With the onset of this global pandemic, almost every facet of our lives has changed, been impacted, pushed aside, or became instantly more important. As we adjust to this "new normal," this new way of doing things, we are having to make adjustments everywhere – even in the places that we may not be looking.
Examining the cloud
Take a look at your cloud's traffic over the last month. Have your data transfer fees increased? Do you know why? Are your internal apps and systems designed to route traffic correctly – to minimize the amount of off-network or egress traffic that your data travels? Are your multi-tiered applications querying data using internal IP addresses? If they are not, there's a multitude of reasons that they should be (in most situations).
Next, let's take a look at how your cloud handles external access. As staff around the world took monitors, keyboards, and computers home during the mass exodus from our corporate offices, they also took home connection points to your network. How is your network routing and securing traffic to your distributed workforce? Most companies implement trusted solutions such as proprietary VPNs or Microsoft's Direct Access to connect these endpoints back to the corporate network. Most organizations should design their external network connections with "split tunnel" traffic, meaning only corporate traffic will traverse the VPN connection, and all other internet traffic will bypass the VPN connection and be handled directly by the client's Internet Service Provider.
On the other hand, if your network requires your external endpoints to use a "full tunnel" VPN connection, where all traffic from the client is sent over the VPN tunnel and then routed from the corporate network, the amount of traffic passing through your network may be increasing - by a lot.
The reasons to need this are many (hopefully diminishing over time), but if your network is utilizing a "full tunnel" remote connection, all of that traffic can put an all new strain on your network if you are not careful.
When the majority of your client endpoints are contained within the same physical network, you are responsible for all of their traffic. Every web page, video, song, and article that is accessed on the endpoints originates on your company's backbone, and then us sent out to the internet via upload gateways.
When more and more of your company's client endpoints are accessing your network via remote connections, that traffic is limited by your employee's Internet Service Provider and the plan selected by your employee (for reference, most consumer network connections have significantly lower upload speeds than download speeds, often called asynchronous connections). After the traffic arrives at your network via download gateways, the traffic must be routed, internally for on-network traffic and externally for off-network traffic. For off-network traffic, this VPN architecture adds in several additional "hops" at the beginning of each request, and hamstrings them to the slowest link in the entire connection.
For companies that utilize a full-tunnel VPN, if egress traffic flows are impacting your network performance, they're affecting your bottom line. Now may be the time to look into limiting what these endpoints have access to. Full tunnel traffic can be limited to only traffic required for business purposes, and all other off network traffic from these remote endpoints can be redirected (or "black-holed"). The result is that your staff will no longer be able to use the client endpoints that they have taken home with them, to access anything that isn't a company resource. For many companies, this can actually be a perk – an added security layer to your remote endpoints.
Keep in mind, however, that experience is not for every employee population. Understanding how your employees work, understanding how your applications interact with each other, and most importantly, understanding how your employees interact with your applications is at the core of providing the most productive, positive experience for your employees using the technology that helps your business run. Understanding these key factors will often result in defining multiple use cases for remote network access, each requiring its own security and architecture considerations.
Do you know how your cloud is routing traffic? For those organizations that have applied one or more hybrid-cloud approaches, inter-cloud traffic can also be an issue as traffic flows change. Key network performance networks should be identified around these new traffic flows. Companies can now look at data that has been collected and implement changes that are needed to maintain distributed, performant, and secure networks, from client endpoint, to the edge, through our infrastructure and back out again.
No one should rely on a static infrastructure that cannot change to meet the needs of their organization – that's so 2002.