is a key issue identified by the executives. That’s why organizations should consider how many collaboration tools they want to deploy, maintain and support over the next decade.

The Bottom Line

The patchwork upgrades that large enterprises adopted to deal with the sudden move to work-from-home (WFH) environments required many technical compromises due to the speed of implementation in the wake of the COVID-19 pandemic. In the short term, many enterprises succeeded in deploying network configurations that combine WFH networking support with office configurations, but these stop-gap networking environments must now morph into long-term stable solutions that are secure, available and efficient.

The compromises and concessions created during the creation of the WFH environment must now be rectified. IT executives will need to work closely with business teams and security teams to achieve the benefits of having a networking infrastructure that will ensure long-term business productivity and certified risk compliance during the transition from the traditional office network topology to a new IT model that supports both WFH- and office-based employees.

Related content:
Which Cloud Storage Service Is Best for You?
Security Gaps and Requirements in the New Normal
We Have Smart Phones, Why Not Smart Buildings?