Cato’s SASE Solution Provides Access Needed for Remote Workers

Optimized and Secure Remote Access with SD WAN

Enterprises are seeing a growing need for employees to work remote. In particular, during times of crisis the ability to work securely and productively from home is a critical pillar of business continuity planning.

Cato SDP enables remote users, through a client or clientless browser access, to access all business applications, via secure and optimized connection. The Cato Cloud, a global cloud-native service, can scale to accommodate any number of users without deploying dedicated VPN infrastructure. The users connect to the nearest Cato PoP, and their traffic is optimally routed across the Cato global private backbone to on-premises or cloud applications. Cato’s Security as a Service stack protects remote users against threats and enforces application access control.

Optimized and Secure Remote Access

Key Considerations for Extending Your Business Continuity Plan (BCP) to Home and Remote Workers

IT has been supporting remote and mobile users for years, but a sudden spike in staff working from home full time is a whole new ballgame. Most won’t be connecting occasionally to check email or do some quick catchup at the airport, between meetings or after hours at the hotel. They’ll be on the network every workday for hours accessing enterprise applications, files, and data. Your current remote access infrastructure was likely never sized to cope with such a large, constant load, which means you’ll probably have to add or upgrade remote concentrators. In the best of times, this can take days or weeks, but hundreds or thousands of companies will also need similar upgrades.

As more and more users work from home, security risks are bound to increase. More remote users mean more opportunities for threat actors to penetrate security defenses. Unfortunately, traditional VPN’s authenticate remote users to the entire enterprise network, allowing them to PING or “see” all network resources. Hackers have been known to exploit this opportunity, as they did with the infamous Home Depot and Target breaches of a few years ago, which took advantage of stolen VPN credentials. Once inside the network, a hacker is only one administrator password away from access to sensitive applications and data. That’s a big reason why IT security has been moving away from network-centric security towards software defined Zero Trust Network Access, which grants users access only to what they need when they need it.

Mobile and home VPN users often complain about remote access performance even when infrastructure is sized appropriately, thanks to the unpredictability, latency and packet loss inherent in the public Internet core. When accessing the cloud, the mobile experience can get so sluggish that users often abandon the corporate backhauling solution to access the cloud directly, opening significant security gaps. Many newer users also find themselves struggling with unfamiliar VPN client software, passwords, and connections to multiple cloud services.

Deploying client VPN software on thousands of new home users’ systems can take considerable resources and time that organizations may not have during a crisis. AdRoll found VPN onboarding of new users a very cumbersome process, especially for contractors. “Using the Mac’s management software to push out VPN configurations to users was a pain,” says Dunne. Dunne also had to send instructions for configuring the VPN client to each user. Once these users are onboard, IT also needs appropriate tools for managing and monitoring all those remote users, much as it does for its branch offices and other sites. Shifting to cloud-based Web gateways and CASB’s has its own overhead as well.

Cato’s SASE Solution

There is a solution that can solve many of these connectivity, security, performance and management issues: a cloud-native network such as the Cato Cloud. Built on the principles of Gartner’s secure access service edge (SASE), Cato connects mobile and remote workers to the same network, secured by the same security policy set, as those in the office.

Rather than connecting to the corporate datacenter, then out to cloud applications, home users connect to their nearby cloud native network point of presence (PoP). From there they become part of a virtual enterprise WAN that the datacenter and branch offices access through their local PoPs as well. Cato locates its PoP infrastructure in some of the same datacenters as major cloud providers, including AWS and Microsoft Azure, allowing for fast direct connections to cloud services.

Cato’s Cloud-native architecture connects all resources Physical, cloud and mobile to a single, virtual enterprise WAN.

Secure Access Service Edge

SASE requires vendors to become like AWS. Some will never get there. Some will try to acquire their way into it. Some will prioritize current cloud capabilities over similar appliance-delivered ones. And this process will have to go through a sales and support channel that is even more challenged by the SASE transition. This is going to be messy.

When you look at the SASE field, and you want to separate true from fake SASE providers, look for the “middle.” Ask yourself:

  • Has the SASE provider’s cloud service been field-tested to deliver the global reach, scalability, and degree of functional convergence needed by enterprises?
  • Does the SASE service provide holistic visibility? The service should offer a single view showing all enterprise traffic flows regardless if they’re across the Internet or the WAN, between sites, remote users, or cloud resources.
  • What security and networking capabilities can be applied to that traffic? Is the service limited to access restrictions, or can it also optimize and accelerate traffic?
  • What degree of centralized management control does the service provide? Is there a single pane-of-glass where you can set or change all capabilities relating to networking, security, remote access, and the cloud or must the service provider get involved at some point?

Result: A deep convergence of multiple capabilities, including WAN optimization, network security, cloud access control, and remote access to the network itself. This remarkably comprehensive design dramatically simplifies enterprise IT and reduces risks and costs.

SASE: A single platform that can support your current and future IT projects