Business owners and their employees seemed to have fallen in love with the work-from-home (WFH) model. Using the right technologies, staff can perform their duties and stay in constant communication with others while being physically separated. For most businesses, however, the technologies used to connect remote workers today may not be ideal for the long-term. Thus, IT architects are spending time researching tools and platforms that provide additional performance and security benefits.
Through this research, many are finding that that two distinct architecture models -- traditional hardware-based appliances that are deployed to each WFH employee or software-based tools that are installed directly onto PC hardware -- offer the biggest bang for the buck. While both offer similar benefits from an application performance and security perspective, there are distinct differences that may make one option preferred over another. Let’s look at both options and how they differ:
1. Hardware-based performance and security appliances
For years, enterprise networking manufacturers have been designing and selling small-office, home office (SOHO) routers for small branches and permanent WFH employees. These tools allowed administrators the ability to remotely manage and monitor connectivity while offering basic data encryption/protection services. Over time, the number of advanced features packed into these tiny SOHO boxes has expanded greatly and now largely focus on modern security and performance functions that mimic protections found within the corporate network. Examples of common features include:
- Layer 7 firewalls
- Enterprise-grade secure Wi-Fi
- Dynamic site-to-site VPN tunnel creation
- Software defined networking (SDN)
- Application-aware traffic shaping
- Ethernet port security
- Centralized management and troubleshooting
In many ways, a hardware-based appliance offers proven reliability and provides a distinct physical boundary between an employee’s “home” and “work” network while working remote. This division tends to help protect against employees using company-owned computers for personal use.
2. Software-based performance and security apps
While hardware-based tools excel in situations where WFH users are expected to operate out of a single location, the protections afforded by the appliance disappears when users opt to work somewhere else. As COVID-19 restrictions start to ease, WFH employees may wish to work out of a coffee shop, hotel, or any number of alternative locations. While it’s prudent to expect employees to bring their work laptop with them on these journeys, few would be willing to disconnect their hardware security/performance appliance every time they want to work from a different location. Nor would it be possible to connect this type of equipment in many locations. Solving this mobility issue is precisely where software-based security/performance tools come into play. These tools can be installed directly on corporate-owned laptops and can operate anywhere there is internet access.
Over the past couple of years, software-based tools have expanded beyond remote access VPN and are now able to deliver the same firewalling and SDN capabilities found in hardware-based alternatives. Additionally, many WFH software tools now rely on cloud and edge computing to deliver highly advanced security features such as:
- Zero Trust Network Access (ZTNA)
- Web content filtering
- DNS security
- Data loss prevention (DLP)
- Advanced persistent threat prevention
These are the types of security services that require more processing power than can be afforded by business laptops and SOHO hardware appliances. Thus, the combination of a software-based security and performance product paired with a secure access service edge (SASE) model delivers the most advanced security and performance benefits in a highly portable package.
Mobility, Features, and Cost Will Determine the Best Choice
There’s no right or wrong answer to the hardware vs. software question in this situation. Choosing between hardware- and software-based WFH performance and security services will likely be determined by answering the following three questions:
- Are users likely to work from a single location, or multiple locations?
- What levels of performance and security protections are needed for the remote user base?
- What is the cost to deploy and manage hardware-based appliances vs. a SaaS model that can dramatically increase in price depending on the types of performance/security features required?
Considering that WFH corporate policies are likely to stay in place for the foreseeable future, I’m willing to bet that software-based tools will become the preferred option moving forward as it allows for greater scalability and upgradeability to new security services. That said, hardware-based products have proven themselves to be highly dependable and are battle-tested. Thus, this architecture model may be preferred in situations where reliable connectivity and ease of management is of utmost importance.