The Remote Worker Question

Date Posted:

25/10/2023

Author:

James W

Share this Post:

The Remote Worker Question

Remote workers are a challenge for organisations, which is strange considering they have existed for a very long time. I have been in and around cyber security for over 21 years and the quandary that remote workers pose has never really changed.

At its heart, it seems a simple question really. How do my employees continue to work whilst not physically in the office? There are many benefits to having a distributed work force, but benefits aside, the question remains the same.

The Beginning

The first instances I came upon were dial-up modems where employees dialled into the office connection to gain access to systems they needed.

This then morphed into VPN connections as the internet became more prevalent, and organisations had to adapt and adopt technologies such as VPN concentrators to accommodate their users. As bandwidths increased at home faster than they increased in datacentre locations, decisions had to be made on what should traverse these VPNs, so split tunnelling became a necessity to stop users consuming precious bandwidth with their web browsing for non-work purposes.

This change caused another issue though; we lost sight of what our users were accessing outside of our VPNs. Visibility aside, this caused a security headache because we had no power to stop our users from visiting websites and services that could compromise their devices, and ultimately our organisation.

Web Proxy Woes

This is where cloud web proxy servers came to try and fix the situation. Often used internally at organisations to provide a level of web-based filtering and security, they were instead provided as a service where your remote users could still have a level of filtering and control applied by redirecting their traffic to the vendors’ datacentre.

Quite often, this resulted in poor performance for the end users, and management headaches for the security engineers looking after the solution. It worked mostly but was a non-stop source of friction for our remote users.

This solution was the best the industry was able to achieve for several years but was a constant battle of available bandwidth vs the number of users and security concerns affecting what type of solution each organisation was able to support.

Enter SASE

This is where we see SASE (Secure Access Service Edge) products enter the market. SASE, in simple terms, is where you tunnel all of a user’s traffic to a vendor’s solution, to achieve the level of access and control that we would if a user was on premise. This can also be extended to your physical sites as well, giving a more consistent experience no matter the location of the end user.

We generally saw this come in two types. The first was to tunnel a user’s web traffic to the solution and then publish a set of applications they can reach within your datacentre. The second was to tunnel all a user’s traffic via a VPN to a central point, and then have that central point break out to the internet or tunnel back to your organisation and make everything available as if they were on site.

These solutions have been dominant in the market for quite a few years now as they have provided the best experience for users, whilst still giving organisations control, visibility and security.

The Question

The industry is backing the SASE market heavily right now, and for good reason. It does provide a good balance between security, availability and useability for our end users and lets us extend the perimeter of trusted networks into these solutions.

But it belies the true question we started off asking: How do my employees continue to work whilst not physically in the office? We have gotten used to layering solution on top of solution in a constant battle of buzzwords and technical prowess, which is masking that initial simple question.

We don’t WANT to tunnel our users back to our site if we don’t need to. I don’t want to proxy traffic because of the headaches it causes. Why do I need to push all of my users’ traffic via someone else’s datacentre and then pay extra for doing so? Maybe it makes sense when most of your traffic is coming back to your datacentre, but this has been changing for many years and the ever-increasing amount of SaaS services ensures that it will continue.

The current state

With the rise of SaaS services consuming most of the market, the amount of traffic that needs to come back to datacentre environments is constantly shrinking. So why are we continuing to tunnel all of a user’s traffic to a central datacentre, not under our control?

We don’t want to tunnel web traffic anywhere, but we do so because we want to maintain a level of control over what they can view for security and policy reasons. So why continue to do it?

SEP2 has been working in this industry ourselves for 7 years as a business, but our founders and many of our senior leaders have seen this journey the same as I have. We know that an organisation doesn’t want to do any of the above, but have to in order to maintain the control that is required.

Island

When we were introduced to an enterprise browser called Island, we were immediately onboard. The browser is as close to a user as we can possibly get in most scenarios, so why not apply security at this point? We were tunnelling traffic to a central point and then interfering with it via SSL decryption and deep packet inspection to see what that traffic was actually doing; not because we wanted to, but because we had to.

Why not take all that filtering, visibility, and connectivity that we have been attempting for years to move away from a central office and put it directly in front of the user without them even noticing? No more unnecessary tunnelling, just users getting directly where they want to be whilst still maintaining more visibility and control than ever before.

This is a new and exciting solution that is only just starting to make waves, but the more you hear about it, the more sense it makes and the more questions you raise on previous attempts to do the same.

I’ve only scratched the surface here in mentioning the capabilities of what we can do when we are that close to a user’s actions (real-time DLP and confidential masking anyone?), but if you are considering or re-evaluating how your remote workforce is empowered to do what you want them to do, I believe this is really what the industry has been seeking for all these years.

If you want to know more, please reach out to me or your SEP2 account manager to find out why we think this is truly what your remote workforce deserves.

Share this Post:

Tech Driven. People Powered.

Protect your business today

To find out more about how we can secure your organisation against all forms of cyber security attack, get in touch with SEP2 now or sign up to our newsletter.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LSE9RP433S	2 years	This cookie is installed by Google Analytics.
_gat_UA-89994160-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
mf_user	3 months	Mouseflow sets this cookie to identify whether a visitor is new or returning.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Security Intelligence Services

Technical Services

Security Audit Services

The Remote Worker Question

Date Posted:

25/10/2023

Author:

James W

Tags:

Share this Post:

The Remote Worker Question

The Beginning

Web Proxy Woes

Enter SASE

The Question

The current state

Island

Share this Post:

You May Also Like:

A Year in Review at SEP2 - 2024

Cyber Security Awareness Month 2024 - Key Takeaways For Your Business

When should a growing business invest in a Security Operations Centre (SOC)?

Tech Driven. People Powered.

Protect your business today

Sign Up

join our newsletter today

Kieron

Central Response Team Manager

Connect with Kieron on LinkedIn