Over the past few days, the east coast has been bombarded with what has now been dubbed “Bomb Cyclone,” one of the worst winter storms in recorded history. Having already brought the temperature down to historic lows and caused thousands of flights to be canceled, it has also forced employees to remain at home. Leaving them to break out the snow blowers and shovels to clear the driveway between conference calls.
Since snowed-in employees are not able to make the commute to the office, there’s a massive spike in the number of remote users attempting to access internal applications. This places a strain on existing remote access technologies. Many network security teams use traditional DMZs, comprised of a stack of VPN gateway appliances, to control access to internal applications and maintain the security of the internal network. “Bomb Cyclone” has highlighted some of the key pitfalls associated with relying on network appliances. Let’s explore a couple of them below.
“Ice, Ice, Baby”
To provide remote access for their employees, many organizations use some kind of VPN. VPNs require appliances, and user licenses are often tied to specific appliances. In the case of a massive winter storm, the lack of flexibility to decouple licenses from appliances introduces complexity when it comes to accommodating the increased number of remote users. Network admins wind up having to manually move licenses around, do the math to ensure the right number of licenses in proportion to available hardware they have within their environment, and often scramble to buy new licenses. If not, they risk users not being able to work, reducing productivity for both the user as well as the business.
Some of the major VPN vendors offer “In Case of Emergency Licenses” often referred to as ICE licenses. These are expensive (basic law of supply and demand) and typically have an extremely short lifespan (couple weeks or less). ICE licenses allow VPN appliances to operate at their maximum capacity for a set amount of time. Once the time expires the license vanishes. The “gotcha” is that admins purchase ICE licenses, use only a subset of them during a disaster, save the rest for a later date, but then forget to switch off the ICE license once the disaster is over. The license then expires after a specified amount of time and when the next disaster occurs admins go to use their licenses but the ICE has melted away. Leaving the customer frustrated.
“Where’s the beef?”
The actual capacity of existing appliances becomes an important factor IT must think about. The increase in remote users means an increase in the amount of load that each VPN appliance must be able to handle. Afterall, it doesn’t matter how many licenses a company may have if their appliances can’t deal with the burden! Admins must ensure that their appliance capacity is beefy enough to accommodate the unexpected barrage of VPN concentrator pings, and if not, must find a way to increase capacity by scrambling to purchase additional hardware. Or else, their appliances could keel over.
Put the freeze on appliances
No admin wants to be caught in a storm of remote user complaints while spending the day speaking with their VPN’s support team to figure out the fastest (and cheapest) way to get more licenses or buy additional appliances. Nor do they enjoy their boss breathing down their neck asking them when the problem is going to be solved.
The software-defined perimeter offers a new cloud-based approach to provide remote user access to internal applications that is completely different from the traditional DMZ. This modern network security method uses the cloud to provide the convenience, flexibility, and scale that network admins need when faced with a natural disaster. Best of all, there are no VPN appliances necessary!
Zscaler Private Access delivers a software-defined perimeter that gives remote users the experience they want, and IT the security and reliability they require. Even if the next bombogenesis makes an unwelcome appearance.