Zscaler: The ‘Beast from the East’ terrorising remote access technologies


Chris Hodson, EMEA CISO at Zscaler, explores how the winter weather has highlighted some of the areas where network appliances can fall flat.

The ‘Beast from the East’ met Storm Emma this week, and as a result, most of the UK has been plunged into a deep freeze.  As this has impacted many of our daily routines, it has most definitely caused general system overload.

The dropping temperatures and general TfL meltdown means that many snowed in office workers have been working from the comfort of their warm homes. When large segments of the workforce attempt to access internal corporate applications from home, this can place a strain on existing remote access technologies. Chris Hodson of Zscaler, explores some of the pitfalls when relying on network appliances below:

“To provide remote access for employees, many organisations use some kind of VPN, which requires appliances, and user licenses are often tied to specific appliances. In the case of ‘the beast from the east’, the lack of flexibility to decouple licenses from appliances introduces complexity when it comes to accommodating the increased number of remote users.

Network admins wind up having to manually move licenses around, do the math to ensure they have the right number of licenses in proportion to available hardware they have within their environment, and often end up scrambling to buy new licenses. If they don’t, they risk users not being able to work, reducing productivity for both the user as well as the business.

“Some of the major VPN vendors offer ‘In Case of Emergency Licenses’ often referred to as ICE licenses. These are useful, but expensive and typically have an extremely short lifespan (a couple weeks or less). ICE licenses essentially allow VPN appliances to operate at their maximum capacity for a set amount of time. However, admins often purchase ICE licenses, use only a subset of them during a disaster, save the rest for a later date, but then forget to switch off the ICE license once the ‘disaster’ is over. The license then expires after a specified amount of time and when the next snow storm hits admins go to use their licenses, but the ICE has melted away leaving the customer frustrated.

“The actual capacity of existing appliances becomes an important factor IT must think about. After all, it doesn’t matter how many licenses a company may have, if their appliances can’t deal with the burden. The software-defined perimeter offers a new cloud-based approach to provide remote user access to internal applications that is completely different from the traditional DMZ. This modern network security method uses the cloud to provide the convenience, flexibility, and scale that network admins need when faced with weather conditions like those we are currently experiencing. Best of all, there are no VPN appliances necessary!”

Photo credit: Andrew Milligan/PA Wire