Which Way to Go for WFH Performance and Security Tools?

When reviewing long-term WFH strategies, IT decision makers must choose between hardware-based appliances or software-based tools. Which is best? It depends.

Andrew Froehlich, President & Lead Network Architect, West Gate Networks

February 1, 2022

4 Min Read
laptops connected around the world
SABIDA via Alamy Stock

Business owners and their employees seemed to have fallen in love with the work-from-home (WFH) model. Using the right technologies, staff can perform their duties and stay in constant communication with others while being physically separated. For most businesses, however, the technologies used to connect remote workers today may not be ideal for the long-term. Thus, IT architects are spending time researching tools and platforms that provide additional performance and security benefits.

Through this research, many are finding that that two distinct architecture models -- traditional hardware-based appliances that are deployed to each WFH employee or software-based tools that are installed directly onto PC hardware -- offer the biggest bang for the buck. While both offer similar benefits from an application performance and security perspective, there are distinct differences that may make one option preferred over another. Let’s look at both options and how they differ:

1. Hardware-based performance and security appliances

For years, enterprise networking manufacturers have been designing and selling small-office, home office (SOHO) routers for small branches and permanent WFH employees. These tools allowed administrators the ability to remotely manage and monitor connectivity while offering basic data encryption/protection services. Over time, the number of advanced features packed into these tiny SOHO boxes has expanded greatly and now largely focus on modern security and performance functions that mimic protections found within the corporate network. Examples of common features include:

  • Layer 7 firewalls

  • Enterprise-grade secure Wi-Fi

  • Dynamic site-to-site VPN tunnel creation

  • Software defined networking (SDN)

  • Application-aware traffic shaping

  • Ethernet port security

  • Centralized management and troubleshooting

In many ways, a hardware-based appliance offers proven reliability and provides a distinct physical boundary between an employee’s “home” and “work” network while working remote. This division tends to help protect against employees using company-owned computers for personal use.

2. Software-based performance and security apps

While hardware-based tools excel in situations where WFH users are expected to operate out of a single location, the protections afforded by the appliance disappears when users opt to work somewhere else. As COVID-19 restrictions start to ease, WFH employees may wish to work out of a coffee shop, hotel, or any number of alternative locations. While it’s prudent to expect employees to bring their work laptop with them on these journeys, few would be willing to disconnect their hardware security/performance appliance every time they want to work from a different location. Nor would it be possible to connect this type of equipment in many locations. Solving this mobility issue is precisely where software-based security/performance tools come into play. These tools can be installed directly on corporate-owned laptops and can operate anywhere there is internet access.

Over the past couple of years, software-based tools have expanded beyond remote access VPN and are now able to deliver the same firewalling and SDN capabilities found in hardware-based alternatives. Additionally, many WFH software tools now rely on cloud and edge computing to deliver highly advanced security features such as:

  • Zero Trust Network Access (ZTNA)

  • Web content filtering

  • DNS security

  • Data loss prevention (DLP)

  • Advanced persistent threat prevention

These are the types of security services that require more processing power than can be afforded by business laptops and SOHO hardware appliances. Thus, the combination of a software-based security and performance product paired with a secure access service edge (SASE) model delivers the most advanced security and performance benefits in a highly portable package.

Mobility, Features, and Cost Will Determine the Best Choice

There’s no right or wrong answer to the hardware vs. software question in this situation. Choosing between hardware- and software-based WFH performance and security services will likely be determined by answering the following three questions:

  1. Are users likely to work from a single location, or multiple locations?

  2. What levels of performance and security protections are needed for the remote user base?

  3. What is the cost to deploy and manage hardware-based appliances vs. a SaaS model that can dramatically increase in price depending on the types of performance/security features required?

Considering that WFH corporate policies are likely to stay in place for the foreseeable future, I’m willing to bet that software-based tools will become the preferred option moving forward as it allows for greater scalability and upgradeability to new security services. That said, hardware-based products have proven themselves to be highly dependable and are battle-tested. Thus, this architecture model may be preferred in situations where reliable connectivity and ease of management is of utmost importance.

What to Read Next:

Work From Home: A Year in Review

8 Work From Home Experiences We Didn't Expect Last Year

Why Work-From-Home IT Teams May Be at a Greater Risk for Burnout

About the Author(s)

Andrew Froehlich

President & Lead Network Architect, West Gate Networks

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the University of Chicago Medical Center. Having lived and worked in South East Asia for nearly three years, Andrew possesses a unique international business and technology perspective. When he's not consulting, Andrew enjoys writing technical blogs and is the author of two Cisco certification study guides published by Sybex.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights