All Access Is (or Should Be) Remote Access
With the transition to remote work, we often hear the term remote access used in unison. Typically, remote work application access is facilitated via a remote access mechanism and, presumably, local work application access is facilitated via a local access mechanism. But I argue that this connection does not really hold true. Sure, remote work does require the use of a remote access mechanism, but the mechanism can and should also be used for local work. There's really no such thing as local access.
The meaning of remote work is pretty clear: working in a location other than a corporate office -- for example, at home, in a hotel, in a customer office, or in a coffee shop. Remote work was a part of our work lives even before the pandemic; it became, for many of us, the dominant or only mode of work during the pandemic, and it is expected to continue to be a frequently used mode of work after the pandemic. When working remotely, application access is facilitated by a remote access mechanism such as a virtual private network (VPN) or much better, a Zero Trust access system.
Onsite work operates differently. Of course, working in a corporate office is different. We can meet and collaborate with colleagues face-to-face, we can share meals and a cup of coffee, and we can take advantage of facilities such as printers, large screens, and conference rooms. But does the application access mechanism need to be different? Traditionally, it is. In the office, we can connect to the corporate office Wi-Fi or Ethernet, and then after some type of authentication and authorization, maybe with network access control (NAC), we are on the corporate network. From here, we can access applications in what could be considered a local access model, with no need for a VPN or Zero Trust access.
I believe, however, that it is better to treat all access as remote access even when in the office. After all, the applications really aren't local. Maybe once upon a time, the vast majority of applications were hosted in the corporate headquarters or in a data center very near the corporate headquarters, so employees working in headquarters could view those applications as being local. Today, however, this situation just does not hold.
We have applications hosted in the cloud, we use SaaS applications, and we use other third-party internet applications. So even in the office, very few of the applications that we use are really local. Even with dedicated telco circuits to connect offices, data centers, and maybe even clouds to create a corporate network and the illusion of local access, we are still faced with long distances. Moreover, these circuits are expensive and cannot connect to all locations where applications might be hosted. The bottom line is that in today's world, there's really no such thing as local access.
We are much better off, then, if we treat all access as remote access and use a Zero Trust access architecture. In this architecture, whether employees are working remotely or in the office, all access is managed and secured via the Zero Trust access system.
Even in the office, when connected to the corporate Wi-Fi or Ethernet, that connection goes only to a user local area network (LAN) that connects only to the internet and truly local resources, such as printers. There is no need for a corporate wide area network (WAN), and with Zero Trust access, there is no need for direct routability to the applications. This architecture is, therefore, cheaper and more secure than the traditional architecture. Think of the corporate office building as a private coffee shop with great Wi-Fi internet connectivity.
At Akamai, we've been using an architecture like this for some time now. To us, it doesn't matter if employees are physically in an Akamai office, at home, or at a local coffee shop -- the access model is the same regardless. Providing a secure remote working environment was critical well before the pandemic, as more than 50% of our employees were on the road at any given time. Moreover, for anyone familiar with our brutal New England winters, you'll understand that we needed to be able to successfully operate with as many as 90% of our employees working remotely from time to time.
In a sense, the start of the pandemic was an extreme and long-lived version of this same transition. With our all-access-is-remote-access architecture, these transitions are easy.