This article is part of a series hosted by Security Roundtable and powered by Palo Alto Networks that provides ideas for dealing with the ongoing cybersecurity challenges during the coronavirus (COVID-19) pandemic.
I woke up at 7 a.m. Like most mornings, our kids were in various stages of awakening, but my better half had been up and about for hours already. She was online and working from 5 a.m. trying to overcome an increasingly common problem for businesspeople: beating the rush to access data and systems before network and application performance grind to a halt.
With the unprecedented demand for remote access by employees working from home amid the Covid-19 pandemic, the infrastructure of many businesses just hasn’t been designed to cope.
It’s hardly surprising that internet service providers are experiencing a 50% spike in online traffic. And it’s great to see some of the world’s top video conferencing services are now offering free use of their tools to allow individuals, schools and companies to communicate while observing social distancing.
But are most businesses set up and ready to handle such an increase in workload?
I Need a Secure Remote Workforce. Can the Cloud Solve All My Problems?
Traditionally, networks have been left well alone — most companies have the approach that if it’s not broken, don’t fix it. But now that gateways are being hit with a sudden and unrelenting increase in traffic, the time to make changes is upon us.
Here’s the problem: If you don’t understand what’s going on in your network, how do you go about modernizing it?
The traffic challenges at the moment are twofold. First, employees with business-issued devices are working via VPN and effectively backhauling all the traffic through the company gateways to get anything done. Even worse, with many struggling to find and provide devices to those employees who didn’t already have them, the quick fix is to haphazardly install VPN and MDM solutions onto personal, untrusted devices. So not only are businesses expanding the number of connections, they also have two different risk profiles to contend with. That’s hardly a prescription for an accessible and secure remote workforce.
One perceived quick fix I’m sure many are looking at right now is just using the cloud and all its amazing elasticity for times like this. But it’s important to remember that the cloud isn’t free, so companies taking this approach are in for a surprise when they get much larger bills than they had expected in the coming months.
To tackle this, organizations need to better understand and segment their traffic. Users needing to connect to servers in their data centers should be able to do so without having to log on outside normal working hours. It makes sense to leverage the cloud for extra capacity in some areas. But you still only want to pay for what you need, not just use it as a default.
Avoiding Gateway Overload
At a basic level organizations need to understand which data should be coming through their VPN gateway and which should not. This is known as split tunneling. Getting this right will mean that critical business applications are given the network prioritization necessary to be usable by your employees—rather than finding them unusable because something else is overloading your gateway.
Video conferencing is likely to be the overloading culprit for many; it is one of the most data-rich processes from a networking perspective. Ask yourself how many of your staff now see video calls as one of their key tools. And consider the frustrations in your own house when all your kids are trying to stream different films at the same time.
One solution is to split the traffic, based on the risks and rewards it gives to the business. Your business may decide video conferencing doesn’t need to go through most of your security checks, so removing the need for the traffic to go through your gateway might be a smart move to unclog the network.
Understanding which applications your users are actually using, which enables you to apply smarter networking, can only help on your journey toward valuable capabilities like software-defined wide-area networking (SD-WAN).
The Time to Modernize Is Now
We face an unprecedented future. However, we have a decision as cybersecurity professionals: we can simply try and keep pace with the demands put upon us, or we can use this time to modernize.
I wonder how many teams are being asked to disable security controls right now as the business struggles with capacity needs, or perhaps they are having to add capacity because they have the wrong security controls set?
But there is a different path to choose. As business executives, you need to listen closely when your technical leaders ask for the support to modernize network security to leverage Layer 7 capabilities. Why?
Well, historically, network security controls were based on inspecting ports and protocols (known as Layer 3 or 4 analysis) — it’s like saying a physical road is either open or it’s closed. But modern security controls allow you to inspect at a much deeper level; they look at the vehicle type, the passengers, and even what the vehicle is carrying to decide if the road can be used — this is what Layer 7 network security delivers.
So, turn on that switch you kept putting off to enable Layer 7 visibility, which gives you insight into applications, users and content. Start monitoring and very soon you’ll be onto a path that will have value long after this pandemic is behind us, giving you:
- Better insight into your network
- The ability to define which processes are business critical and need the most rigorous controls, versus those that maybe you don’t even pass back through your security controls
- Key data servers that are better able to cope with increased demand, resulting in a better experience for your users
The ability to understand your normal traffic patterns becomes key if you want to define the optimal usage for your business. If you can’t see what’s going on, how could you hope to make the right decisions on traffic prioritization and how and where it flows?
It’s an old saying but it’s still as true today: visibility is king. Networks are only ever going to become more agile, which means visibility from a business context is only ever going to become a more and more critical requirement. You may see this as an impossible task, but honestly, it really isn’t.
Sometimes moments of crisis push us to take big steps forward that help us not only during the crisis, but also have longer-term benefits. And if you take the time now to understand your key business data streams and modernize your network infrastructure, you’ll accomplish two things for your employees: Their business activities will be performed more efficiently and securely, and they’ll be able to sleep a little bit later.
Greg Day is Chief Security Officer, EMEA, at Palo Alto Networks.
Go here to read all the articles in this series on dealing with the ongoing cybersecurity challenges during the coronavirus (COVID-19) pandemic.