VMware recently announced that VMware Cloud Web Security™, a cloud-hosted service of VMware SASE™, is generally available. VMware Cloud Web Security is a cloud-hosted service that better protects users and infrastructure accessing SaaS and Internet applications. Attend our upcoming webinar to learn more about how users in the distributed workforce can access their applications without the fear of threats or concern about compliance – and how IT can keep the agile workforce productive.
The growth and sophistication of mobile and cloud technologies started to enable more people to work from anywhere, more easily. When COVID-19 forced millions of employees to work outside corporate offices, that growth sped up exponentially. Now corporate IT staffs are figuring out how to secure these new traffic patterns and provide a great end user experience for employees. They are also bumping up against the constraints of current solutions.
The limitations of hardware-based security
In the traditional centralized network security model, enterprises sent all traffic through the corporate data center for inspection. This is where the security stack and applications resided. In the traditional centralized network security model, enterprises sent all traffic through the corporate data center for inspection. This is where the security stack and applications resided. The post-COVID distributed workforce backhauls traffic destined for SaaS and cloud locations through the corporate data center. This adds latency, which results in a poor experience with the application, and lowers productivity.
To access SaaS and cloud apps from a branch office in this centralized hardware-secured model, users would need to go directly to the Internet – which opens a security hole. This creates the need for a physical or virtual form factor security appliance, such as a firewall, to sit at the branch. This is a reasonable workaround for a few branch offices. However, as the number of branches increases – and in the distributed workforce, a “branch” could be a single employee working at home – the enterprise needs to add more and more security appliances.
The Internet and websites that people access for work are constantly evolving. For example, around 80 percent of websites are estimated to be encrypted using the HTTPS protocol vs. 40 percent just 3-4 years ago. To properly protect remote users, enterprises need to be able to decrypt that traffic. As SaaS traffic increases, the need for decryption increases. A hardware-based solution requires more hardware at every single location to cope with this new requirement, and/or add appliances and CPU capability in the data center. The costs and workload for IT go up with each piece of hardware. It’s not a scalable solution.
Employees expect to be able to access applications without fear of security threats or violations when they work from anywhere, on any device. And when they use their own devices for work, they expect to be able to switch seamlessly between work and personal applications.
Cyber threats are constantly changing and growing
Our colleagues at VMware Carbon Black publish a number of eye-opening reports about cyber threats. For their 2020 Global Threat Report, the Carbon Black team interviewed more than 3,000 security professionals. They found that 90 percent have seen an increase in attack volume, 94 percent of organizations worldwide have suffered a data breach, and 80 percent of security professionals say attacks have become more sophisticated. According to the report, “A staggering 91% of all global respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.”
The sheer number of new device types on enterprise networks is increasing the potential attack surface. People use a variety of devices to work from home or anywhere. Devices such as sensors and hospital equipment on the Internet of things (IoT) are growing exponentially. The total number of connected devices is expected to reach 41.2 billion by 2025.
Enterprises have responded by increasing the defenses they have, using eight or nine separate security tools on average. However, the cost and complexity of managing and upgrading all these separate solutions becomes an operational burden that can slow response to new business requirements. A patchwork of tools can leave security gaps that bad actors can exploit.
VMware Cloud Web Security
Cloud Web Security administers security including SSL decryption, security inspection and enforcement on the optimal path between users and applications. It’s delivered from a worldwide network of VMware secure access service edge (SASE) points of presence (PoPs) that act as the closest on-ramp to cloud and SaaS applications. As an integrated service, networking and security services are delivered as a single-hop solution, eliminating the higher latency associated with multiple-hop processing.
Cloud Web Security is hosted on the VMware SASE Platform, using an industry-proven deployment architecture. Customers can deploy security services faster and remove barriers in migrating from on-prem to cloud security services, stay compliant with local regulations, and gain visibility into application and employee activities.
The VMware SD-WAN Orchestrator ensures common security policies are applied to each network segment using a single management pane. This removes any policy mismatches so that all users and segments are protected equally, including remote and work-from-anywhere users. Security policy follows the user, delivering a seamless experience.
Learn how SASE and Cloud Web Security can help your enterprise
Addressing security in a cloud and SaaS-based world needs a cloud-based solution. Secure access service edge (SASE) delivers networking and security as a converged cloud-hosted service. It enables reliable, more secure, and efficient access for users located anywhere to applications on any cloud, while protecting users and infrastructure against internal and external threats. Learn more about SASE and Cloud Web Security at our webinar on July 14 at 10 am PST, or watch on demand later.