Multiple office sites, international networking, access to information at any time and from anywhere in the world, all these have become commonplace in our modern business culture. Wireless technology and remote offices offer the opportunity to exploit this environment promising the potential for increased efficiency and flexibility. The need to provide access to corporate resources ‘anytime, anywhere’ has become a higher business priority than ever before, but what are the implications for wide area network security?
Representing 40 to 50 per cent of an organisation’s workforce, remote office and branch office (ROBO) locations with the agility and productivity of a main office are highly competitive assets. These offices also address the rising cost of office space and transportation with organisations looking for ways to minimise their core facilities and reduce commuter impact. The development of remote sites can be accredited to the advancement and availability of infrastructure technologies enabling ROBO sites to have the same level of access to applications and data used at the head office.
However, with the growing rate of malicious attacks and Internet-based threats, companies extending the corporate network to remote sites can’t afford to compromise security. The introduction of ROBO locations has created a limitless network perimeter, exposed to the ever-increasing number of hackers, viruses and cyber attacks. The reactive strategy adopted by organisations in the past is now inadequate for today’s environment. Security levels applied at head office have to be replicated at a ROBO level including automated, proactive strategies and integrated multiple layers of security.
Typically, remote offices have more than one connection to head office, such as direct Internet access, support for employee remote access (e.g. for home workers) and even connections to select partners and third parties. This, combined with the rising use of mobility solutions, results in ROBO locations themselves becoming more exposed to potential security attacks. The risk of internal threats is also just as high as it is in the main office.
Compliance also has a role to play. Data protection legislation and corporate governance requirements such as Sarbanes Oxley and Basel II, highlight renewed focus on personal data and the IT security which must be applied to protect it. Such procedures require companies to protect sensitive information regardless of its location within an enterprise, which includes branch offices or even remote/mobile desktops. Most enterprises acknowledge that remote and mobile resources are probably the most vulnerable areas when it comes to potentially exposing sensitive data.
With medium-sized companies averaging approximately ten ROBO locations, larger companies having as many as fifty and retailers ranging from hundreds to thousands of locations, the ability to quickly and easily extend enterprise-class security to disparate location will become a major concern. Not having an IT/security administrator present in every branch location has implications for the solutions that can be used. In this case, a security solution has to be implemented for the staff at any given location, most of whom will have little-to-no IT networking and security skills. Plug and play appliances and the ability to remotely manage multiple devices simultaneously through centralised management are an absolute must.
Not only is it important from a cost saving perspective, but centralised management also has several other essential benefits. It helps to ensure consistency of device configuration and reduces the potential for errors that are commonly introduced when management tasks are otherwise executed in a highly manual fashion. It also dramatically shortens the period of time required to implement a configuration change, which can be critical in the face of an incipient threat. The result is fewer and shorter periods of vulnerability and better assurance of compliance with policies and regulatory requirements.
Companies should seek solutions offering a Unified Threat Management (UTM) approach, which enable security products at both branch and central locations to have one set of management tools addressing each population of devices. UTM appliances integrate firewall, VPN, intrusion prevention, anti-spam, anti-virus and content filtering in one device, combining multiple layers of hardware and software protection. The cost of deploying security to ROBO sites can be significantly reduced by adopting an all-in-one UTM appliance. Solutions have been recently launched that allow organisations to implement such devices in their thousands and still retain centralised control. New developments in integrated security architectures are bringing a new level of management.
Ideally, the right security approach for ROBOs should support the relatively new applications and technologies that enterprises are embracing, such as IP telephony, instant messaging, multimedia and Web services. It should also account for the fact that emerging threats are ever smarter, faster and more elusive than their predecessors. At a minimum, this means adopting a defence-in-depth approach, incorporating multiple systems to resist attackers. For example, if an external firewall is breached, an internal intrusion detection system will identify the network attack in its stead.
ROBO locations serve an essential business function but if they are not secured and managed effectively, they can become an open ‘back door’ to the corporate network. The offsite network should be a microcosm of the corporate infrastructure, mirroring and replicating its high levels of security.
Ensuring success with ROBO locations involves extending the same resources that are applied to central operations. This includes a robust security solution that provides comprehensive protection while exhibiting high degrees of manageability, reliability and compatibility. This is fundamental to realising the full potential of remote and branch offices without incurring undue risk, operational headaches and spiralling costs.