Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

2025 Predictions
In this episode of Security Visionaries, we're joined by Kiersten Todt, President at Wondros and former Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) to discuss predictions for 2025 and beyond.

Play the podcast Browse all podcasts
2025 Predictions
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working

How SASE and the Internet Took Over Wide Area Networks (Part 1)

Aug 22 2024

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

As I embark on a new role with the Netskope Platform Engineering team, I am eager to explore how our company’s vision shapes the evolution of enterprise networking security. This first article in a series is a testament to my technical introspection, introducing the background, challenges, and needs that led to SASE—security access service edge.

Over the past quarter of a century, enterprises have gradually recognized the internet as a reliable means of transporting applications. Remote work further accelerated this shift, transforming the workspace into a borderless environment. Coupled with the rise of corporate SaaS applications, this has led to a new era of connectivity.

However, in this new era, the internet has become a critical vector for cyber threats. As organizations rely more on the internet for connectivity, they face increased exposure to sophisticated threats, including data breaches, malware, and phishing attacks. SASE emerged as a response to the limitations of traditional networking and security models.

With all of that in mind, let’s take a journey through the recent history of WANs to understand the direction security and networking are heading.

Wide area network evolution shaping our present and future

In 2000, before the internet bubble burst, Cisco Systems had the highest market capitalization worldwide, standing as the unquestioned leader in the enterprise networking industry. Internet security products were negligible in Cisco’s revenue statements, contributing only a tiny fraction of their sales. Overall, cybersecurity was still a relatively small sector. Corporate networks and the internet used to exist as two distinct silos, a separation that inherently provided security without necessitating encryption.

The wide area network (WAN) backbones, which were, by definition, running on private physical infrastructure, relied on legacy dedicated point-to-point lines and protocols, such as frame relay and ATM.

Additionally, cloud applications were not that critical for corporations. Besides email, electronic communications and IT resources were mainly private.

Some early adopters started using more IPsec site-to-site tunnels for WAN backup and offloading low-priority traffic over the internet. I remember demonstrating such implementation for a large corporation back in 2002, but it didn’t go beyond a proof-of-concept. At that time, best-effort internet was not considered eligible to transport sensitive corporate traffic. Today, this has evolved with intelligent quality of service and orchestration within a graphical interface, representing the SD-WAN part of SASE.

Multiprotocol Label Switching (MPLS) virtual private network (VPN), a genuine IP-minded solution, was the rising star.

MPLS and VRF: Enhancing IP routing and network isolation

MPLS is a set of core switching protocols designed to speed up IP routing. It combines the advantages of IP and ATM.

Network operators and vendors developed the VPN application of MPLS to provide network isolation at layer 3. On an MPLS-VPN network, each VPN is a private routing context. Customers purchase one or several VPN contexts to segregate their WAN routing environments over the same physical infrastructure.

Traffic over MPLS-VPN is generally not encrypted and the network is trusted. In most cases, these VPN instances naturally became the long-haul extensions of the local area network VLANs. Machines with the same usage profile would sit in the same LAN segments and VPNs.

The Impact of SLAs on Differentiating MPLS-VPN from Internet Services

For corporations (or at least their legal departments), the primary quality metric was SLAs and the penalties that come with them. In other words, how can the penalties be harmful enough to the service providers to care for and match a decent quality of service?

On MPLS-VPN networks, packet delivery, round-trip delays, and service availability are subject to SLAs. In contrast, most internet services only offer time-to-restore or availability SLAs. These contractual items have been the key argument for telcos to differentiate MPLS-VPN from IPsec over the internet. 

SLAs do not apply when the link has been broken because of a force majeure event: natural disasters, acts of war, government actions, and pandemics, among others. For example, if an excavator cuts a fiber cable, and even if it’s not considered a force majeure event, it makes no difference whether the service is internet or MPLS-VPN. There’s only a small chance that the provider will restore the link within the SLA time.

