Security unicorn Netskope is rolling out a global edge infrastructure to support its cloud security platform. The new distributed network infrastructure, aptly named NewEdge, provides customers with improved real-time security because of lower latency afforded at the edge, said Joe DePalo, senior vice president of platform engineering and operations at Netskope.
Instead of using the internet to deliver security services, “we have built an overlay over the internet” to interconnect users, cloud services, commercial providers, and carriers using performance- and availability-optimized routing, he said. “We monitor the end performance of every end user, and we optimize, through software and topology, to get the best connectivity.”
This means customers don’t have to choose between security and performance, DePalo added. “We will cover the globe in less than 50 milliseconds and connect to every customer, every cloud provider, and every carrier to provide higher performance and a secure, undisrupted experience.”
This year Netskope will deploy more than 50 points of presence (POPs) across the globe (25 are live now) supporting hundreds of millions of concurrent connections, with a total throughput capability of 100 terabits per second (each POP has a minimum 2 Tb/s of capacity). The vendor plans to add two new POPs per week and have more than 100 locations by 2020. These includes carrier-based facilities, some larger colocation facilities, and mini edge data centers along the lines of those championed by newer edge companies like Vapor IO, Packet, and MobiledgeX.
It makes a lot of sense. A distributed network means that vendors can put security services closer to end users and devices that are spread across the globe. And this enables better security compared to deploying appliances in a few locations or working with security vendors that provide legacy-technology-based POPs.
Still, DePalo said he doesn’t know of any other cloud-based security companies taking this distributed approach to support their security products. And there’s a pretty simple reason for this. “It’s very, very hard,” DePalo said. “Maybe 200 of the people in the world can build an edge infrastructure like this.”
Fortunately for Netskope, DePalo’s one of them.
DePalo came to Netskope, which got its start as one of the original cloud access security brokers (CASBs), from Amazon Web Services (AWS). The cloud security startup brought him on board specifically to build its new, distributed network. DePalo was previously the global head of internet services for AWS where he was responsible for the AWS Global Network and the Amazon carrier strategy.
Prior to AWS he was SVP of operations and engineering at Limelight Networks. There, he and his team built the second-largest content delivery network (CDN) in the world.
“Amazon’s edge network was designed to optimize their services, but it was not designed to optimize traffic in and out of their services,” DePalo said. “And it’s that way across all of the cloud providers. So we saw an opportunity to be that onramp for customers to have a secure, performance, highly available service. We don’t control the internet. But if we invest in our infrastructure then we can control that your traffic is secure."