Cloud security, let alone SASE, doesn’t work without the underlying infrastructure that provides a consistent “baseload” to deliver the security capabilities integral to protecting users, sites, apps, and most importantly the data. This is more important than ever with security a board-level priority and organizations confronted with an ever-growing number of risks, ranging from the latest ransomware and phishing attacks to insider threats, exposure from data breaches, and lack of the proper controls around SaaS application access.
That’s why Netskope has invested over $100 million in its infrastructure, called NewEdge to power Netskope Security Cloud services including Cloud Firewall, Next Gen Secure Web Gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA) and more. With 2022 in the rearview mirror and the new year just beginning, it’s an appropriate time to recap the advancements Netskope has made with NewEdge and specifically call out four unarguable facts about Netskope’s SASE-ready infrastructure that make it hands down, second to none in the industry.
1. NewEdge has the best coverage
With a total of 24 new data centers added in the last 12 months, NewEdge is powered by full compute data centers in 67 regions worldwide as of January 2023. This includes data centers launched in the last 30 days in new regions such as Dublin, Ireland; Warsaw, Poland; plus Kolkata and Hyderabad, India. Plus, data centers in new physical locations within existing regions like Tokyo, Japan; Los Angeles, California; Chicago, Illinois; and London, UK to create more in-region resilience and capacity. (The latest updates on NewEdge data centers can be found on the Netskope Trust Portal.)
On the coverage front, Netskope also took a major step forward in 2022 by enriching its current coverage of Mainland China—previously addressed via its Hong Kong data center—by launching multiple data centers in Shanghai, China with imminent plans to add data centers in Beijing and Shenzhen, China. Because security is a business imperative and protections need to be extended everywhere, this global coverage is important both for multinationals operating in Mainland China, as well as organizations embracing hybrid work and the work from anywhere (WFA) trend.
By achieving the 67-region milestone, Netskope is now unmatched across the entire security service edge (SSE) vendor landscape in terms of having the best coverage with full compute data centers in more regions–at the edge, as close to the users as possible–for real-time inline and performant cloud security. In order to claim this leadership title, Netskope compared itself to all of the vendors defined in the 2022 Gartner Magic Quadrant™️ for SSE Report.
When we say “best coverage,” we mean truly world-class coverage—not coverage with strings attached. For example,a certain well-known web security cloud vendor publicly shares that across all of its various cloud “zones” in total, they cover 59 regions today. Of those, only a subset are included by default as part of the vendor’s standard service agreement, with 14 regions (or roughly 25%) requiring surcharges. For example, customers need to pay more for access in Australia, Brazil, Korea, New Zealand, South Africa, Taiwan, and the United Arab Emirates (UAE).
Similarly, a well-known next-generation firewall vendor that relies on public cloud infrastructure for the delivery of its services, advertises more than 100 data centers globally, but in reality the vast majority are “front doors” and only about 30 (of those 100) offer full compute for actually processing traffic and enforcing policy. (This architectural approach as discussed in previous blogs on traffic “hairpinning” adds latency by requiring traffic to be backhauled over long distances. In other words, it’s a solution loaded with performance compromises.)
2. NewEdge is the most connected
Based on the Netskope Platform Engineering team’s history and expertise gleaned in building and scaling out some of the world’s largest public clouds and content delivery networks (CDNs), network “connectedness” has always been an area of intense focus in the design of NewEdge. By optimizing connections both to the internet service provider (ISP) “eyeball networks” as well as the web, cloud, and SaaS providers, Netskope is able to deliver a superior, end-to-end digital experience and avoid the classic trade-off between security and performance.
Back in 2020 when NewEdge had hundreds of network adjacencies, we published a blog titled “Why Network Peering & Interconnections Matter” which discussed the advantages of peering in more detail. It was also where we highlighted how NewEdge, at the time, “was one of the ‘Top 75’ most interconnected networks in the world out of hundreds of thousands of BGP networks globally.” Both then and now, most other SSE vendors do partial peering at best. For example, one well-known web security cloud vendor only peers with Microsoft in major markets in North America, Western Europe, and parts of Asia-Pacific.