Building resilient and capable networks: Meeting SLAs amidst complex constraints

To support SLAs, resiliency and capacity management have always been prevalent themes when designing communication networks. These attributes are fundamentally about ensuring the network is extensive, redundant, fast, and agile enough to meet customer expectations under any network condition. However, achieving this involves navigating a complex set of constraints, such as:

  • Multiple routes available between two points.
  • Each link has its own capacity management.
  • Backup routes must restore fast enough to preserve the ongoing sessions (e.g., a phone call) without the users noticing when a route goes down.
  • With IP, not all applications (such as voice) have reserved bandwidth. The network may throttle low-priority applications during congestion events, but not excessively. 

The approaches in private backbones like MPLS and the shared internet network are naturally profoundly different. The internet has always been considered “best effort,” while MPLS-VPN guarantees quality of service. However, users expect the internet to deliver a decent service in most network conditions. Competition among internet service providers has driven improvements in quality. Techniques and toolkits for managing internet capacity have significantly advanced

Many efforts have also been invested into enriching the arsenal of traffic engineering techniques in IP protocols and MPLS environments, including online capacity management, bandwidth reservations, application priorities, end-to-end paths policies, fast rerouting, and more.

The good news is that MPLS, as a backbone technology, is now the underlying carrier for everything from mobile networks to the internet, and some of these efforts also benefit the internet, not only MPLS-VPN.

The internet’s rise: From home necessity to corporate backbone

For consumers, the internet quickly started providing such valuable use cases that it soon became essential to subscribe to an internet service at home. Some of these examples include personal email, online shopping, search engines, encyclopedic content, social media, and instant messaging.

Around 2008, the internet conquered the mobile space with the user-friendly smartphone, its ecosystem, and high-speed cellular data. Smartphones made access to these ubiquitous use cases, causing a seismic growth in the volume of data flows and user counts.

Alongside the growth of traffic volumes, which was multiplied by the growth of internet video services  (see Figure 1), the number of internet users increased dramatically.

Figure 1: Growth of global Internet traffic in the past 30 years

Internet use in the enterprise accelerated too. In addition to consumer-friendly applications, access to SaaS applications, starting with Salesforce, became a significant topic for IT departments. SaaS solutions offered scalable, cost-effective alternatives to traditional on-premises software, reducing the need for extensive IT infrastructure and maintenance.

Some CIOs even decided to backhaul users’ traffic and deploy private and expensive connectivity, such as Secure Cloud Direct Interconnect (SDCI), to reach services primarily available on the (free) public internet. For a long time, we could never fully resolve the conflict between the ubiquity of the internet and the guaranteed quality of service provided by private backbones.

Embracing remote work: The shift to SASE

Innovation was pushing for changes. The pandemicmarked a dramatic shift. Remote workers became the norm. They were able to benefit from business applications from their homes as if they were in the private and concealed areas of the enterprise locations and WAN networks. Cloud and particularly virtual meeting applications, such as Microsoft O365/Teams, would be affected in a centralized configuration with a single or few WAN breakouts to internet. Users require their internet traffic to go through the shortest possible path.

Internet players kept provisioning massive bandwidth to cope with the pace and absorb the additional load. The internet coped very well with the load that suddenly moved from the office building endpoints to home locations.

Naturally, the user’s workstation turned into the only remaining barrier to the privacy of company data. Intellectual property, secret commercial data, and any information to safeguard must be reached through the employee device and cloud services, which could be anywhere.

Nonetheless, CIOs couldn’t sacrifice service quality and security. Preserving productivity and guaranteeing privacy and data protection are essential. The removal of the corporate “perimeter” has led to the spread and growth of sophisticated attacks, ransomware, involuntary breaches of confidentiality, and insider threats. This threat landscape requires a ubiquitous and granular security model to protect users and data everywhere, moving from traditional defenses, the castle-and-moat, to a global, always-on security layer. This logically gave birth to SASE. 

In the next part of this blog series, we’ll explore the SASE connectivity paradigm and how Netskope delivers high-grade connectivity in this new landscape.

Stay tuned for the upcoming installments of our I&O Perspective series. Join us at SASE Week 2024 to explore the latest in SASE and Zero Trust, and learn how to enhance your organization’s security and network transformation strategy. Don’t miss the “SASE for Networkers Roundtable” on Sep 25,  where customers will share their digital transformation journeys toward SASE