WORKPLACE TRANSFORMATION

Access
Anywhere

View eBook
WORKPLACE TRANSFORMATION | Access Anywhere

WORKPLACE TRANSFORMATION

Access
Anywhere

Table of contents

The challenge for today’s modern enterprise – the new way of working 3

How does the business respond? 4

Zero Trust - The New Approach to Enterprise Connectivity 5

Major Enterprise Capabilities 6

Persona Based Solutions 7

The Access Anywhere Worker 7

The Access Anywhere Power User 8

The Access Anywhere Super User 9

Access Anywhere foundation ensures business continuity 10

How Fortinet can help you deliver this transformation 11

High-Level Approach 11

Why Fortinet? 12

2
WORKPLACE TRANSFORMATION | Access Anywhere

The challenge for today’s

modern enterprise –
the new way of working
The way in which we all work has fundamentality changed, pen and
paper transitioned to computers, systems moved online, and now
work-from-anywhere has replaced the typical office environment.
This has been further reinforced by the sudden and dramatic changes brought about recently.
We now email, message, chat, and video call each other with ease, on a very ad-hoc basis.
Technology has played its part in facilitating this, but preferred user-behavior has driven the
biggest change.

A new set of requirements are being experienced from the end-user.

Users now demand

Users now demand
access from
access to a wider
their own
range of applications
devices, not
and services from
those provided
any locations
by the organization

Users want a single

and refined access The end user assumes
method that should that they are in a safe
be simple, reliable, working environment
and predictable

Having a sizable number of employees working remotely can be a major change for
organizations and presents numerous challenges in cybersecurity.
The popularity of employees using their own devices for work and the availability of insecure
network access also increase the risk of attacks like phishing and malware.
Organizations need a secure and reliable communications solution that is easy to use and
effective for employee collaboration.

3
WORKPLACE TRANSFORMATION | Access Anywhere

How does the

business respond?
The generally accepted approach from IT was to accommodate
remote working for a small number of their staff, typically, the 80-20
rule was applied, where it was assumed that a maximum of 20% of
the staff would need to be able to work remotely.
However, people have begun to ask, “Do we really need to be together in an office to deliver
what is needed?”. With recent events and changes in working practices this assumption is
no longer valid – in fact we need to plan to have a solution that allows 100% of the employee
base to be location independent.

Technology has also changed; today’s networks are now highly distributed with resources
spread across conventional data centers and multiple clouds. The traditional approach of
VPN no longer serves the users it was aimed at. A new approach is therefore required

Traditional Progressive
Approach Approach

ASSUME PLAN FOR

MAXIMUM OF UP TO

20% 100%
OF WORKFORCE TO BE ABLE OF WORKFORCE TO BE ABLE
TO WORK REMOTELY TO WORK REMOTELY

4
WORKPLACE TRANSFORMATION | Access Anywhere

Zero Trust - The New Approach

to Enterprise Connectivity
A new approach is now needed, we now need to ensure that the
model focusses in on the individual, that allows them to work from
any device from any location, with focus being given to the resource
they are trying to access. The Enterprise must ensure when doing
so that the adherence to Enterprise Governance, Legislation, and
working practices are always maintained.

Mix into this the fact that Enterprise organizations

are now moving from large legacy data centers to
consuming applications that are hosted as a service
in the ‘cloud’ – the traditional models for supporting
the anywhere user are no longer fit for purpose.
The focus now is on the identity of the end
user, ensuring that they have the authority to
have access to the various components and are
authenticated to use them on a session-by-
session basis. Essentially nothing is trusted
until validated.
The Enterprise can use a single ‘zero trust’ uniform
policy irrespective of the device, the location, or
the application being consumed as all aspects of
the connection have been validated and checked.
Thereby ensuring that the worker from the office,
the home, or even the coffee shop has the same
level of scrutiny applied to them.
Having this single approach reduces the need the
have multiple policies and ensures that the end
users have the same experience irrespective of
where they are working from.

5
WORKPLACE TRANSFORMATION | Access Anywhere

Major
Enterprise Capabilities
To deliver this policy the Enterprise organization needs to
focus on the following areas: -

Implementing Identity Management/Verification for

transparent and consistent user identity tracking across the
network security infrastructure.

Visibility and Posture checking with NAC. It enhances the

overall posture with visibility, control, and automated response
for everything that connects to the network.

Endpoint Detection and Remediation (EDR) EDR delivers advanced,

real-time threat protection for endpoints both pre- and post-infection.

Securing Access with role-based policies while enforcing

additional user verification with two-factor authentication.

Enabling Access for guest, remote, and Enterprise users without

introducing complex and redundant user management databases.

6
WORKPLACE TRANSFORMATION | Access Anywhere

Persona Based Solutions

Once the capabilities are in place a range of options become
available to support the anywhere worker.

The Access Anywhere Worker

The Access Anywhere Worker needs to access a small number
of services to be able to complete their task, from any location.
Typically, these would include access to Software-as-a-Service
(SaaS) applications in the cloud for team collaboration, access to the
Internet, file sharing, and function-specific capabilities (finance, HR,
etc.) from their location.
To ensure the device requesting access To ensure authorized and authenticated
is of the right posture FortiEDR delivers access FortiAuthenticator, working in
advanced, real-time threat protection for conjunction, with FortiToken provides two-
endpoints both pre- and post-infection. factor authentication services that ensure
It proactively reduces the attack surface, access is granted to authorized users on a
prevents malware infection, detects and session-by-session basis. All of this can be self-
defuses potential threats in real time managed or via a Fortinet SASE subscription.

