{"id":5961,"date":"2023-11-10T21:08:00","date_gmt":"2023-11-11T02:08:00","guid":{"rendered":"https:\/\/zayo1.burbledev.com\/?post_type=resources&p=5961"},"modified":"2024-05-10T09:34:56","modified_gmt":"2024-05-10T15:34:56","slug":"work-from-everywhere-perspectives-from-the-c-suite","status":"publish","type":"resources","link":"https:\/\/zayoustrans.burbledev.com\/es\/resources\/work-from-everywhere-perspectives-from-the-c-suite\/","title":{"rendered":"Work-from-Everywhere – Perspectives from the C-Suite"},"content":{"rendered":"\n

According to a recent Forbes survey<\/a>, nearly 20 percent of companies now operate fully remote, and 98 percent <\/em><\/strong>of all workers want <\/em><\/strong>to work from home, at least some of the time. When employees leave the office and work from anywhere, what do you think is THE most important network capability for executives surveyed? (hint: it\u2019s not security) Last week, Zayo<\/a> and Cloudbrink<\/a> co-hosted a webinar<\/a> that presented how best to tackle the security and performance hazards when employees work from everywhere. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Speakers:<\/em> Shawn Edwards, CSO<\/strong>, Zayo | Prakash Mana, CEO<\/strong>, Cloudbrink | Karl Gouverneur, CTO<\/strong>, Struxtion<\/p>\n\n\n\n

The Historical Trade-Off<\/h2>\n\n\n\n

Companies have always needed to balance top-notch security<\/strong> with network performance<\/strong> \u2013 and it feels like a zero-sum game. More security usually meant poorer performance. Blazing fast, always-on performance usually meant compromised security.<\/p>\n\n\n\n

Prakash Mana, CEO of Cloubrink, concurs that this mindset is well ingrained: \u201cThe security team was where you went to have requests denied.\u201d And cyber security executives weren\u2019t in the habit of placing user experience top of mind when making security decisions. But when most executives cite performance over security as the most important element of remote work, security staff needs to rebalance.<\/p>\n\n\n\n

The choice of secure remote access solutions and the policies for remote work have a direct impact on the business. So let\u2019s look at the challenges of remote security, what the security stack needs to look like, and, in the new work from anywhere normal, where the user experience fits in.<\/p>\n\n\n\n

The Challenges of Securing a Remote Workforce<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Karl Gouverneur, CTO:<\/strong> <\/em>I see three main challenges to remote work in general. The first is innovation. To me, innovation is a contact sport<\/strong>. The magic happens when people get together around a table, so we still need to provide that experience. The second has to do with the performance of the<\/strong> application stack<\/strong>. We all use hundreds of applications at work.<\/p>\n\n\n\n

These applications were designed to work nicely with your offices, in your corporate headquarters, and in central locations connected via very high-speed links to your data centers. Otherwise, the experience isn\u2019t ideal. A third challenge is obviously security. Before work-from-home, CISOs had scores of endpoints to secure. They now face thousands. For those (like me) whose primary role is to manage risk, the attack surface<\/strong> suddenly increased exponentially.<\/p>\n\n\n\n

Multi-factor authentication, managing access controls, dealing with the regulators, and educating employees \u2013 all those things contribute to having a better cybersecurity posture. But at the end of the day, the biggest challenge, the weakest link, is the network infrastructure<\/strong>. CISOs need to provide the best, most inclusive digital experience to home workers, and that means they need to prioritize network insufficiency at home.<\/p>\n\n\n\n

<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Shawn Edwards, CSO:<\/strong><\/em> And specific to security<\/em>, one challenge is making a cultural shift within the CISO. We used to be the \u201coffice of no,\u201d or the CIS-\u201cNO!\u201d<\/strong> division. Today, we have a kinder, gentler security approach. Call it \u201cdefense in depth\u201d or \u201csecurity by design,\u201d it provides a multi-layered approach to security that enables the business and empowers the organization. <\/p>\n\n\n\n

As strange as it seems for a security guy to talk about user experience<\/strong>, we need to champion it. This means abandoning the \u201cone-trick pony\u201d approach to security. Instead, we\u2019re putting depth of strategy into our security so that we build out our infrastructure, our controls, and our capabilities to offer a multilayered defense model that, at the same time, actually enhances the user experience.<\/p>\n\n\n\n

Finally, the challenge of simplicity<\/strong> for the user. The user should have a frictionless experience accessing the corporate cloud, the public cloud, or a SaaS application. Using SD-WAN, our high-speed fiber connections, and the right partner (such as Cloudbrink), we have accomplished this for our own at-home workforce.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