Today NewEdge has more than 2,000 network adjacencies to more than 500 unique Autonomous System Numbers (ASNs). This includes peering with Microsoft and Google, the world’s two most popular business productivity suites, in every region of the world possible. This also includes across all major markets, as well as Latin America, Middle East, Africa ,and Asia-Pacific. Plus, NewEdge is peered with many other leading brands in web/CDN, cloud and SaaS providers including Alibaba, Akamai, Apple, AWS, Box, Cloudflare, Dropbox, Fastly, Meta, Rakuten, Salesforce, ServiceNow, Tencent, Zenlayer, among others. Two notable additions in recent months include peering with Internet2, which is particularly valuable for research and education institutions, as well as SpaceX. By peering with Starlink and the SpaceX network of thousands of low-orbit satellites, NewEdge can truly claim its network “connectedness” is out of this world.
3. NewEdge offers the lowest latency
Since its inception back in 2018, a key design focus of NewEdge has been to break the unwritten rule of internet security and mitigate the limitations of the public internet and public clouds, so customers no longer have to choose between performance, availability, and security. Especially for networking, infrastructure, and operations leaders, latency is a well-understood measurement of network performance and NewEdge optimizes for the lowest possible latency in every step of a network packet’s journey.
Through the extensive peering and aggressive interconnection strategy described earlier in this blog, combined with the selection of premium transit for the highest performance, the on-ramp of traffic or “last mile” (whether for a remote user or branch site) to NewEdge is fast, typically single-digit millisecond latency for the vast majority of the world’s knowledge workers. This can be demonstrated by using independent, third-party testing services to measure average round-trip times (RTT) in milliseconds from global Catchpoint test nodes to the “front doors” of leading SSE vendors’ networks, including NewEdge. The results show that across all major geographical regions, NewEdge consistently delivers the lowest latency.
Similarly, from any NewEdge data center to websites, SaaS applications or workloads in the public cloud (aka “first mile”), NewEdge prides itself on having the lowest latency. For example in the most recent testing–also performed using the third-party Catchpoint service–every NewEdge data center is within single-digit milliseconds of Google, Microsoft, and leading public clouds, including AWS, Azure, and GCP. (To learn more about the low-latency design and performance advantages of NewEdge, including taking the NewEdge Speed Test, visit our NewEdge resources site.).
The last part of the latency story comes down to the time it takes for security traffic processing and services like next-gen SWG or inline CASB to get applied inside one of the full compute NewEdge data centers. Architecturally, things like Netskope’s single-pass architecture and containerized microservices, plus custom data center racks relying on bare metal servers and the highest-performing networking equipment play an important role in making traffic processing as efficient as possible.
But the best way to prove that NewEdge leads the industry with the lowest possible latency is to get into our service level agreements (SLAs), which put legal commitments and ‘teeth’ behind Netskope’s claims. So with that in mind…
4. Netskope Boasts the Strongest SLAs
A little over one year ago we announced our industry-best SLAs when we moved beyond 5-9s (99.999%) availability and rolled out an industry-first (and best) set of SLAs addressing non-decrypted and decrypted transactions for traffic processing latency inside NewEdge data centers. Although some vendors have yet to evolve their latency SLAs to address decrypted transactions–critically important when you recognize encrypted traffic dominates enterprise networks today–when compared to even the ones who have updated their SLAs in recent months, Netskope is still better.
Not only are the Netskope latency SLAs industry-best in terms of the raw numbers, but they are also stronger since the method for SLA calculation is more stringent. Most vendors use monthly averages which simply add up the latency data and divide by the number of samples, which tends to hide transient performance problems. By comparison—and another proofpoint for why Netskope can claim the strongest SLAs—Netskope uses a monthly 95th percentile. This is broadly s