During these unprecedented times, organizations across all sectors are facing the same issue: enabling remote “business as usual” while facing extraordinary challenges of scale and secure connectivity.
As we continue to adjust to the “new normal,” the remote work demands we are encountering are nothing like we’ve ever seen. Even though many federal agencies have moved more data and applications to the cloud, security monitoring has developed into a complex system that isn’t ideal for the new environment we find ourselves in today. However, there is a more efficient way to secure and accommodate even the most demanding longer-term remote workforce requirements – and it’s through cloud-based systems.
The state (and shortcomings) of legacy remote access
To begin, it is worth revisiting a bit of technical history. Remote access was traditionally intended to get workers back to the data center where applications and services were hosted. Early remote access solutions separated the remote access gateway from the security implementation, which created a complex arrangement of systems.
Over the last ten years, the Department of Defense (DOD) Combatant Commands, Services and Agencies (CC/S/A) have become increasingly reliant on resources that aren’t hosted on-premises. Many have found their workers using resources that are hosted in the public cloud (AWS GovCloud, Azure DOD, etc.), with Software as a Service providers, and on internet-based resources. Yet even as applications and services have moved out of the data center, organizations continue to backhaul traffic to provide security inspections and monitoring.
As resources have become more distributed, DOD entities have devised sophisticated solutions to solve these problems, including scaling out their VPN implementations as well as adding more hardware and larger internet circuits. These additions require implementing a more complex architecture, however, which can cause operation and maintenance issues, and they often don’t address the latency caused by an inefficient network path.
In an attempt to overcome the extra challenges, remote access providers have introduced features like split-tunneling to allow traffic not destined for the data center to be routed outside of the VPN tunnel. Split-tunneling introduces new security issues, though, and doesn’t provide visibility into all network traffic – and the DOD has discouraged this usage. So, where does this leave organizations that want to optimize remote access while maintaining their security posture?
Solving backhaul issues with the cloud
Cloud computing provides an alternative to traditional remote access solutions that rely heavily on deployed hardware in the data center. Decoupling the remote access solution from the data center and moving it to the cloud creates two distinct advantages.
First, traffic doesn’t need to be backhauled to the data center. This prevents circuit overload and decreases the data center bottleneck, improving performance and the end user experience. Cybersecurity innovations have produced virtual security appliances, such as next-generation firewalls, which provide the same level of capability and protections as hardware appliances. In many cases, policies from the data center-deployed security stack can be exported and applied directly to cloud-based virtual appliances to ensure consistent policy enforcement.
Second, cloud environments offer a better location for hosting remote access gateways. They provide ubiquitous access by default, are globally distributed, offer dynamic scaling, and are often closer to the users and services they connect, thereby decreasing latency. The nature of cloud computing also makes it possible to access, configure, and maintain deployments remotely. Given the current environment, removing the need to physically deploy hardware in a data center improves employee safety and increases delivery speed.
A cloud-hosted remote access solution also combines remote access and security. Operationally, the DOD requires solutions that are resilient as well as secure. It makes sense to combine both in one common platform. In reality, there’s simply no reason a cloud-deployed architecture can’t extend the same security protection that exists in the data center.
We don’t know how long this new normal will last or how the way we work and operate may evolve from this experience. What we do know is that as government organizations have shifted to a mobile workforce, specifically in the case of the DOD, it will be important to not only focus on the vital mission of maintaining national security but also ensure worker safety. Cloud-based solutions can help secure critical networks, keep the DOD’s remote workforce fully connected and productive, and provide the high level of security and performance that’s essential for government organizations.
John Davis is vice president of public sector at Palo Alto Networks. Drew Epperson is director of solutions architecture for federal at Palo Alto Networks