Forced Evolution

 How the Covid-19 crisis has revealed a need to reexamine what was once a “Deadly-Sin” of networking technology.

In years passed the concept of “split tunneling” was frowned upon by its very nature as insecure and risky. Split tunneling allows a user who is connected to a corporate network via VPN software (Virtual Private Network) to cruise the internet on a company’s bandwidth through the VPN tunnel. The primary issues with this methodology is an inherent slowness of an additional firewall and the distance traveled, along with the fact that any “dirt on the end users’ shoes” (malware, cookies) was inadvertently drug into the internal network.

Background:

As small to medium‑sized organizations were suddenly forced to “find a way” to operate their corporate workforce from home, information technology leaders suddenly found themselves with a myriad of issues and needs. Inadequacies rose out of what was once thought of as a fully functioning IT infrastructure.  It seemed that the well thought out, matrix of hosted providers, cloud services, SAAS and local resources that functioned so well on a hardwired laptop in the local office fell short when that laptop was used outside of its cozy docking station. What was the issue, you might ask? 9 times out of 10 it was the VPN. That tiny piece of software (Virtual Private Network) that allows your users to securely connect back to the home office without the prying eyes of hackers and other malicious characters. 

The Evolution:

Initially, the solution was to validate the client as “safe” on entry into the private network, but with the recent onslaught of remote workers caused by the Covid-19 crisis, this methodology has become cumbersome and requires a significant amount of administrative upkeep. More recently, the major vendors (Cisco, Amazon and Microsoft) have focused their efforts on what has become to be known as intelligent, dynamic or adaptive split-tunneling, whereby the router or endpoint appliance route and isolate client traffic based on destination. While this explanation is grossly over simplified, the concept is similar regardless of the vendor. Cisco seems to be leading the effort with Cisco Endpoint Security Analytics (CESA) in conjunction with its AnyConnect Network Visibility Module (NVM). Microsoft has been performing a similar methodology in its Office 365 offering.  

I am certain that we will find our way through this current crisis and it would be wise to remember the lessons learned here. The workplace of tomorrow will not look like the workplace of today. The “new normal” will require our technologies to adapt and change with the requirements of our organizations.

The ability to support a remote workforce is now a requirement and will only grow as people and organizations adapt. It would be wise for us to recognize the lessons this pandemic has taught us and investigate some of the newer or different technologies as soon as budgets will allow.