On the surface, most organizations have adjusted to the new work models brought on by the Covid-19 pandemic. Yet this shift to working from home has fundamentally changed the traffic patterns on most enterprise networks, and behind the scenes it is an extremely chaotic time for security and NetOps teams as they try to redo their policies, processes and technological solutions for this “new network normal.” Let’s review some of the most significant changes that the shift to remote work has caused, and then discuss strategies for IT teams to mitigate them.
Bypassing network security controls
Many people working from home are accessing SaaS applications like Salesforce or a content management system directly over the public internet, bypassing most traditional network security controls. No longer protected by corporate firewalls, they can easily put their own information or sensitive corporate data at risk of being stolen. Home Wi-Fi is also likely to be less secure compared with what’s available at the office, again increasing risk. Security teams are trying to reconfigure their policies to support a remote workforce and roll out solutions like MFA, remote desktop access, VPNs and endpoint protection all at the same time. It’s a tall order, especially considering the security team is likely just as stressed and burned out as everyone else.
Reduced visibility into network traffic
The network team has less visibility into traffic to and from WFH employees, so any issues will be harder to troubleshoot and resolve. Remote work has put an enormous strain on network infrastructure that was originally designed around the assumption that most traffic would originate and stay within the perimeter. As a result, there are already more trouble tickets and customer complaints than normal. The lack of visibility means it’s more difficult for IT teams to spot the network bottlenecks and other issues causing those complaints. The result is longer troubleshooting times, more unhappy employees and customers, and less productivity.
Overloaded servers for collaboration apps
The shift to remote work has left teams relying on video calls and collaboration apps like Slack, Zoom, Go-to-Meeting, Cisco Webex and others. As network traffic has surged beyond planned capacity, servers haven’t been able to handle the load. The data center spine-leaf links, server IO links, WAN links, and server CPU and memory itself can all be potential bottlenecks. If employees have children attending the school from home or partners/spouses also working from home, bandwidth contention can easily become an issue as well. Internet and mobile data traffic have also increased across the country, which exacerbates all of these issues. The result is a bad end-user experience, including high latency, lost packets and dropped connections.
Solving the problem
These issues can be mitigated, but they require timely and detailed network visibility so that the IT team can quickly and accurately trace the root cause of performance or security issues. As importantly, a new strategy and policy approach that presupposes a high volume of remote network traffic will help eliminate the whack-a-mole of constantly chasing issues. Here are some best practices for how to accomplish this.
- IT and NetOps teams need network observability solutions that give them quick access to the metrics they need to spot potential issues before users or customers complain. In the “new normal” the most important metrics can include one-way latency, delay, gap analysis, jitter, micro-burst, top-talkers and TCP analysis.
- To prevent tail-chasing, IT teams need a clear understanding of what the new normal actually looks like. Baselining the normal performance of the network and setting up deviation thresholds for alerts will reduce the workload on the network team and help identify potential issues proactively.
- Machine-learning and AI capabilities can add the intelligence needed to sift through a mountain of alerts and pinpoint areas that require attention. Importantly, however, these AIOps systems must be fed with enough network packet and flow data to accurately recognize problems and identify solutions.
- IT teams must have access to packet and flow data from all sectors of the network, including branch offices, data centers, and multi-cloud networks, to ensure no potential issues are lurking unseen in a part of the network that is effectively invisible.
Widespread remote work has put IT teams in a difficult position by overloading crucial servers, reducing visibility into parts of the network for troubleshooting, and rerouting important traffic around critical security controls. In response, network and security teams need to adjust policies and practices to focus on the remote environment, and invest in a complete visibility stack including network TAPs, packet brokers, packet capture devices, flow export gateways and data correlation and analysis servers to keep the business running as smoothly as possible through this difficult time.
