Elaine Feeney is a member of the Netskope Network Visionaries advisory group.
For any business, speed matters a lot. Speed of service is key to happy customers because any delays that users experience directly impact the success of the organization. Security processing that causes delays for the customers or employees has negative business impacts. Now more than ever, security controls have become a board-level priority due to elevating risks. Implementing security without impacting the speed of operations is a challenge every business struggles with today.
I have felt the pain of those trade-offs firsthand. I spent more than two decades working at MCI, Sun Microsystems, and Amazon. Most recently, I was the Vice President of Global Infrastructure Expansion at Amazon Web Services (AWS) where my team was responsible for determining where and how we expanded the network, data centers, and edge site infrastructure. While data centers are key to cloud infrastructure, edge sites have proven to be more essential as they provide critical location-specific access and security for the cloud.
NewEdge: Defining security at the speed of business
Netskope’s mission is to deliver cloud security that eliminates performance trade-offs. This is why they’ve invested well over $100M to design and scale out the Netskope Security Cloud infrastructure—known as NewEdge. NewEdge is architected to strategically position compute for security traffic processing at the edge, as close to the users as possible, which is a key requirement of a Secure Access Service Edge (SASE) framework and for delivering Security Service Edge (SSE) capabilities.
Business productivity is directly dependent on how quickly users can connect, so their traffic can get processed and go where it needs to go. Since most businesses have multiple locations, and the speed of operations matters for every user (regardless of whether they’re in the office or working remotely), the location and design of these edge sites really matter. With data centers in 57 regions today, NewEdge has more locations with compute than its competitors in cloud security.
And each of these locations makes all security services available to every customer—including firewall, web security, cloud access security broker (CASB), and zero-trust network access (ZTNA). Businesses increasingly rely on a wide variety of apps hosted in multiple clouds and therefore they need a complete security stack at the edge.
NewEdge prides itself on having the fastest, low-latency on-ramps for users accessing from anywhere, from any device—striving for consistent single-digit millisecond latency. Backed by industry-leading SLAs, NewEdge enables highly efficient, single-pass processing of traffic inside data centers to ensure the fastest access and a superior user experience while delivering on the security mission. Netskope also over-provisions the network to provide a buffer to scale before it’s needed. NewEdge also operates in a non-blocking mode so that even with all services available, the application of our security features does not throttle customer traffic to and from their SaaS applications.
More than half of NewEdge traffic runs over private or semi-private peering links. Peering (also known as network adjacency) is a direct connection with other service providers. In the case of NewEdge, it’s peering with the carriers, cloud and SaaS providers. This essentially delivers an overlay to the public internet—overcoming inherent performance limitations. Many customers report their user experience is better after cutting over to Netskope and running their traffic over NewEdge.
Getting as close to users as possible
I think that Netskope is proving that by putting the processing of the security as close as possible to customers and interconnecting them with the other cloud networks, then security processing can minimally impact—or even improve—their speed.
The large cloud providers like AWS, Microsoft, and Google don’t have the expansive secure edge sites and solutions that Netskope has. Netskope adds a tremendous value to their customers—I know for a fact it’s something that these cloud providers value. They don’t want their customers slowed down by security controls and solutions, so they have partnered with Netskope to offer the fastest, secure solution to their customers to help protect them against serious cyberattacks.
Another key point is that businesses are not deploying on just one cloud. So having an agnostic secure edge solution that can route whatever transaction they’re doing to their appropriate cloud and interconnect between them as necessary is even more valuable. Clouds are never supposed to have performance issues or outages, but the truth is, unfortunately, sometimes they do. The Netskope network architecture teams are absolutely considering that in their deployment strategies. It’s very beneficial to these cloud deployments to have diverse, redundant routes, which is what Netskope provides.
The closer you can secure on-ramps to the customer, the more value you provide them because they don’t have to architect and pay for secure, diverse routes on their own. The risk that the customers face of getting their data from their physical site to a data center in the cloud is real and takes tremendous experience and expense. Netskope is de-risking that process, keeping customers in safe hands with NewEdge.
Teamwork makes the edge dream work
Netskope can offer such valuable solutions because of their deep network infrastructure knowledge with a depth of experience in understanding how networks were built and are routed in the real world. It takes significant expertise to make the right decisions around traffic engineering, transit selection, peering, edge locations, and hardware to provide the best security traffic processing. Netskope has built a team of seasoned experts in network, cloud, hyperscale, and automation to create the most extensive and connected global edge security infrastructure.
Joe DePalo is in charge of Platform Engineering at Netskope and he leads the team that designs and builds NewEdge. Before joining Netskope, Joe worked with me at AWS where he was the Global Head of Network Development. One of the things that Joe and his team bring is deep industry knowledge. If you don’t have dozens of years of network field experience and an understanding of how the fiber paths are architected, you can only make uneducated assumptions about diverse paths. Joe’s knowledge of legacy network infrastructure prevented a lot of issues for us at AWS. And edge sites are exactly that—network infrastructure.
Joe’s team knows network infrastructure because they had essential roles at telecoms for the past 20 or 30 years. They know where the issues are and they can architect leading-edge solutions around them. The power of Netskope today comes from some of the best, most highly recruited people in the industry. You can’t go to college and learn what they know about legacy network infrastructure—it takes experience.
With all of that assembled expertise, Netskope really understands that an edge site is only as valuable as the truly diverse path that it provides—so customers aren’t having outages or performance issues. If a customer had to deal with all of this on their own, they’d be at the mercy of every telco provider out there, and feel overwhelmed trying to identify the systemic cause.
Rethinking edge computing for security
That diversity in protection only comes from massive infrastructure investments, meaning the number of those strategic sites and the way Netskope has designed the network will become increasingly valuable over time. To solve the customer need, it really takes those assembled years of expert knowledge of telecom infrastructure and having relationships with the cloud providers to allow you to negotiate a peering relationship and acquire space in these highly constrained, critical sites where you need to be. It’s not something you can just throw money at and suddenly have an equivalent 55+ region footprint. What Netskope has built can’t be easily replicated.
The winners in delivering on the SASE vision must design “fast” into their architectures from day one. With Netskope, “the network is the security,” so customers no longer need to compromise speed for security.