Picking the right route to working from home

All over the world, organisations are having to address challenges associated with shifting their workforces to a remote working environment. Companies large and small have been required to scale the at-home infrastructure needed to maintain business as usual, but only those that implemented effective processes at the start of the Covid-19 pandemic have been able to transition without it having an impact on their clients. And it’s those who had effective business continuity plans and supporting technology in place long before the pandemic that have enjoyed nearly seamless transitions.

Typically, organisations’ virtual private networks are architected by the IT department’s network engineers to serve the 5-10 per cent of employees who would usually need to work remotely. As we all know, the number of employees working from home has increased dramatically in a short space of time this year due to social-distancing efforts to curb the spread of the pandemic.

Many firms hadn’t properly tested the use case of remote working within their business continuity planning, resulting in negative end results for their clients. The migration of email, video conferencing and many other services to cloud providers over the last few weeks has significantly shifted the final destination of a user’s traffic, leaving some organisations with corporate networks that are no longer fit for the purpose.

One way in which businesses can mitigate this is by using a technique known as ‘split tunnelling’ to minimise network congestion; to avoid network bottlenecks and to keep information secure, while effectively engaging the at-home workforce. Additionally, cloud providers can enable quick scaling of a virtual private network (VPN) to help reduce the burden on corporate capabilities.

Intelligent decisions about how to route data and voice traffic can help an organisation to distribute its workload globally. A VPN serves as a secure tunnel for the passing of all traffic and data between an employee’s computer and the organisation’s data centre and allows secure access to network resources. The standard approach has been to funnel all global traffic into a handful of georedundant data centres, keeping assets and information secure and providing employees with access to critical information systems. This architecture works well when the majority of employees are in the office.

Today, with many high-bandwidth applications in the cloud and using the internet as the transport medium, the VPN has to send application-encrypted traffic into the data centre and then turn it around and send it back out to the internet. Meanwhile, the additional security provided as it passes this checkpoint is minimal because it is already encrypted.

As a result, in the current environment, some companies are conserving bandwidth by limiting or even blocking resources such as video conferencing, which not only inhibits productivity, but also limits personal connection at a time when we need it more than ever.

There’s a better way. In order to bolster connectivity and efficiency, firms can move the same required security functions from the corporate data centre to the endpoint and use split tunnelling in the VPN client. Internet-destined traffic doesn’t have to go through an organisation’s own data centre. Instead, it can route directly to the internet or through a cloud provider’s VPN. This effectively speeds up the network connection to the cloud to be equivalent to the biggest bottleneck in the network, which is usually an employee’s own home internet connection.

A corporate policy that allows the use of split tunnelling can conserve data centre bandwidth and enable continued use of bandwidth-intensive applications. Explicitly selecting corporate traffic to route through a company’s data centre leaves internet traffic on the internet and bandwidth bottlenecks are alleviated. This approach also improves the user experience for employees who may not have high-speed broadband at home, by sending traffic along the most direct path possible.

Security features normally provided by the data-centre security - content filtering and protection from malware-infected websites, for example - can be deployed through either a proxy or computer device-based technologies.

When determining what internet traffic is safe to split-tunnel, organisations should evaluate risk-based methods. The goal is to provide equivalent defence and in-depth security provisions while removing system bottlenecks from remote-working operations. By simply moving the location of where the protection is implemented to the edge or end device, an appropriate level of security can be maintained.

Using a cloud-based VPN provides a secure and globally accessible connection to a company’s resources, both for a remote and geographically diverse workforce and for internet traffic that doesn’t need to go through the corporate systems. This means that no matter where a company’s resources are accessed, it will be secure even if using a provider’s data centre.

In an organisation with a global workforce, the employee base no longer matches the location of the data centre at headquarters. A cloud-based VPN can be scaled regionally to provide the security and access to be closer to where employees are working, whether at home or in a global office, and provide both the security which IT professionals expect and also the user experience which employees expect.

Jeff Casey is UK business development director with Burns & McDonnell.