I used to work in an office. Now—like most enterprise IT professionals—I work from the kitchen. Or my guest room. Or the patio. Or a socially-distanced “anywhere” with good Wi-Fi. COVID-19 has forced us all to change how we look at, design for, and enable remote access to applications, data, and information resources for our employees.
And just as we’re getting used to this telecommute-only phase, we’re about to enter a new age: the After-COVID (AC) era.
In the AC era, crises and disruption will happen. As we’ve seen in the last few months, the COVID-19 crisis changed business processes overnight—and caught most companies completely off guard. Their legacy infrastructures couldn’t accommodate the needed changes (in this case, everybody suddenly working outside the office). The AC era means a new flexible working environment: we’re either working from home, gone back to work, or maintaining a hybrid of the two.
Corporate environments must be agile enough to respond to future crises: they will happen, and your business must adapt to meet the challenges. The AC era means accepting the disruption of “business as usual.” Beyond enabling business continuity in the face of massive change (such as COVID-19), enterprise IT leaders must look at the new technologies, infrastructures, and services offered by disruptive companies. Large enterprises can no longer sustain inflexible systems that neither pivot nor scale. The new AC world will move too fast for legacy systems to keep up.
Let’s not do this again...
In my dealings with CISOs and CIOs, I’m hearing two messages loud and clear:
- Businesses can’t afford to be surprised by another crisis. Something like COVID-19 will happen again, and we’ll have to pivot again. Preserving inflexible networks and moribund cybersecurity technology will restrict future agility.
- People will access and consume applications and data from anywhere and everywhere. The internet is everything, to everyone, all the time. Applications and data will live outside the corporate network. And employees will too. Accommodating this shift means we need to change how we architect our environments both from a business and a security perspective to support and embrace this new outside-the-perimeter way of work.
The struggle to move from legacy hub-and-spoke architectures marked the Before-COVID (BC) enterprise era. Even BC, IT leaders recognized the extent to which a perimeter-based corporate network model was overly-complex, inflexible, easily overwhelmed, and unable to scale to meet application and security transformation demands. The more entrenched these architectures were in enterprises, the less likely enterprises could pivot quickly to match needed changes brought on by a global pandemic (like, say, the need to shift to a 100 percent remote workforce overnight).
The COVID-19 crisis exposed the extent to which legacy systems hinder enterprise ability to enable remote access. Couple that with employees spending most of their time outside the corporate network perimeter, and it is clear this new way of work requires a new security approach that can only be brought about by transformational change in how we manage and mitigate risk.
We CISOs and CIOs must plan to support the new AC era immediately (and indefinitely). We need to examine architectures, tools, processes, and technologies and ensure they align with the new reality of remote employees, third parties, and customers that expect to work from anywhere. There will be more crises. The sooner we accelerate digital transformation, the better prepared we’ll be for the next agile pivot.
The whole idea behind transformation is for companies to move quickly to embrace change. Beyond unforeseen crises, companies must absorb the latest technologies: 5G, new collaboration tools, more-powerful endpoint computing, and mobile devices. Network and security infrastructure must be flexible enough to support their adoption. There’s a huge opportunity here to move IT from reactive mode to proactive mode: Your IT teams should not just be in the business of responding to executive mandates. They should seize the moment to create infrastructure and workflows nimble enough to pivot to, enact, and enable new business strategies. This is where I have focused many of my discussions with security teams. Security professionals, at times, can be too focused on risk avoidance when contemplating transformational change. This involves a level of risk-taking, which is fundamental to business. Without it, no business value would ever be generated.
Year one AC forecast: Cloudy with a chance of productivity
The way of work has changed forever: Employees connect from anywhere and work in the cloud. But legacy perimeter-based security models can’t protect them or their work. And the COVID-19 pandemic has laid bare legacy infrastructure’s remote-access shortcomings.
In the AC era, IT leaders will face a choice: Will they preserve legacy infrastructure, force employees to use VPNs, and pretend everything’s okay? Or employ connectivity and security solutions designed to support the way their enterprise colleagues work?
Hint: It’s the second option, and it’s already in motion.
Enterprises have been moving applications, data, and infrastructure to the cloud for years now to make networks more responsive to business needs. Users have also been slowly migrating outside the network perimeter—COVID-19 just accelerated this process by an order of magnitude. Securely connecting users to applications, data, and infrastructure directly via the internet has gained traction using a new networking model known as Secure Access Service Edge (SASE).
SASE is a network design concept that uses the internet as the access transport for applications and data, no matter where those assets sit—in the cloud or legacy data centers. SASE is truly precognitive: It is a perfect solution for crises like COVID-19. In fact, these last months have been a world-wide proof-of-concept for the SASE model. The implementation of this edge-based network provides security and access based on user and application connection rather than hub-and-spoke networks with castle-and-moat security.
Last year, Gartner defined the SASE model in a paper that outlined the requirements and implementation of an edge-based network.
SASE has become a bit of a marketing buzzword. (Indeed, some companies claim SASE-compliance, even though their solutions don’t meet its guidelines.) An ideal SASE solution should satisfy six functional criteria:
- Seamless direct access to both external (Internet, SaaS) and internal (data center, IaaS, PaaS) applications
- Context-aware access that correlates user, device, application, and other characteristics in order to grant permission and provide granular visibility
- Flexible deployment across all users and locations, for instant and seamless expansion without complex on-premises hardware deployment or licensing delays
- Excellent user experience when accessing critical corporate applications and key collaboration tools such as Zoom or Microsoft Teams
- Comprehensive visibility for security, monitoring, and troubleshooting provides excellent insight into traffic patterns and enables rapid user-issue resolution
- Comprehensive security and compliance tools that mitigate cyber threats and protect applications and data
Your employees need to be able to use the right tools and technology to drive enterprise growth. The objective is to establish direct, secure, and scalable access to applications and data. For CISOs and CIOs, this approach moves the triumvirate of goals they have to bring value to the business: attestable bend in the curve of risk, lower total cost of controls and enablement of business velocity and user experience.
SASE prepares you for the AC era
Change won’t be easy: Successful enterprises in the new AC era will be built on agile network and security architectures. Though the world of legacy networks may already have been heading in a SASE direction, the COVID-19 crisis has blown up legacy models for good. Enabling the new work-from-anywhere workforce has necessitated a fundamental change in how we approach connectivity design and cloud usage. The cloud is the new corporate data center, and the internet is the new corporate network. Embracing that reality will future-proof your enterprise, and better serve your business, your bottom line, and your users.
Welcome to year one, AC.