Security From the Inside Out: VPNs Just Don\u2019t Cut It Anymore<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Shawn Edwards, CSO: <\/strong><\/em>Ah VPNs – once in, always in<\/strong>. Every user comes in, they\u2019re dropped off into the network in the same model, and you rely on the network and its accounts to manage it. <\/p>\n\n\n\n

A VPN was a sound model for a centralized, office-based workforce, but inflexible in our new work-from-everywhere environment.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Prakash Mana, CEO:<\/strong> <\/em>Working from everywhere presents a dual challenge: it\u2019s as much a security challenge as it is a productivity challenge. When companies decided that they needed a \u201cperimeter-less<\/strong>\u201d security posture – they didn\u2019t define it properly. They thought that moving security from the data center to the cloud achieved it. But since the end user is where most of the data is curated and consumed, the shift to perimeter-less security means a shift all the way to that end user\u2019s workflows.<\/p>\n\n\n\n

And it has to adapt quickly. People and applications are moving at an unprecedented pace. Security needs to move right along with them, at least at the same pace. We all thought that IPSec and SSL were unbreakable; trust would not change for one, three, or five years. <\/p>\n\n\n\n

We need, as Gartner coined it, a \u201cmoving target defense<\/strong>,\u201d a security model that has such a high level of entropy that even before a hacker gets anywhere close to breaking your security, the entire process of your organization morphs and changes, and it keeps changing. It keeps updating itself much faster than a hacker can ever imagine, or even approach penetrating.<\/p>\n\n\n\n

Work from home is a board level conversation – the stakes are that high. A simple increase in VPN bandwidth falls far short of the user experience goals of CIOs.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

So What Does That \u201cZero Trust\u201d User Experience Look Like?<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Karl Gouverneur, CTO:<\/strong> <\/em>An airport analogy: when you travel outside the U.S., your boarding pass, your passport, and your ID are checked multiple times \u2013 initially to pass security, again in a holding room, again when you\u2019re boarding the flight, and again upon transfer. Zero trust security is like this \u2013 multiple checks for each application access request. The difference is that the user never knows they\u2019re being checked<\/strong>. The checkpoints, the gating, the verifying \u2013 it all happens transparently to the user. The result? The user isn\u2019t stymied by multiple authentication requests – and work continues productively.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Shawn Edwards, CSO: <\/strong><\/em>The more you can compartmentalize, or assign \u201cprescriptive\u201d access – and the more you authenticate behind the scenes \u2013 the more you reduce your attack surface<\/strong>. Zero trust does this. Zero trust can be difficult to implement, but we tend to over-engineer zero trust solutions. When technology and security teams partner, they can implement simple, basic <\/strong>security measures that provide the requisite preliminary level of security. Leveraging zero-trust models is an easy win. Zero trust provides just-in-time, and just the right level of access per individual.<\/p>\n\n\n\n

Zero trust is personalized<\/strong>. My employees have a different level of access to applications during different time windows than my contractors, partners, or agents. This level of security granularity creates a much simpler environment for the end users. It also allows me to contain and control a security incident’s \u201cblast radius\u201d should one occur. <\/p>\n\n\n\n

Zero trust has the advantage of being less expensive<\/strong> as well. Cloudbrink\u2019s model is a software-only model. In the past, reducing risk meant bringing all user traffic back to \u201cthe castle\u201d before allowing it to continue to the Internet. This required banks of VPN concentrators on site. Now zero trust models allow traffic to go from the remote user to the Internet directly with all safeguards in place.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Prakash Mana, CEO:<\/strong> <\/em>The zero trust environment, when paired with the ultra-fast network connections provided by Zayo, really makes a huge difference to the performance and security of remote work. <\/p>\n\n\n\n

We\u2019re integrating with Zayo. This means that when remote users try to access a cloud, SaaS, or a data center-based application for example, the Cloudbrink app on the user\u2019s device will quickly identify the nearest Zayo ultra-low-latency (ULL) link ingress point. Instead of users going through the clouded, \u201cdirty\u201d public Internet all the way to the storage of their resources, they\u2019re routed along Zayo\u2019s ultra-fast network highway, improving speed, overall stability of the connection, and security as well. <\/p>\n\n\n\n

Our customers have told me that this Cloudbrink\/Zayo combination has improved their speed by over 30,000%<\/em><\/strong>! <\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

What About Mobility? Can my Employees use Public Wi-Fi?<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Karl Gouverneur, CTO:<\/strong><\/em><\/p>\n\n\n\n

NO!<\/strong><\/h3>\n\n\n\n

Don\u2019t do it! That Starbucks or United terminal free Wi-Fi can be a dangerous, insecure environment! I always advise my users against it. When you see \u201cfree\u201d Wi-Fi, steer clear.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Prakash Mana, CEO:<\/strong> <\/em><\/p>\n\n\n\n

