It's no secret that the business landscape is constantly shifting. One of the biggest changes over the past couple of decades is the massive dispersion of the workforce. There are many reasons for this, like emerging market cities, business acquisitions, cost-cutting strategies, and more. In 2009, Nermetes Research reported (pdf) that nearly 90% of their research participants operate a “virtual” organization, which may include branch offices, or “micro-offices,” such as individual workers in home offices, hotels, or airports. Nermertes Research also predicted double-digit growth specifically in branch offices.
At the same time that companies were establishing branch offices across the globe, they were also moving toward server centralization and data center consolidation. This created the need for LAN-like performance across these dispersed networks, in addition to the growing need for long-distance collaboration. Companies that fit this profile have some very specific needs:
- Security between the branch office and the Internet
- Security between the various offices and departments
- Compliance with applicable regulations
- Availability of SaaS and other line of business applications
- Remote access for employees who are outside of an office
The old way of doing this would involve multiple high-speed Internet accounts, Internet failover devices, firewalls, and maybe some separate VPN electronics, depending on the firewall you were using. You might get some leased lines and a different configuration for your WAN, but it was a cumbersome situation no matter how you connected. If you were lucky, you had the same equipment in all of your branches, and you could simply clone most of the configuration. As long as you remembered all of those IP addresses or hostnames, management wasn't that bad.
It's much easier now, thanks to next-generation firewalls. These devices have features specifically designed for dispersed networks, including advanced threat detection, user awareness, and deep packet inspection. With a next-generation firewall in the mix, you have what you need to secure the network and enable secure access between offices.
Secure remote access is another great benefit of next-generation firewalls. Mobile workers who need access to their network workstations or other on-premises resources are protected and enabled by the capabilities of the branch office firewall. This is great for users who may have forgotten to upload something from their desktop, or want to use the features of a full PC when all they have with them is a iPad.
Each branch office represents several attack surfaces, such as user-to-service, user-to-cloud, etc. A firewall at each location can secure these attack surfaces and improve user productivity. For highly-distributed networks, branch office firewalls are a critical piece of infrastructure.