The massive migration to cloud computing and SaaS has meant a sea change in how network security offerings are offered and consumed. These trends culminated in a market of Secure Access Service Edge (SASE) offerings from on-premises security hardware and software vendors, as well as new cloud-native security service providers. SASE consolidates multiple security services into cloud-hosted and hybrid cloud offerings, typically accessed via secure tunnels over the Internet, from remote workers and branch offices. SASE security service offerings and corresponding network edge entry points are made available via a distributed set of PoPs constructed either in colocation data centers or via public cloud providers.
Cloud Security is Also About Digital Experience
SASE adoption was already gaining traction going into 2020, but accelerated dramatically due to the sudden work from home shift catalyzed by the COVID-19 pandemic. As growth across the sector has risen, it has become clear to the major SASE players that they are not only held responsible for security, but also for the employee digital experience and application performance delivered via the end-to-end SASE architecture. Evidence of this is seen in Digital Experience Monitoring (DEM) technology acquisitions and product offerings by Palo Alto Networks, Fortinet, and Cisco.
Challenge: Internet-Based Interconnection
However, a major stumbling block to delivering the level of security along with expected performance remains: insecure and unpredictable Internet performance. Traffic from office locations to SASE PoPs and from those PoPs to upstream data centers, cloud and SaaS locations are often delivered over public Internet and IP transit connections. Wherever the Internet touches, security and performance are never a given. VPN tunnels offer encryption for security. However, performance across the Internet as an underlay is unpredictable, and VPN tunnels add processing overhead that impacts latency in particular.
Of course, in terms of getting users and remote offices to the SASE provider’s edge, the ubiquity of Internet access combined with PoPs within tens of milliseconds of user locations makes VPN-based connectivity the de facto choice.
However, for interconnection between the SASE PoPs where security service processing occurs, and enterprise cloud core locations, Internet VPNs are more problematic. Enterprise cloud cores handle volumetric, mission-critical application and data workflows, encompassing essential business processes and aggregated user to application traffic. The problem is that these volumetric flows require privacy, and security, along with predictable high performance at scale. Internet VPNs can’t deliver effectively on this requirement. Let’s set aside that the Internet as transport isn’t private and does expose traffic to broader security issues. But the real issue is performance. The combination of VPN tunnels with their significant overhead, with unpredictable Internet transit creates measurable downside performance impacts. To get a feel for how drastic this impact can be, check out this video comparing VPN overlay vs private connectivity throughput for Kafka streaming.
The performance drag of these tunnels going to cloud VPCs, colocation data centers, and enterprise SaaS like Salesforce impacts user experience. Furthermore, VPN tunnels traversing the Internet and cloud provider backbones pose significant visibility challenges, even for synthetic monitoring. Cloud backones in particular are highly abstracted and can block traceroute-style synthetic network monitoring techniques.
Next-Gen Interconnect to the Enterprise Cloud Core
What’s needed is a way to get connectivity that delivers private, secure, predictable performance, but that avoids the inflexibility of telco connections with their long-term peak capacity commitments. This is exactly what PacketFabric offers.
PacketFabric has built a massively scalable, private, end-to-end automated Network-as-a-Service platform that offers on-demand, secure connectivity ranging from 50mbs to multi 100gbs. Available in 290+ data centers covering 24 global markets, PacketFabric offers security providers a huge footprint of scalable and flexible interconnection options for their enterprise customers. The benefit of this reach is that security providers can now ensure greater security and more predictable user experience, which enhances SASE customer satisfaction and confidence, reduces service calls, lowers churn, and ensures adoption and growth.
The PacketFabric platform reaches all the colocation sites where enterprise IT teams host their data centers and utilize them as regional WAN hubs. PacketFabric also offers a MarketPlace where security providers can make their offerings available for easy, instant, and secure access by PacketFabric customers.
In addition, PacketFabric gives security providers an enhanced option for privately connecting their own co-located data centers and Public Cloud deployments with far greater technical and billing flexibility than telco options. This private backbone connectivity option also offers dramatically improved cost efficiency when compared to cloud provider IP transit offerings, and simplifies connectivity management when compared to dealing with many different telco underlay contracts. And all this is available in minutes via a portal and API on a multi-tenant and sub multi-tenant basis.
Start Your Next-Generation Interconnect Journey
The future of the enterprise IT architecture is hybrid and multi-cloud. Remote workers and many offices will access cloud security services via the public Internet. However, the public Internet is too insecure and unpredictable to act as the core of enterprise cloud architectures, which constitute the heart of their digital business operations. PacketFabric offers SASE and cloud security providers a superior and flexible private option to connect to the enterprise cloud core with scale, agility, predictable performance, programmability, security and privacy, without compromise.
Learn more about our services offerings including hybrid cloud connectivity and multi-cloud routing. If you’re ready to start moving forward, you can register via our portal and try out our services month-to-month at an affordable starting point, or request a demo.