Episode 1: The evolution of corporate networks

Hi, I'm Simon here at Cloudflare, and I'm going to talk about our SASE platform to help you modernize your corporate network. Many company networks have been built on technology that simply can't cope with today's security, performance, and monitoring needs. The demands on a corporate network have evolved dramatically over the past few years. Those working in IT and networking are really struggling with the fact that users, their devices, and the applications and data they need to access are distributed all over the place, beyond the perimeter of the classic corporate network. They're trying to address this problem with legacy approaches, which increase cost and complexity, and can result in a solution that doesn't perform that well, leading to really irritated users. So in response to these challenges, the concept of SASE has evolved. It stands for Secure Access Service Edge. It's a new approach to networking and security, which reduces complexity, as well as bringing stronger access controls and improved performance for the protection of applications, users, devices, and your company data. But how does it work? First, let's go back and let's look at how networking and security solutions used to be designed. Decades ago, employees would travel into an office and use the company local network, which was made up of that network, plus also connections to branch offices, maybe a data center, and various other locations, via private leased lines using technologies such as multi-protocol label switching, or MPLS. You were paying for expensive private connectivity with dedicated bandwidth, and typically all Internet access was backhauled through these connections to a single data center, where firewalls and proxies would then inspect the traffic and apply the security controls. But over time, as the available Internet bandwidth increased for less cost, the need for these dedicated lines diminished, and software-defined networks, commonly known as SD-WAN, became popular, helping businesses better manage traffic and optimize usage of cheaper Internet -based IPSec tunnels versus these expensive leased lines. However, SD-WAN still left businesses managing complex on -premises appliances and having to deal with configuration changes and software updates. Also, firewalls associated with these SD-WAN appliances were relatively limited, and often paired with extra hardware for a more complete security solution. While all this was going on, the proliferation of devices such as laptops and smartphones were allowing employees to work from anywhere, so VPNs were added into the mix, where people could dial up to the VPN and access their company network. Often, all their Internet access was also funneled through these VPN connections, so the same security policies office users had would also be applied to the remote user traffic, and it all came back through that company data center. And this approach is really hard to manage, with multiple vendors and different appliances and different dashboards to configure the policies across all these technologies, and they're not really designed to work well in the modern distributed workplace. But today, it's not just users and devices that have left the office and company network, but the applications and data live all over the place as well. They've migrated out of the data center into cloud infrastructure, such as AWS, Azure, and Google. Some applications have been completely reimagined as SaaS apps, where companies no longer run the servers but just rent access to tenants in large software deployments, you know, such as Salesforce or Workday and Zoom. And users are not just taking a short trip away from the office anymore, some people don't even visit one. They're working from home, in coffee shops, even on aeroplanes, and sometimes they might visit an office, yet the same needs still exist. The right person should get access to the right applications and data, latency or the performance of the application should be really high quality, and all while using secure devices and being protected from Internet threats, such as phishing campaigns and ransomware attacks. Because of this constant need for everyone to access anything from anywhere, SASE architectures evolved, where the intelligence in the network is migrated out of these on-premises appliances and now into massively scalable global cloud networks. So how does Cloudflare's SASE platform work? Well, first and probably most importantly, we've built a massive network spread all over the globe. We've deployed thousands of servers in data centers in hundreds of cities, creating peering relationships with thousands of other networks. On top of all of that, we've ensured that we have connectivity in all the important Internet exchanges. These are places where all the big connectivity of the Internet is shared. To give you an idea of the scale of this huge network, it handles around 20% of all Internet web traffic, and it can deal with the largest denial of service attacks that have ever been seen. The scale and performance of this network is really important, because from a SASE perspective, you're going to be routing all your user device and network traffic into it. Every server in our network runs all the capabilities you need to inspect and secure traffic. So access controls, traffic routing, caching all run on the server that your user or network is connected to. So now instead of all the security controls and network logic spread across a variety of different vendors and appliances and services that you're having to maintain, it's centralized in a cloud service that operates and points all over the globe so that each user or network is connected to a fast local data center. And Cloudflare's SASE platform is part of a greater connectivity cloud. So what's a connectivity cloud? It's a unified platform of cloud-native services that spans networking, security, and application performance, and it's designed to help companies regain control over their technology infrastructure. Our connectivity cloud goes way beyond just protecting employees and their access to company resources. It's also used to protect public assets like websites and APIs. In fact, we run one of the world's fastest DNS servers. We've even exposed the underlying components of our platform, letting developers write and run their code directly on our network. Then they can extend their existing services or build entirely new applications, leading you to an infinite amount of things you can build. So to summarize, Cloudflare's SASE platform, which runs in our connectivity cloud, allows companies to reimagine their company network. Users connect to Cloudflare's global network via a data center that's close to them, and that server then ensures that they don't access phishing sites on the Internet or gives them secure access to an internal company application. All of this is happening in milliseconds across our vast network. Because we can deliver all these capabilities in a single platform instead of different vendor solutions, it means that companies can centralize all that management into a single well-integrated dashboard. This ultimately drives down your cost, less time used to manage the services, less or often no hardware to purchase and maintain, and it's cheaper to purchase the actual final solution. Well, thanks for watching. This video is part of a series which explains how to build your new corporate network using Cloudflare's SASE platform. Watch other videos in this series to learn more. Hi, I'm Simon from Cloudflare. Congrats on finding this video. We also cover a wide variety of topics including application security, corporate networking, and all the developer content the Internet can hold. Follow us online and thanks for watching.