Bringing Office-Quality Connectivity to Home Teleworkers with SD-WAN

Most likely you are reading this Cisco blog post from your home office, just as I wrote it from mine. Whereas, at least in the States, it used to be “there’s no place like home” now it’s more like “no place but home” as we weather the new normal of isolation and lock downs to stay safe.

Working from home has taken on a whole new meaning as we spend our days on video meetings with colleagues, accessing corporate data center resources via VPN, and using direct internet access to cloud and SaaS applications. Our home Wi-Fi is overloaded with internet-dependent work, school, and play, causing more than a few eye-rolls as application performance slows to a crawl and video conversations are peppered with static. What’s a corporate warrior to do to keep up with the streaming workload and stay in good spirits?

While individuals have limited options to speed up their home office connectivity, IT can step in to provide enterprise-grade services to high-value workers for whom every minute with clients, customers, and coworkers counts. These professionals have a wide variety of business-critical functions such as a brokerage advisor recommending trade strategies for clients, a telemedicine physician monitoring an elderly patient, or a CX representative walking a customer through a complex installation procedure. The high-value workforce needs superior connectivity that makes working at home just as fluid as being in the office with consistent connectivity and performance. What was once “good enough” for occasional evening and weekend work-at-home stints is no longer adequate.

Beyond consistent and reliable connectivity, professional teleworkers need the ability to use personal devices—laptops, phones, and tablets—to securely access data and applications to keep their workflow fluid. On top of all that, they need peace of mind provided by enterprise-grade security that is easy to use and practically invisible to daily work routines.

When tasked with upgrading high-value workers’ home offices, IT needs a solution that provides:

◉ Centralized policy management and zero-touch provisioning to bring thousands of remote offices online quickly.

◉ Monitoring of Quality of Service (QoS) and remotely troubleshooting connection reliability to enhance application experience from non-standardized home internet connections and Wi-Fi to cloud and SaaS resources.

◉ Centralized, cloud-delivered, multi-layer security—including DNS URL-Filtering, Application Aware Firewall, Intrusion Protection System, and Advanced Malware Protection—to protect sensitive traffic on its round trip from home office to cloud or data center and back.

◉ Ability to automatically detect and define devices connecting to the home office network and apply segmentation policies to control access permissions and prevent infections from spreading from home offices and to corporate resources.

With these capabilities, IT can provide an office-like experience to high-value workers while keeping enterprise assets secure. SD-WAN application-aware routing identifies the best routes to send data traffic to access SaaS applications—even as they may dynamically change during the workday. A split-tunnel configuration over a single WAN interface or second WAN interface over LTE provides redundant connectivity. IT can continuously monitor the edge-to-SaaS performance on both DIA and backhaul paths to ensure appropriate application Quality of Experience and consistent connectivity.

An All-in-One Secure Routing Solution for Teleworkers

From a teleworker’s point of view, an ideal at home connectivity solution provides an enhanced direct access to cloud or data center application experience. Performance-optimized cloud on-ramps deliver access to popular SaaS applications suites, such as Office365, and public cloud resources. A Secure Internet Gateway protects the remote worker against advanced persistent threats emanating from spoofed sites on the open internet.

The professional’s home office solution starts with an enterprise-grade router with integrated Wi-Fi that delivers a zero-trust fabric with end-to-end segmentation and always-on network connectivity. For areas with unreliable broadband connections, a Gb Ethernet speed LTE Advanced Pro or a 4G plug-in module provides backup or acts as the main direct internet connection.

The at-home system is capable of zero-touch provisioning, with remote NetOps teams able to detect, provision, and monitor the home network from anywhere. The remote worker simply plugs the router into power and a broadband internet connection or relies on the LTE/5G broadband cellular connection. The router automatically searches for the plug and play controller and downloads enterprise policies and segmentation rules before securely joining the corporate WAN. After that, the office worker connects to the permitted enterprise and cloud resources as if they were working on campus, guarded by the same security protection and access policies.

Security is Even More Critical for Remote Offices

The sheer variety of devices—both managed and unmanaged—that are connected to a home’s Wi-Fi requires zero-trust security and segmentation to safeguard critical information. Imagine the ability of a hacker to penetrate an unsecured household Wi-Fi through a poorly protected smart appliance and travel from there to the remote worker’s system and onward to corporate resources. Once an infection begins at home, a simple VPN is not going to contain it. The home network needs protection with:

◉ Location and device-sensitive Zero Trust Network Access (ZTNA) to ensure that connections coming from remote worksites can access only the applications and data for which they have permissions.

◉ Security Group Segmentation that limits access to specific network segments, stopping the propagation of threats that are attempting an east-west infection path.

◉ End-point analytics detects unusual communications among diverse devices that do not normally communicate, or that start using different protocols, and isolates them.

A cloud-based Secure Access Service Edge (SASE) umbrella provides security protections at scale for thousands of remote workers. Policy-based routing also secures access to confidential as well as non-sensitive data while protecting against man-in-the-middle attacks. Because policies are managed and deployed centrally through SD-WAN controllers, when workers move among home, branch, and campus locations, the access and security policies follow them, ensuring that their connections are secure regardless of location. IT gets a single-pane view of workforce connectivity and security to simplify the management of thousands of distributed connections.

It is Possible to Have the Best of Both Worlds at Home

Working at home with office-like connectivity and security is not only possible but is, and will continue to be, an absolute necessity as enterprises strive to stay agile and productive while battling future black swan events. WFH is not just a reaction to a health and safety emergency either. It is a workstyle made possible by technology that has important energy and environmental impacts as well as physical and mental health—does anyone really love commuting? The more seamless a work-at-home employee’s connection is to information, applications, and coworkers, the more productive the experience. By providing a secure, easy to manage and scalable routing solution, IT can ensure that the workforce stays connected and productive no matter where they choose or need to work.