Since the start of the year, and the beginning of the pandemic pretty much everyone’s work and personal life has been distrupted. High streets are empty, offices are earily quiet and gyms, well I don’t know – I don’t ever visit them 😉
But aside from my lack of cardio action in 2020, many workers are now working from home, on kitchen tables, home offices and sofas – whilst IT teams scramble round to get laptops so people can work, and install security tools to protect their data. So why bother with a corporate network any more?
Distributed work force. The phrase I’ve heard numerous times in the past few months. Just a bunch of fancy words to describe people not working in offices or corporately owned locations. I even laughed with a supplier the other day when we described Starbucks as the default location for remote users despite neither of us ever having worked a day in our lives from one of their stores.
The reason I pose the question in the title is because for me, the corporate network has always something that has existed in pretty much all of my roles. Whether you refer to it as your corporate network, WAN, or whatever – it’s your company’s way of keeping you secure, but more importantly, keeping their data safe. Over the years, its evolved somewhat with terminology such as MPLS, site-to-site VPNs, and SD-WAN being commonplace in most network teams across the globe. But how relevant are those technologies with data being distributed between the cloud and datacenters, staff at home and offices empty?
I’m in a rather good place to talk about this right now, reason why – is because the company that is kind enough to pay my salary (thanks Stagecoach) has been going through a WAN transformation over the past 12-18 months. Oh and despite everything that has gone on in the world, I controversially think that its not only relevant, but adds huge value to many businesses’ digital transformations.
Lets set the scene a little. You’re working for a business with 100s, if not 1000s of corporately owned sites, geographically spread and you’re in the process, like many, of moving your data and applications to the cloud. Your business NEEDS its staff in the corporately owned sites, because your vertical is industrial, or transport, or something that needs people to be in one place. Because you need your staff ‘on site’ you need to provide them with secure network access, either to your cloud resources or those resources at other locations on your network.
If you don’t have that corporate network, how do you provide secure access to your data? Many would say a VPN can do the job. Others would say utilise software such as Azure AD and M365 and use the Internet, others would say dump your data in your favourite cloud sharing platform (box, dropbox, et al). All perfectly good solutions if your data lives in 1 place. There aren’t many enterprises that I know of that can claim that.
The next thing to consider is where your data is. Your company could be a startup, building an app, all your data lives in AWS and all your staff work remotely – this blog post is probably not for you. But those larger enterprises, with data distributed across various file shares, sharepoint sites, or in various DMS’ – you need to control access to those resources.
Migrating ALL of your data to something like Box, or Teams may be possible for your business, but typically data is not only widely distributed, but critically, in many different formats. Whether that be in a file share, a SQL database or whatever – securing it is tough, making it accessible is harder.
Aside from the data, lets look at the ‘new normal’ as people describe nowadays – those people working remotely – does the corporate network add any value for them, or is it just a hinderance? Many of the IT security sales world would love to talk to you about a zero-trust network and that tools such as VPNs are no longer needed. As much as I agree that the tools that exist to secure data nowadays have greatly improved, they do not suit every business or use case. Corporate VPNs may not be sexy, but one thing you can guarantee is that every byte of data that leaves that remote machines, and arrives back is encrypted (hopefully to AES 256bit ideally), and if that’s the only route into your data, that is a good start. There isn’t a CISO in the world that wouldn’t be happy with that.
There are products out there which will make use an on-premise server to tunnel you into those apps and resources when you’re outside of the network, but most of the time they only work with web apps, not perfect for applications requiring a fat client, oh and they still leave you open to vulnerabilities both on the users’ browser and the tunnel server itself.
So if the corporate network isn’t dead – why is everyone telling the same story of its death? Firstly, a lot of these stories come out of the US, where MPLS networks are stupidly expensive. Greg Ryan over at Telegeography Blog has written a fantastic article with some excellent facts backing this up. In the UK though, costs are very similar it DIA (Direct Internet Access), as it seems to be across Europe – I assume this is down to smaller geographic distances. Why am I telling you this? Because expensive MPLS is a huge driver behind the switch to SD-WAN because businesses can use cheaper DIA lines. I digress…
Earlier in the article, I mentioned doing a WAN transformation, and yes we’ve got down the SD-WAN route with our good friends at Node4 and Fortinet. We’ve gone for a combination of MPLS & DIA though, and why – because our workloads are distributed. We can direct traffic to AWS via Direct Connects via our MPLS link, and get to our Office 365 in double quick time with our local internet breakouts, all orchestrated by the clever little SD-WAN boxes. If we’re off site, we use always-on VPN to get the same security and the same experience. It’s relevant pre-covid and its relevant post-covid. As our cloud journey continues, if we see less value in that private MPLS network, in the UK its a simple soft-change to change to 2x DIA circuits, with our SD-WAN wizard sitting on the edge at all times. In the mean time, we have full resiliency at all of our sites, we have improved security for our workloads wherever they are, and those home workers are protected just like they’re in the office, no hassle.
For those interested in the dirty details, Node4 have written a little case study about the work with Stagecoach and Node4 Network Architect Glenn Akester has written a fantastic article just last week on the next Normal. Don’t be phased by his boyish good looks, he knows his stuff.
So did the pandemic kill off the corporate network? Of course it didn’t – it just extended it to your home, the coffee shop, or the local pub. Enterprises on the cloud transformation journey need to look after its data, and its employees.