“Where’s your app? Where’s your data?”
By Hansang Bae, Field CTO at Netskope
When COVID-19 hit, virtually all users left on-premises overnight to work from home. Without the majority of users existing within an on-premises network boundary, the question of knowing where apps and data reside suddenly became even harder to answer. The COVID user exodus was like a bomb going off; wherever each user landed (like shrapnel) essentially became an edge of the new network perimeter. Networking teams immediately had to solve a whole new world of problems – from connectivity, to performance, to security – within what we might call a new Network Bermuda Triangle of Uncertainty: data centre, cloud and user.
Triage in the triangle
The phrase “it’s slow” is the bane of every networking person, but in the Network Bermuda Triangle that COVID created, the network team can’t really know what a particular user’s performance is like because it’s now dependent on the function of every individual ISP.
How do you quantify network performance issues when you have geography and load balancers to contend with, when every redundant path exponentially increases the footprint of the network – never mind the internet as a backbone and the great unknown of SaaS providers?
The Network Bermuda Triangle isn’t just about the unknown, but also the uncontrollable. Without a defined boundary, the network becomes amorphous – it can spread everywhere. And in this world, security becomes top of mind.
From chaos to secure connectivity
In any crisis, survival is the first objective. So, in the spring of 2020, networking teams in triage mode turned to the tool they had at hand to manage the mass decentralisation of their workforces. VPN was the first line of defence for secure connections that could keep businesses running.
But a VPN’s job is like a vacuum cleaner- sucking everything back to the data centre and then running it through the on-premises security stack. This usually includes all the firewalls, proxies, intrusion prevention (IPS), detection (IDS), and other solutions that filter network traffic for threats. Unfortunately, VPN wasn’t designed for this kind of scale.
Backhauling all traffic through the data centre doesn’t work when there are 10,000 endpoints. It creates huge congestion at the VPN concentrator, and security becomes an impossible bottleneck.
From a security standpoint, VPN use has been a longstanding battle. Security wants everyone to use VPN so that they can see everything that users are doing and have them go through the central security stack. But as COVID-19 hit and employees went remote, teams quickly realised that the high volumes of Zoom and WebEx traffic in particular – sometimes going through multiple security stacks – made it almost unusable. The network was completely congested at key entry/exit points. It didn’t take long for companies – even big financial organisations – to decide they needed a compromise that could free up the network congestion.
Enter the split tunnel
“Split tunnelling” was the compromise companies made. While VPN would still be used for on-premises business access, Zoom traffic would go to the public internet to alleviate VPN congestion. But they threw a bit of caution to the wind out of necessity because the decision to split tunnel instantly did two things:
- It bypassed the protection of the security stack, potentially exposing some parts of the organisation to outside cyber threats or data leakage.
- It opened a Pandora’s Box to use split tunnelling for other applications. Once Zoom was approved for direct internet connection, every head of business was probably asking: What about Office 365?
So why are you having them come in just to go right back out again? The lanes that TLS protocols open up to talk to each other have been proven to be secure. The military uses it. The Pentagon uses it. So if the pipe between the data and the user is secure—why are we worried about letting them go direct-to-internet for Office 365? It’s only a problem if the data is somehow infected to begin with.
Reassessing the situation with security in mind
The opportunities presented by makeshift networking systems haven’t slipped past savvy cybercriminals. How do we assess these challenges and relate them to the modern security stack?
For cloud-based attacks we need to enable our conduit – our secure pipeline which directly connects the user and the data – to be scanning for threats in-line. You’re going there anyway to access your data – you might as well let someone scrub it in the process. Think of this as a built-in network-based malware scanning. Clearly, this means that the network plays an active and integral role in the overall security posture.
Offload with confidence
In 2020, networking teams offloaded Zoom traffic onto direct split-tunnel connections out of sheer necessity for survival. But what if you could offload with confidence – knowing that you were getting the benefits of a direct connection without sacrificing security? Not only is it better for the user in terms of performance, but it’s also something that every network person intrinsically understands – the closer you are to where you’re going, the faster you’re going to get there.
You need a solution that is close, fast, and secure – providing that in-line protection between data and users regardless of where they may be. The network is the glue that holds everything together so why not use the network to reduce risk, reduce cost, and, most importantly, reduce friction.