Virtual private networks (VPNs) have been a conventional solution for enterprise system remote access, but their architecture isn't optimal for a fully – or even partially – distributed workforce. VPN infrastructure has always had capacity limitations, leading to performance degradation when concurrent connections exceed these thresholds.

Addressing these performance bottlenecks often necessitates costly infrastructure upgrades, which may present significant logistical issues – not to mention that the addition of hardware always introduces increased operational complexity.

Beyond performance limitations and despite their protection of single users, VPNs present security exposures. A number of documented vulnerabilities exist, including software flaws, hardware issues, and human error. These can lead to data breaches and other security risks.

In addition, the wide network access granted upon VPN authentication lacks the specific control required in modern security processes. This “all-or-nothing” access model exposes organizations to significant security risks by potentially allowing unauthorized access to sensitive resources once a connection is established. Once a bad actor is inside a VPN, there's no telling what's bound to happen.

Remote desktop protocol (RDP), the second-most popular means of remote access, is also prone to security risks.

“Adversaries are known to use online scanners to discover internet-exposed devices and then harvest stolen credentials for remote access services or vulnerabilities in RDP to gain access into organizations,” Cato Networks’ Dave Greenfield recently noted in a blog post. “RDP is also one of the most common methods cybercriminals use to deploy ransomware.”

Remote work down after the pandemic, but it's still significant Even though remote work has gradually declined since the pandemic, there is still a substantial number of professionals working from home five years later. Remote employment was at its height in late 2020; 46% of employees were remote in October 2020, while 12% were hybrid and 39% were working mostly onsite. The remote work rate has since dropped to 26% in February 2005.

Hybrid work is up, but while it's still far from eclipsing onsite employment (55%), a lot of people prefer to work remotely. Thus reliable and secure remote access to network systems – for employees, partners, customers, and potential customers – will always be in demand.

And don't forget: Flexibility is a key factor for enterprises recruiting prospective employees. Remote work is never going to go completely away.

SASE to the rescue? Secure access service edge (SASE) was created to optimize remote work access for enterprises by addressing the VPN problem. It does this through a converged cloud-delivered architecture that integrates networking and security functions closer to the user, regardless of their location.

SASE remediates common remote work access issues by replacing traditional VPNs with zero-trust network access (ZTNA) or universal ZTNA, which is fast becoming a favorite among security teams. Unlike VPNs that grant broad network access, SASE with ZTNA never inherently trusts users or devices. Instead, access is granted based on verified identity, device posture, and the specific application or resource being requested. This can significantly diminish the attack surface and limit lateral movement of a bad actor in the event of a breach.

SASE also enforces consistent security policies across all users, devices, and locations, whether they are in the office or working remotely. This eliminates inconsistencies and potential vulnerabilities associated with managing separate security tools for remote users.

By integrating various security functions such as firewall-as-a-service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB), and data loss prevention (DLP) into a unified cloud platform, SASE delivers protection against threats, malware, and data leakage for remote workers without the need to backhaul traffic to a central data center. SASE provides improved visibility into user activity, application usage, and potential security threats across the entire remote workforce, enabling security teams to proactively identify and respond to risks.

SASE: Optimized user experiences SASE also improves performance and user experience through optimized routing and reduced latency, often leveraging a global network of strategically located points of presence (PoPs) that minimize network latency and enhance application performance for remote workers compared to routing all traffic through a central VPN gateway.

The integration of SD-WAN capabilities in many SASE solutions further improves reliability and performance by intelligently routing traffic over the most efficient available path, such as broadband, MPLS, or cellular, for remote users accessing cloud applications and on-premises resources.

SASE enables secure direct-to-internet access (DIA) for remote users, allowing them to directly access cloud applications and internet resources without weaving traffic through the corporate network, which reduces bandwidth congestion and improves application responsiveness. Moreover, a converged SASE platform simplifies the management of networking and security for remote access, allowing IT teams to manage policies, monitor performance, and troubleshoot issues from a single console, thereby reducing complexity and administrative overhead.

Finally, SASE offers enhanced scalability and flexibility due to its cloud-native architecture, which allows it to easily scale up or down to accommodate fluctuations in the remote workforce without significant infrastructure investments. SASE solutions are designed to support a range of devices, including laptops, tablets, and smartphones, and various access methods from diverse locations, providing flexibility for remote workers.

Deploying SASE is typically faster and less complex than setting up and managing traditional VPN infrastructure for a large remote workforce.

While SASE can offer cost savings in the long run, it requires an initial investment in new hardware, software, and services that often run into seven or eight figures for larger systems. You also need to factor in the costs of migration, including planning, implementation, training, and potential downtime. And don’t forget ongoing costs, such as subscription fees, maintenance, and support.