What is branch networking?

What is branch networking?

Branch networking is what connects an organization's various locations, enabling them to exchange information securely. Many companies have satellite locations spread out across a given region, or around the world. For these satellite locations to connect to the same corporate network and access needed resources, they must have network connections between them. This need is filled by branch networking — it connects these locations specifically to each other and to a centralized headquarters, not just to the Internet.

Imagine, for instance, an enterprise has a headquarters in San Francisco with additional offices in New York and Los Angeles. Branch networking connects them to one centralized internal corporate network. It can do the same for banks with multiple locations, restaurant chains, schools with various campuses, and other distributed organizations.

Typically, branch networking has used:

• Routers, switches, and firewalls to securely connect local branches to the network
• Multiprotocol label switching (MPLS) routes, virtual private networks (VPN), or software-defined wide area networking (SD-WAN) to route network traffic among branch locations
• Secure web gateways (SWG) and firewalls to secure the network

However, some organizations are modifying this architecture to rely less on hardware and dedicated network routes, and to allow for greater flexibility to support remote work and cloud computing. Branch networks might instead use:

• Network-as-a-service (NaaS) for connectivity among branches, data centers, and the cloud
• Secure access service edge (SASE) for secure distributed networking and access control, irrespective of location
• Firewall-as-a-service (FWaaS) for stopping threats
• Commodity Internet instead of leased lines or private connectivity

Of course, a modernized branch networking architecture still needs some physical equipment, like routers and switches, to connect to the Internet and the corporate network.

What is a branch office?

A branch office is one of the distributed locations where an organization's work takes place. In the context of branch networking, branch offices may include data centers, stores, restaurants, campuses, banks, and any other connected locations.

From a networking perspective, branch offices are locations where connectivity must be available. Employees, contractors, and other users connect to the network using either managed or unmanaged devices.

What are some of the challenges of branch networking?

Organizations must make sure their branch networks are both secure and fast-performing to support productivity and protect their data.

Branch office connectivity challenges

• Application performance: With branch offices potentially a great distance from each other, both in terms of miles and network hops, ensuring that traffic takes efficient paths between branches and data centers, or between branches and the cloud, can be a challenge. This can cause application performance to degrade or crash due to request timeouts.
• Network bottlenecks: If too much traffic must pass through chokepoints on the network (for instance, if one branch office suddenly expands its workforce or usage), this can cause performance slowdowns for users and apps.
• Complexity of management: Branch networks may be physically far from localized IT teams, so they have to manage multiple different networks remotely, without direct access to local equipment.

Branch networking security challenges

Branch networking security involves not just protecting the data within the network, but also data as it is in transit across networks and between locations. Access control is also a core component of protecting branch networks, but it can be difficult to enforce with a combination of managed and unmanaged devices connecting. Some of the main challenges of branch networking security include:

• Expanded attack surface: The spread-out nature of branch networks and the range of devices and equipment that connect make for a wide and growing range of vulnerabilities and potential attacks. Bring-your-own-device (BYOD) policies introduce unknown threats and vulnerabilities into networks as well.
• Visibility: Tracking malicious or unexpected network traffic across disparate networks is complex and time-consuming.
• Distributed denial-of-service (DDoS) attacks: Attackers can overwhelm a network's resources with junk traffic, taking the network offline or slowing service to a crawl for legitimate users. For legacy branch networks, mitigating these attacks is often a highly manual process.
• Regulatory compliance: For many of the reasons described previously (complexity, lack of visibility, large attack surface), enforcing compliance with data security and privacy standards like PCI-DSS or the GDPR is a major challenge in branch networking.
• Enforcing security policies: With a range of users across multiple different locations, ensuring that all users and devices conform to official security policies is a challenge.

How is branch networking evolving to meet these challenges?

Branch locations still matter for many businesses, but today, large swaths of the workforce connect to company apps and resources remotely. And the adoption of software-as-a-service (SaaS) apps and cloud computing means traffic needs to leave an organization's network perimeter.

Hard-coded network connections are not flexible enough to support these developments. In addition, the challenges described previously make legacy approaches a poor fit for many organizations.

Therefore branch networking is modernizing by adapting more flexible, cloud-based models, such as secure access service edge (SASE). This model includes security features natively built in, instead of added on.

How does Cloudflare support branch networking?

Cloudflare offers a simple platform with a unified dashboard for managing networks. Cloudflare’s cloud-based WAN services offer flexible branch office connectivity while Cloudflare’s smart routing capabilities take real-time network conditions into account, routing around network congestion and outages. With Cloudflare, Zero Trust security policies are automatically applied across all locations, users, and devices. Learn more about Cloudflare's SASE platform.