Why Companies with Remote Employees Need SSE

More companies than ever are giving their employees flexibility around location. This can look like a hybrid model, where employees go into the office a few days a week, or a fully remote workforce. As a result, more job candidates expect this location flexibility and may consider it a deal-breaker if a potential employer doesn’t offer it.

The physical location of employees has drastically changed, so it’s imperative that our security and infrastructure evolves along with it. When employees were all in an office, the company would likely have a firewall onsite that they’d use to secure the users’ internet traffic. With the rise of remote working, these companies have relied on the remote user VPNs that came with the firewalls to secure that traffic. This might work well if everyone lives relatively close to the office, but what happens when the perfect candidate for an open role lives across the country, or an employee has to travel for work? They still have to use that same VPN concentrator which can add quite a bit of latency if longer distances are involved, degrading their experience.

For example, if I’m physically located in Northern California and the application I’m accessing is hosted in Southern California, but my company’s VPN concentrator/internet drain is on the East Coast, my traffic always has to hairpin to the East Coast and back.

The truth is, with remote working, we have no idea where employees are physically sitting. They could be using public Wi-Fi at Starbucks, they could be at home, or they could be halfway around the world. Wherever they are, if a company is going to offer this type of flexibility, they need to make sure the remote employees have a secure and optimized connection to the applications they need to work.

Why Network Security Is Important

If you’ve found your way to this article, I probably don’t have to convince you that network security is non-negotiable. Before the introduction of SASE in 2019, we used to have the conversation with clients about whether the basic firewall that comes with SD-WAN is sufficient for their needs, or whether they’d like to add on a next-generation firewall with features like IDS (Intrusion Detection System), IPS (Intrusion Prevention System), content filtering, etc. We don’t have that conversation anymore because it’s widely known that almost every company requires the features included in the more advanced firewall.

These firewalls help protect companies’ assets, customer information, and proprietary data. They also protect against cyber attacks such as malware, ransomware, phishing, and more. It’s generally not a matter of “if” a company will be subject to these types of attacks, but “when.” It’s critical to have network security in place before these things happen.

With remote workers, it’s not feasible to send firewalls home with every employee, so we rely on remote user VPNs to connect remote employees into the office or data center housing the firewall, and their internet traffic will pass through the same firewall as it would if they were sitting in an office. The example I have in the previous section illustrates why this can be an issue for employees who might not be physically close to the location that houses the VPN concentrator.

Global POPs for Global Employees

Now that I’ve successfully convinced you of the need for network security, let’s talk about why companies with remote users need this specific type of security: SSE (Security Service Edge). SSE is inherently cloud-based. Every platform is slightly different when it comes to this, but most of them include a network of global points of presence (POPs) that house the security infrastructure, instead of putting a physical firewall at every edge.

Read more: SSE vs. Premise-Based Firewalls

We’re taking a legacy architecture of a single firewall (or in some cases, a few firewalls in different geographic regions), and expanding it globally. This means that any employee working anywhere in the world can access the security features through the POP closest to them, instead of the few data centers that house a company-owned, on-prem firewall.

It gets even better! If I’m a traveling employee and I’m usually using the Seattle POP closest to my house, but this week I’m traveling to London, the client on my laptop will now recognize London as the closest POP and use the security features hosted there instead of going all the way back to Seattle. This will significantly cut down on latency and increase user experience for remote and traveling employees.

Global employees will use these SSE POPs every time they connect to an application, whether it’s cloud, SaaS, or on-prem. If they are accessing an on-prem application hosted far from them, they can ride the provider’s private network backbone between SSE POPs to decrease latency even further.

Read more: Does a Network Backbone Really Matter?

More Than Just a Firewall

I’ve been comparing SSE to on-prem firewalls because the most common transition is from premise-based equipment to a cloud-based security platform, but SSE is more than just a firewall. In fact, FWaaS (Firewall as a Service) is just one feature among many that are included with SSE.

Features vary by platform, but you’ll typically find CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), ZTNA (Zero Trust Network Access), RBI (Remote Browser Isolation), and more within an SSE platform. If you’d like a full list of features, descriptions, and who can benefit from them, check out this post next.

When talking about remote workers, all of these security features help, but one stands out: ZTNA, the natural progression from legacy remote-user VPNs. ZTNA is similar to a VPN in that it allows users to securely connect to applications they need to access, but it takes things a step further by adding a “zero trust” framework that is meant to only allow access to resources by people who need them. Users’ identity and context must be verified before access is granted.

Employee Retention

Hybrid working has many benefits for a business, from lower overhead costs to global talent acquisition. This flexibility also inevitably makes employees happier. When people can decide what their day-to-day life looks like, it gives them a certain level of autonomy that is hard to give up. Personally, after working remotely for three years, you couldn’t pay me enough to go back into an office every day!

If employees are happy, their location is flexible, and they have just as good an experience working in, say, Europe, as they do at home, they’ll likely stay with a company long-term. We need to make sure they can do this securely and efficiently.

Want to chat more about this and whether SSE or SASE is a fit for you? Fill out this form and our team will be in touch.