YES!<\/strong><\/h3>\n\n\n\n

The new generation of protocols allows us to do two things. First, we can bring a much higher level of reliability to these inherently less reliable networks. Second, these open networks are, by design, less secure. But now, for the first time in history, you don’t have to worry about tunneling every packet and slowing down the experience when applying security measures. You can bring security into the transport layer itself. So you can provide an ultra-reliable and <\/em>secure network to your mobile workforce too.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n

\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Shawn Edwards, CSO: <\/strong><\/em><\/p>\n\n\n\n

<\/strong><\/em>MAYBE!<\/strong><\/h3>\n\n\n\n

Use your brain. This is the crux of the annual security training we put our employees through \u2013 be smart about what you do, and where and when you do it. I always assume the network is dirty and not secured, so I make sure I have the right security in place to mitigate that risk. That said, if I  connect to an unsecured network and get a weird security pop-up? I\u2019m gone.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

The Last Mile \u2013 Is it Still an Issue?<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Prakash Mana, CEO:<\/strong> <\/em>The good news is that cloud-native edge has become so prevalent that according to the latest stats, 84% of the workforce now lives no more than 7 to 20 milliseconds from the closest edge location<\/strong>. So the \u201clast mile\u201d has been reduced to the last few hundred feet. And while these last few hundred feet are 100% still a problem, newer machine learning models mean that we\u2019re now able to dynamically provision these fast edges, wherever the users are, and vastly improve their experience.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

How Do I Ask for a Budget to Build Out Zero Trust?<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Shawn Edwards, CSO: <\/strong><\/em>If you\u2019re asking your C-Suite for support and budget to implement just-in-time authentication and access security, explain to them the \u201ctriple win\u201d of zero trust.<\/p>\n\n\n\n

Win #1: user experience <\/strong>Zero trust provides personalized access directly from the user to their resources. When you take all traffic across big pipes into a centralized resource, only then to swing it right back out through a proxy to the Internet – latency increases, so the performance of latency-sensitive applications suffers.<\/p>\n\n\n\n

Win #2: improved security<\/strong>Speak in the universal language of risk. Zero trust solutions mitigate risk by shrinking the attack surface and reducing points of exposure for the organization. Your C-level executives will understand this intuitively.<\/p>\n\n\n\n

Win #3: lower cost<\/strong>
We no longer need the banks of VPN concentrators we have in the office\u2026 and those big pipes we talked about earlier? They\u2019re expensive! Overall, this software-only solution can save lots of money.<\/p>\n\n<\/div><\/div>\n<\/div>\n\n\n

Transporting Yourself 4 Years Into the Future<\/h3>\n\n\n
\n
\n\n
\"\"<\/figure>\n\n<\/div><\/div>\n\n
\n\n

Karl Gouverneur, CTO:<\/strong> <\/em>The \u201cBrady Bunch\u201d heads-in-tiles remote meeting will be replaced with a much more immersive experience. Imagine when a single gesture will result in a digital response within the meeting (this happens today!). Imagine a remote meeting that feels so real you think you\u2019re sitting at the same table with your colleagues.<\/p>\n\n\n\n

And imagine the additional bandwidth that kind of enriched experience will chew up<\/strong>.<\/p>\n\n\n\n

Indeed.<\/p>\n\n<\/div><\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

When employees leave the office and work from anywhere, how do you handle the network security of your hundreds of new, remote endpoints, while ensuring great performance?<\/p>\n","protected":false},"featured_media":946,"template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3969,4003,5764,1682,3938,3978","_relevanssi_noindex_reason":"","resource-post-excerpt":"When employees leave the office and work from anywhere, how do you handle the network security of your hundreds of new, remote endpoints, while ensuring great performance? ","footnotes":""},"resource-topics":[151],"displayed":[],"resources-categories":[44],"industry":[],"services-amp-solutions":[32,80],"class_list":["post-5961","resources","type-resources","status-publish","has-post-thumbnail","hentry","resource-topics-emerging-technologies","resources-categories-blog","services-amp-solutions-managed-edge-services","services-amp-solutions-sase"],"acf":[],"_links":{"self":[{"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/resources\/5961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/resources"}],"about":[{"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/types\/resources"}],"version-history":[{"count":0,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/resources\/5961\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/media\/946"}],"wp:attachment":[{"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/media?parent=5961"}],"wp:term":[{"taxonomy":"resource-topics","embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/resource-topics?post=5961"},{"taxonomy":"displayed","embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/displayed?post=5961"},{"taxonomy":"resources-categories","embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/resources-categories?post=5961"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/industry?post=5961"},{"taxonomy":"services-amp-solutions","embeddable":true,"href":"https:\/\/zayoustrans.burbledev.com\/es\/wp-json\/wp\/v2\/services-amp-solutions?post=5961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}