Over a decade ago, when cloud-delivered security services like secure web gateway (SWG) began emerging, the focus was mainly on protecting a small segment of the workforce—remote users plus contractors, suppliers, and partners. The challenge was ensuring these off-premises users had the same security protections as those on-site, especially when endpoint agents were insufficient, impractical, onerous, or prone to being disabled! At that time, many high-profile enterprises—for example in banking and financial services—also considered cloud services as a backstop in case of dreaded “black swan” events. For example, extreme weather events like Hurricane Helene or Hurricane Milton, or unexpected crises such as civil unrest, terror attacks, or war, could take an entire data center or head office offline In both cases the objective was to ensure security coverage was always in place, since security had become so integral to the business and the consequences so great if there was a gap (e.g. loss of valuable data or intellectual property, fines and penalties from non-compliance, or a negative impact on a company’s public brand and reputation).
These enterprises were ahead of their time, as we learned during the COVID pandemic, with the remote work paradigm being flipped. Today, workers will sometimes be in the office and other times working from home. It’s the norm, not the exception (and in some cases, the promise of hybrid work is even being used to aid in recruiting talent). This has obviously accelerated the adoption of cloud security services, including a security service edge (or SSE) that combines firewall, web, and SaaS security, as well as zero trust network access (ZTNA). Today, the application of cloud security extends far beyond remote workers. It now encompasses all enterprise traffic—from users, sites, and machines—routing through provider infrastructures. For providers like Netskope, this shift brings immense responsibility, but for enterprises it also unlocks major advantages related to infrastructure consolidation, cost savings, and enhanced security. Networking, Infrastructure, and Operations (NI&O) teams that have adopted Netskope have also benefited from a streamlined “direct-to-net” approach, removing latency and the performance hit that comes with it.
Now a new conundrum is manifesting itself and forcing many enterprises who have standardized on a cloud provider to re-evaluate their architecture. Because the risk of a “Black Swan” is still ever present, the enterprise expects service providers to protect them against it. In large part, service level agreements are provided as the “insurance” from the vendor that they can deliver, but it is not enough.Customers are increasingly asking the hard questions and wanting to get into the details of the providers’ architecture. They want to understand for example how Netskope has built and designed its own infrastructure to be ready to handle the unexpected—while continuing to deliver always on, always available security that is fast and with a great digital experience.
Why “Architecture Matters” with Netskope NewEdge
Early on, Netskope recognized that “architecture matters” and prioritized the right architectural approach for security traffic processing at the edge, investing more than $250M in its NewEdge infrastructure. The Netskope Platform Engineering team—composed of veterans who have built and scaled out some of the largest clouds and content delivery networks (CDNs) in the world—draw from their real-world experiences solving some of the internet’s toughest challenges. The team designed NewEdge with both performance and resilience in mind, ensuring it meets the stringent business continuity demands of enterprises. This includes a focus on more than just the end-user experience, but also an obsession with customers’ internal operations. At the end of the day, NewEdge must not create a burden for network operators. Instead, the goal is for NewEdge to simplify and improve operations, compared with previously orthogonal security solutions that forced trade-offs.
In order to deliver on this mission, the building blocks of resiliency within the NewEdge architecture begin with the sheer volume of NewEdge data centers, or “network edges,” strategically positioned across 76 regions globally, including a presence inside Mainland China. Every data center is built with complete service parity to the others, offering full compute and the complete set of SSE services in every location. The NewEdge capacity management strategy is also key to reliability and resiliency as scaling is done intentionally, well ahead of demand. Because NewEdge is built on replicable units of capacity, new capacity can be added with ease, while reducing the potential blast radius. The Netskope “data center factory” approach also ensures infrastructure consistency and enables rapid deployment of new data centers, often in just a few weeks.
The aggressive interconnection strategy of NewEdge is another critical building block. Every data center has redundant, premium transit links as well as extensive peering— in total representing more than 4,000 network adjacencies and 700 unique ASNs today. In fact, Netskope is consistently in the “top 15” organizations globally, across all industries, in terms of global IX participation. For example, Netskope aggressively peers with Microsoft, Google, Salesforce, AWS, and others at every location where there is a common interconnection point. With this focus on “connectedness” built into NewEdge, the Platform Engineering team has invested heavily in developing in-house software to maximize the use of the most highly-available and high-performing connectivity in real-time.