The Future of Zero Trust and SASE is Now! Register now

close
close
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Cookies, Not Biscuits
Host Emily Wearmouthas sits down with experts David Fairman and Zohar Hod to discuss the past, present, and future of internet cookies.

Play the podcast
Podcast: Cookies, Not Biscuits
Latest Blogs

How Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
We help our customers to be Ready for Anything

See our Customers
Woman smiling with glasses looking out window
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
The Netskope Community can help you and your team get more value out of products and practices.

Go to the Netskope Community
The Netskope Community
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope chevron

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Highest in Execution. Furthest in Vision.

Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.

Get the report
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling

Explaining the Importance of Netskope’s Recent Expansion of NewEdge in the UK

Apr 11 2023

Over the past few weeks, our UK team has been very excited about the expansion of our NewEdge infrastructure, specifically the addition of a new data centre in London. Knowing that this was the fourth data centre in the UK, I cornered our EMEA CISO Neil Thacker, and our new UK public sector lead Tim Parkins, to find out what all the fuss was about. 

Emily:  Can you explain to me, why is this fourth data centre in the UK so exciting? I read this blog post about NewEdge which told me that “understanding coverage isn’t just about counting data centres”… so what’s so cool about this one? 

Neil: Our NewEdge infrastructure includes two different types of data centres, Data Planes (DPs) and Management Planes (MPs). You are right that we already have three Data Planes in the UK—two in London and one in Manchester, all “full compute” locations with the full stack of our security services available.  These Data Planes handle our UK customers’ data traffic within the UK jurisdiction. But up until a month ago, we relied on European or rest-of-world data centres to provide the Management Plane.

Emily: OK, so this is the first UK Management Plane. Remembering that I do not have an engineering background, can you explain the difference?

Neil: Our Data Planes are the data centres through which our customers’ traffic traverses. They are where the traffic processing and security controls are applied. We locate Data Planes as close to our users and their office locations as possible, so our service can be as fast and low latency as possible. These Data Planes also have extensive interconnections and peering – remember we directly peer with Microsoft, Google, AWS, Salesforce, Akamai…all the major SaaS companies…in every location possible in order to optimise traffic from the Data Plane to the user’s ultimate destination for the best possible user and application experience.

If Data Planes process the actual traffic, then you can think of the Management Planes as the place where the administration of the customer’s tenant and Netskope services happens. Management Planes host the Netskope Admin UI, so this is where users get configured, policies are defined and it’s also where sensitive metadata and logs are stored. The Management Planes are also where Netskope’s out-of-band, API-based services and complementary solutions get delivered from (I won’t list those, but we are able to be really clear with customers about what goes where in our infrastructure, which is really important so customers can make informed decisions about what they use).

Emily: That makes sense (thank you for keeping it simple for me). So—given we have loads of customers in the UK, and only Data Planes over here until recently—presumably our service works just fine for UK customers when using any of our global Management Planes? 

Neil: Sure it does, and we have hundreds of customers that can attest to this fact. But for some customers, especially those in highly regulated industries such as finance, government, or healthcare, data sovereignty and jurisdiction requirements encourage additional levels of geographic control over their data. For most organisations, a local Data Plane is sufficient to comply with all necessary laws and regulations about protecting and securing sensitive data. We designed our platform for “data minimisation” or “privacy by design.” Technical approaches like only storing transaction logs (not the original data file) and policies around data retention in the MP (wherever it resides), are typically good enough for the vast majority of organisations’ regulatory requirements and preferences. But not all….

Emily: Who are we talking about—who has more specific jurisdiction requirements?

Tim: For starters, UK public sector organisations. Or those who supply UK government departments and have to comply with the more stringent data supply chain guidelines that are a condition of those contracts. 

Neil: Certain sectors can impose commercial terms restricting data transfers. This is typically based on relevant sector guidance (rather than laws) or general perceptions in relation to personal data that leaves the UK.  A couple of good examples are the UK National Health Service’s NHS and Social Care Data: Off-shoring and the Use of Public Cloud Services Guidance and the Financial Conduct Authority’s Guidance for Firms Outsourcing to the Cloud and Other Third Party IT Services. In each instance, there is room for commercial interpretation which can sometimes lead to interpretations that data residency is optimal.

And it is also a consideration for any industry that might have specific laws around, for instance, export controls. We work with a large British defence supplier and the UK has laws around the export of both products and data which mean they prefer to be able to demonstrate that everything we are doing for them is happening on British soil. 

Tim: The new NewEdge data centre in London is the final piece in the puzzle of our post-Brexit European network. For a long time, we have had Management Planes in Amsterdam and Frankfurt, which tick the compliance box for our EU/EEA customers. Plus we have one in Zurich because the Swiss financial sector needs local jurisdiction within Switzerland. We also have one in Riyadh for customers with the same concerns in the Kingdom of Saudi Arabia. And now we have London for the UK. We cover other regions as well of course, with Management Planes in strategic jurisdictions all over the world. We also ensure customers always have access to their company-specific logs and metadata in any of our Management Planes. This allows them, if needed, to download and store this data on-premises or in a local public cloud instance if required for their specific country. This isn’t just a UK issue and we are constantly evolving our infrastructure to address specific customer needs—as legislation imposes data sovereignty and jurisdiction requirements in different nations. We also have plans to add even more Management Planes, positioned in strategic locations around the world.

Emily: Is this how all SSE vendors organise their infrastructure?

Neil: I wish that was an easy question to answer. The reality is that other companies are often opaque about their infrastructure. For example, not always being clear about whether the data centre has “full compute” or all services available, or if it’s even accessible to all customers without additional surcharges or fees. And everyone uses different names for these data centre descriptions—in part because the data centre infrastructure is organised differently too. The thing is, working with so many large global customers—and national governmental departments around the world – we can’t afford to be opaque in this area. When I talk to customers and prospects our transparent infrastructure approach is definitely one of the things that attracts them to us for SSE and SASE. 

Emily: OK so give us a couple of tips for things organisations can ask vendors to identify how a platform infrastructure complies with their specific regulatory requirements…

Neil: They should ask whether they are able to request and get access to event data, metadata, logs, and information on policy violations from their cloud security vendor. Even more importantly, they should confirm that end-user personal data can be limited to specific countries (whether that’s in the US, UK, Switzerland, Saudi Arabia or the EU—whatever jurisdiction they need). It’s also important that customers can define “zones” in which they want to contain their user’s traffic, for example only allowing UK-based users to connect to UK data centres. It’s incredibly common for vendors to span data sovereignty regions with their infrastructure, or run specific products to serve all international customers from different global data centres—and both approaches can sometimes create problems for regulated industries in certain markets.

Emily: That sounds like a very useful thing to know. Alright, I can see why this is exciting then. So the upshot is, with this new NewEdge Management Plane in London we are now able to better meet the regulatory requirements of a range of organisations in the UK. Thanks both!

If you want to know more about our NewEdge network, there’s lots of good information here.

author image
Emily Wearmouth
Emily Wearmouth is a technology communicator who helps engineers, specialists and tech organisations to communicate more effectively.

Stay informed!

Subscribe for the latest from the Netskope Blog