Traditional networking architectures over the past two decades or so prescribe that the hub of the network be build around a specific location, such as a data center or a company’s headquarters building.
This location houses most of the equipment for compute, storage, communications, and security, and this is where enterprise applications are traditionally hosted. For people in branch and other remote locations, traffic is typically backhauled to this hub before going out to other locations, including to the cloud.
Though that formula has been standard operating procedure for many years, it doesn’t fit the way of work for many enterprises today. For one thing, there has been a major migration to the cloud. Those enterprise applications that run the business are now hosted in cloud platforms such as Amazon Web Services or Microsoft Azure, either as private applications or as SaaS apps such as Office 365 and Salesforce. In fact, companies often use multiple cloud platforms.
As for employees, more of them are now mobile or remote workers, but they still need secure access to enterprise applications and resources. The typical solution for giving mobile employees access to IaaS or PaaS resources is a VPN, which can be cumbersome and expensive to deploy.
These trends of cloud migration and mobility are only continuing to grow, and they are putting tremendous pressure on traditional networks. The old perimeter of network security is long gone. Unfortunately, the need for network security is stronger than ever as threats become more pervasive and damaging.
Network-as-a-Service addresses new networking challenges
Meta Networks recently launched a new type of Network-as-a-Service (NaaS) solution to address these challenges. Meta NaaS utilizes a global overlay network that functions like a private WAN for each enterprise customer. Users, as well as enterprise resources (e.g., data centers, branch offices, etc.), connect to the Meta NaaS through local points of presence (PoPs) located all around the world.
Meta Networks’ emphasis is on a secure, user-centric network delivered as a service to connect people, applications, clouds, and work sites within a software-defined perimeter (SDP). It is a zero-trust version of a VPN that revolves around users rather than a physical topology of a traditional network hub.
All traffic — LAN, WAN, and Internet — flows through the Meta NaaS network. Internet traffic breaks out at the local PoP. The network functions similarly to a very big distributed identity-based router that Meta Networks has deployed in the cloud. Policies abstract the physical topology to deal with users and resources.
How users connect to the network via NaaS
Individual users have a unique, fixed identity regardless of where they connect from and what device they use. They can connect to a PoP in one of two ways: using an IPsec client or via a browser-based solution. The SDP provides one-to-one network connections that are dynamically created on demand between a user and a specific resource the user needs to access. Everything else is invisible to the user. No access is possible unless it is explicitly granted, and it’s continuously verified at the packet level, effectively establishing dynamically provisioned secure network segmentation.
All endpoints attempting to join the network are authenticated and authorized before being able to access any resource on the network, as well as throughout the session. This reduces the attack surface by hiding network resources from unauthorized or unauthenticated users.
Security can be further enhanced through a range of traditional security services, such as secure web gateway and cloud access security broker, which are available as network functions. An enterprise can choose which security services to deploy can and “chain” them so that traffic passes through the appropriate security points in succession.
This network simplifies connectivity of all an enterprise’s cloud assets into one network, even if they are hosted by multiple cloud providers. Companies are able to connect multiple cloud platforms, such as AWS, Azure, Google Cloud Platform, and Oracle. What’s more, Meta NaaS enables hybrid cloud networking between on-premise servers and public clouds.
The Meta NaaS is an easy deployment for an enterprise. Just as the name implies, it’s a service. There’s no equipment to install, and customers don’t need to buy, maintain or manage any RAS or VPN concentrators. It’s easy to onboard workers and bring applications and data onto the network. Security policies are also easily configurable.
Enterprises already consume software, infrastructure and platforms as a cloud-delivered service. The Meta NaaS provides the advantages of scale, agility and cloud-economics by delivering network connectivity and security as a service.