‘Un-networking’ the corporate office
Nov 17, 2021
Arguably, the largest collective business response to the COVID-19 pandemic was the mainstreaming of remote work and the rapid uptake of cloud-based collaboration platforms.
During the shift, some IT teams stuck (and suffered) with backhauling traffic through VPNs to “ensure security,” while many others switched to zero trust network access (ZTNA) to benefit from the modern way to secure application presentation. A ZTNA environment has the network abstracted from application access, using whatever network is available as the connectivity canvas for the secure brokering of services.
With ZTNA, CISOs around the world have rejoiced since their security teams suddenly had greater visibility and control over their domains while end users were absent from the corporate controlled network.
With many employees now returning to offices, the big questions are: “How do businesses redesign the corporate office environment in a way to seamlessly provide the same security posture and performance?” What potential economic gains are possible once you treat the internet as the corporate network?
Untether to make it better
Depending on who you are, the work experience after “un-networking” the corporate office more or less looks like this:
Users get the coffee shop experience, where it doesn’t matter what network they are connected to and don’t care, since they just need access to their applications and data. But they also access local building services, like printers, telephones, meeting rooms and associated AV conferencing gear.
IT admins treat the office as a remote island in the sea of the internet, where services have no reliance on the ownership of the network and all applications are treated equally, whether they are cloud-based or corporate-hosted.
Whichever role you play, abstracting the network away from application access comes with many benefits but there are steps to getting there.
The first step to un-networking
IT must consider two categories of services to transform the corporate office into a pseudo-coffee shop or island, locally hosted and remotely hosted.
Locally Hosted Services
Traditionally connected directly via the corporate network and hosted in the local office, most locally hosted applications and services can be changed as an office is converted to ZTNA. The goals for these services should be to relocate, replace or remove anything that has direct network connectivity requirements. Here’s how to get started:
- Move the service to a centralized location that is already enabled for ZTNA, or enable the location for ZTNA application access. For instance, moving a local application to a remote data center that already hosts ZTNA-enabled applications.
- Replace the service with cloud-hosted SaaS. An example would be to replace a print server with a cloud-hosted print solution.
- Segment services that can’t be relocated or replaced easily away from the other office services until it is enabled or replaced. This could entail moving a VOIP environment, HVAC, and building security solutions to separate networks or configuring segregated rooms that offer the legacy connectivity method for things like building PCs. Use SD-WAN to maintain limited connectivity for legacy services that still require the corporate network.
For each service change, consider how bandwidth and latency will impact application performance and migrate carefully with the end-user experience in mind.
Remotely Hosted Services
Remote services fall into one of two categories while operating from the office:
- Cloud-hosted, connected via the internet or,
- Connected directly via the corporate network at a remote location
The basic operating principle for accessing these services in the branch is summed up with, “If users are already consuming over ZTNA while working remotely, most of the hard work is already done.” Most of the effort will be towards ensuring there is enough bandwidth (see next section). For those services that are not currently accessed via ZTNA, a review of each will be required before enabling it.
Regardless of your remote or local app mix, note that while some offices could be successfully transformed with a big-bang, rip and replace technique, most larger organizations will take a phased approach, improving and accelerating implementations with experience.
As ZTNA is based on a user’s identity, rather than the network the user is connected to, selected pilot groups can easily test changes as they are introduced before being unleashed in production. The typical phased approach is as follows:
- Prepare the office internet infrastructure
- Prepare the user devices
- Identify local services and enable for ZTNA, migrate to a ZTNA location or replace
- Remove the corporate network
As each office is completed within the organization, the time between phases one and four will contract considerably.
While the Covid-19 pandemic made everyone remote, it also dramatically increased the available bandwidth via employees' home internet connections. Many companies took advantage of this “virtual upgrade” by implementing collaborative technologies like Microsoft Teams or Zoom. That means that without proper planning, existing corporate internet bandwidth on day one may not be enough as users return to the office.
As offices are converted into pseudo-coffee shops or islands, where the internet is the common connectivity medium and people return, more public internet bandwidth will be required at the office while your corporate WAN bandwidth use drops. It is important to understand the bandwidth implications both before and during the office transformation and to be able to quickly react with the service providers if a surprise surge in bandwidth occurs.
The way forward for the corporate office
The dynamics of the corporate office, from both personnel and technology perspectives, have changed. Those that have seized the work-from-anywhere paradigm and a willingness to adapt, will see security and performance benefits by transforming the makeup of the corporate office infrastructure. Trying to shoehorn new working arrangements into old IT infrastructures will only lead to pain and lost productivity.
What to read next