NOTIONAL FORTINET SOLUTION DEPLOYMENT FOR THE ACCESS ANYWHERE WORKER

7
WORKPLACE TRANSFORMATION | Access Anywhere

Persona Based Solutions:

The Access Anywhere Power User
The Access Anywhere Power User are employees that require a higher
level of access to Enterprise resources while working from a remote
location, this could be from home.
For these users, we extend the trust Working in conjunction with the base
boundary to their location. Primarily access access anywhere approach this enables
to the Internet is the preferred path, however secure wireless connectivity extending
it could also be delivered as an overlay on an the Enterprise network to the point of
Enterprise network. consumption.
This is achieved by the deployment of a The benefit to the end user is simplified
FortiAP access point (using Zero Touch access ensuring the same policies are also
Provisioning) that provides the level of access being applied as if you were in the office.
and security that they require managed by
a nominated FortiGate NGFWs.

NOTIONAL FORTINET SOLUTION DEPLOYMENT FOR THE POWER USER

8
WORKPLACE TRANSFORMATION | Access Anywhere

Persona Based Solutions:

The Access Anywhere Super User
A Super User is an employee that frequently access’s extremely sensitive
and highly confidential information (such as M&A or other sensitive data)
and maybe be subject to greater compliance governance.

The Fortinet SD-WAN offering utilizes Primary benefits include zero-touch-

a lightweight Fortinet Secure SD-WAN provisioning for remote users, centralized
device for connectivity and improved management, and optimization for IT
application performance over a home Internet managers. Essentially your home office
connection. It comes complete with a built- becomes an extension to your work office
in next-generation firewall with advanced with the same levels of support and
routing, and direct connections to an protection from your Enterprise team.
ecosystem of cloud services.

NOTIONAL FORTINET SOLUTION DEPLOYMENT FOR THE SUPER USER

9
WORKPLACE TRANSFORMATION | Access Anywhere

Access Anywhere foundation

ensures business continuity
The Fortinet solution provides full strategy to deliver against
the demands of the end user whilst ensuring that the Enterprise
governance is fully maintained.

The solution provides the flexibility for the end user whilst adhering
to the Enterprise governance.

Easily support any home user or mobile user

Provides a scalable remote worker environment
Allows for any compliant device to be used
Ensures safe and secure access to Corporate resources
Authenticates on a session-by-session basis
Allows best practices to be deployed to protect business communications
Provides the tools for the Enterprise organization to view, enforce policies,
and automate actions
Allows the Enterprise organization to centrally change cybersecurity policies
in line with business demands.
Allows the Enterprise organization to utilize SASE capabilities to manage
ALL cybersecurity policies in line with business demands.

Preparing for business continuity and disaster recovery is vital for any organization.
An important component of this is the ability to support a mostly or fully remote workforce
with little or no notice.

When developing business continuity plans, it is essential to ensure that the organization
has the resources in place to secure this remote workforce. Fortinet solutions are easily
deployable and configurable and enable an organization to maintain full security, visibility,
and control regardless of their deployment environment.

10
WORKPLACE TRANSFORMATION | Access Anywhere

How Fortinet can help you

deliver this transformation
All customer’s requirements and needs are unique and as such Fortinet
offers three tiers of Professional Services to complement, collaborate or
execute the journey to the new Access Anywhere solution.

Foundation Services Collaboration Services Transformation Services

Help You With You For You

Engage with Fortinet’s Complement your team by Harness the full power of
services organization for engaging Fortinet services the vendor and put your
consultancy insights to to project manage and take transformation execution
help you through your technical accountability for in the hands of Fortinet.
design and migration key aspects of the Access Fortinet services will own
phases of the new Access Anywhere solution delivery. accountability and work in
Anywhere solution. partnership to help develop
and execute your business
case, transformation
journey, success and
after care.

High Level Approach

Whatever your choice of Professional Services tier, Fortinet will share a series of structured and
proven steps to help the delivery of your new Access Anywhere mobile work force solution.

Step 1 Step 2 Step 3 Step 4 Step 5

Discovery Design Build & Test Commissioning Deployment

! Document current state ! Creation of High & ! Rack & stack of new ! Controlled pilot test ! MDM push by user
Low Level Design hardware migration by persona persona and device type
! Identify existing and and device type
future mobile device ! Hardware Bill of ! Configuration and testing ! Software deployment by
strategy Materials of new services ! Controlled pilot functionality persona and device type
and access testing by user
! Collate and document ! Create User Personas ! Mobile Device personas ! Drop in health clinics
target end users for Access Anywhere Manager(MDM) for Access Anywhere
configuration & deployment troubleshooting
! Shape Business Case ! Power, cooling and testing
expectations, levers and space requirements ! Golden rules handover
goals ! End user device to operations
! Creation of test Compatibility Testing
documentation
! Access Anywhere access
testing by persona

11
WORKPLACE TRANSFORMATION | Access Anywhere

Why Fortinet?
Fortinet’s Access Anywhere solution provides a One Zero Trust policy
which removes the need for multiple security policies and vendors
and provides the ability for users to access and work anywhere on
any device.
Consolidation reduces operational costs for helpdesk
requests, as well as vendor management overhead.
Enabling users to securely work from anywhere could
also lead to real estate reduction as the workplace
capacity could be significantly reduced.

Access Anywhere Transformation

is directly linked with Hyperconnected
Office as they mutually contribute to more
efficient, reduced infrastructure, that leads
to lower operational costs of the company.

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and
other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel,
with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet.
For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to
change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves
the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

May 5, 2021 8:16 PM

fortinet:Shared:CREATIVESERVICES:EMEACreativeServer:03_DOCUMENTS:17_MISCELLANEOUS:2021_ESAP-Transformation-Module-1:Fortinet-eBook_Workplace-Transformation_Access-Anywhere:Fortinet-eBook_Workplace-Transformation_Access-Anywhere

902000-0-1-EN