I got up at 7:00 this morning. Like most days, our children were more or less awake, but my wife had been standing for quite some time. She had been working online since 5 am and was trying to overcome a growing problem for professionals: getting ahead of the rush to access data and systems before the network and applications were paralyzed.
Remote access resulting from employees teleworking as part of the coronavirus pandemic confronts the infrastructure of many businesses with unprecedented demand that it was not designed to manage.
It is not surprising to see global Internet traffic increased by almost 70% (source: Omdia study March 2020). It should also be noted that leading videoconferencing services today allow free use of their tools so that individuals, schools and businesses can communicate easily while respecting social distance.
However, does the organization of the majority of companies allow them to manage such an increase in traffic?
Can the cloud solve all the problems?
In general, the network is neglected, with most companies believing that if it works, there is no need to worry about it. However, as the gateways are now experiencing a sudden and inevitable spike in traffic, an evolution should be considered.
Here’s the problem: if we don’t understand how the network works, how can we start modernizing it?
The traffic challenges are increasing. First of all, employees using professional devices work via a VPN, all this traffic in fact passing through the corporate gateway. Worse, many players cannot find and provide devices to employees who do not already have them, the workaround is to install VPN and MDM solutions without method on personal, unsecured hardware. Companies therefore increase the number of connections while creating two different risk profiles to manage.
An a priori fast solution that many are considering now consists in using the cloud and all its remarkable modularity in such a context. However, it is important to remember that the cloud is not free. Companies adopting this solution have a nasty surprise when they find costs far higher than those expected later.
To deal with this, the company must better analyze and segment its traffic so that users who need to connect to servers in the data center can do so during normal working hours. You should leverage the cloud to gain capacity at certain levels, but only pay for what is necessary and avoid any default solution.
Avoid overloading gateways
The company must initially understand the type of data to pass through its VPN gateway and the data to be eliminated. We are talking about tunnel segmentation. It is good practice to prioritize critical applications at the network level so that employees can use them, rather than being overloaded with the gateway prevents them from doing so.
In general, video conferencing is the likely cause of such an overload, as it mobilizes a lot of network resources. It’s about the number of employees who view video calling as an essential tool. You should also consider the frustrations at home when all of your children are trying to read different movies at the same time.
One solution is to split the traffic, according to the risks and benefits offered for the activity. Your company may decide that video conferencing should not be subject to most security controls. This relieves congestion on the network by eliminating the need for traffic to pass through the gateway.
Analyzing the applications that your users actually use, and therefore being able to apply intelligent connectivity, can only facilitate the transition to useful tools such as a programmable wide area network (SD-WAN).
Start modernization now
Cybersecurity managers are now faced with a choice: simply try to keep pace with needs or take advantage of it to modernize.
Would it be interesting to know the number of CIOs invited to deactivate security checks immediately while the company is fighting against capacity problems, or forced to increase capacity because of the inadequacy of the controls in place?
We can choose another path. A business executive should listen carefully when their technical managers ask for support to modernize network security by taking advantage of layer 7 functions. Why?
Previously, network security controls relied on the inspection of ports and protocols (known as layer 3 or 4 analysis). This is equivalent to a physical route that would be open or closed. However, modern security controls allow inspection at a much more precise level. They look at the type of vehicle, the passengers, and even what the vehicle is carrying to decide if you can take the road. Layer 7 network security allows this.
So activate this lever which is still pending to activate the layer 7 analysis, which gives an overview of the applications, users and content. Start the analysis and you will quickly follow a path whose benefits will persist well after the end of the pandemic, in particular. This offers in particular:
- A better overview of the network.
- The ability to define strategic processes and the need for tighter controls, compared to those who may not require it.
- Primary data servers better able to handle increased demand, resulting in a better user experience.
The ability to understand / analyze the different types of traffic becomes essential. If the company cannot keep up with the activity, how can we hope to make the right decisions on prioritizing traffic and its traffic conditions? It’s an old adage, but still true: visibility is king. Networks will continue to gain in agility, making visibility imperative in an operational context. We can consider the task as impossible, but it is not fundamentally.
Times of crisis lead us to make choices that can be beneficial immediately, but also sustainably. If companies take the time to understand their main business data flows and modernize their network infrastructure, this will have an impact on their employees: they will perform their business activities with increased efficiency and security.