Rymden - stock.adobe.com
A plethora of changes occurred within enterprises to accommodate employees working from home during the COVID-19 pandemic. When workforces became geographically distributed, IT operations staff faced pressure to keep the underlying infrastructure operating at peak performance. In many cases, visibility and control gaps formed, forcing IT departments to make changes to regain appropriate levels of management control.
How monitoring and management gaps formed
In the early days of the pandemic, IT shops were laser-focused on bolstering their remote access connectivity so employees could work from home. The massive decentralization of employees left a gap from a network operations management and monitoring perspective. Network administrators no longer had end-to-end visibility and control.
Network teams initially accepted the loss of proper management because organizations thought employees would head back to the office in a matter of weeks. However, as hybrid workplaces emerged as a lasting corporate trend, IT had to take a serious look at how to oversee this new work environment. The future of network management required teams to learn how to properly manage network security and performance, regardless of where users connect from.
Adjusting distributed network management and monitoring
A large portion of work is now conducted outside the boundaries of the corporate LAN, which caused a major shift in traffic flows. Many of the network-based security and performance monitoring and management tools deployed within the LAN are now obsolete.
To solve this problem, departments shifted toward modern tools, networking components and architecture models to help recapture control. Some examples include the following:
- remote and teleworker gateway hardware;
- virtual desktop infrastructure (VDI) or desktop as a service (DaaS);
- zero-trust security models; and
- unified endpoint management (UEM).
Remote and teleworker gateway hardware
When users connect to corporate resources using client-based VPN software, network operations staff have little visibility when it comes to monitoring and managing end devices. A way to regain control is to issue remote access gateway hardware to each employee.
A remote access gateway often consists of a single, small form factor hardware appliance that is fully configured and controlled by the company's IT staff. Devices connected to the gateway can access corporate resources via an always-on, site-to-site VPN tunnel.
Other benefits or remote gateway hardware include network firewall capabilities, secure Ethernet or Wi-Fi access, and the ability to view and collect local network security and performance data at the remote side of the networked connection.
VDI and DaaS
VDI and DaaS offer two alternatives to remote gateway hardware. VDI and DaaS are two technologies that better monitor and control endpoint devices on a network. They both permit remote workers to connect PCs, laptops or tablets to virtual desktops that operate within the secure confines of a corporate data center or cloud.
VDI and DaaS remove much of the risk of endpoint device compromise, data leaks and malware that are more likely to occur at home than in a secure corporate network. Virtual desktops are under full control of in-house IT, which enables network teams to monitor and secure devices as if they're directly connected to the company LAN.
Zero-trust security model
Before work-from-home or hybrid workforces became commonplace, IT security teams used network-based tools to enforce cybersecurity policy based on trusted networks, zones and devices. Now that employees are increasingly working remotely, data flows often bypass the corporate network and instead connect over the internet to various public cloud services. The ability to enforce security policy becomes a challenge.
Zero-trust security models have become popular because the model requires validation for all devices, regardless of who users are or where they're located. User and device authentication are centrally managed and uniform across the entire distributed network. This reduces the need for remote access VPN tunnels and streamlines the authentication process.
Unified endpoint management
When the BYOD phenomenon first started in the early 2010s, IT departments began implementing mobile device management (MDM) software to protect the corporate network from unpatched or insecure personal devices. MDM has since evolved to UEM.
UEM platforms use software installed on remote endpoints -- or hooks within the device OS itself -- to keep corporate-owned and connected devices up to date in terms of OS and software patches, access control, document sharing and compliance regulations. Devices with UEM software installed can be remotely controlled and monitored through a centralized ITOps platform.
Choosing the tools and techniques for your business
Business variables -- such as the size of a remote workforce, mobility constraints, geographic distance between remote users and security requirements -- influence which monitoring and management tools are the best fit for an organization. Unfortunately, there is no one-size-fits-all way to address this problem.
That said, a great place to begin the selection process is to spend time identifying where visibility and management gaps exist and which tools to use to fill those gaps. Network teams must possess a sound understanding of the technologies available on the market, as well as understand how those tools can apply within their infrastructure to achieve optimal results.