As enterprises have fragmented into multi-site operations with increasingly-mobile employees who access on-premises and cloud-based resources via a mix of managed and personal devices, so the headaches for CIOs and CISOs have multiplied. How do you give users access to the applications and services they need to get work done, while also ensuring that network security is not compromised?
An increasingly popular approach is the software-defined perimeter (SDP), which Gartner predicts is on track to be adopted by 60 percent of enterprises by 2021, replacing network VPNs. This space now has a new entrant, in the shape of Tel Aviv-based startup Meta Networks, which has emerged from stealth mode with $10m of seed funding from VC firms Vertex Ventures and BRM Group.
Central to the SDP model is a military-style 'zero-trust' approach centred around device authentication, identity-based access, and dynamically-provisioned connectivity, with per-user policies defining the network resources that can be accessed.
Meta Networks' network-as-a-service platform, Meta NaaS, replaces multiple site-centric VPNs with a user-centric solution that offers always-on network security and reliable connectivity via a cloud-native global backbone. The backbone currently has around 30 points-of-presence (PoPs) -- a number that the company says can grow quickly in response to customer demand.
Founded in 2016 by CEO Etay Bogner (previous ventures include Stratoscale, Neocleus, and SofaWare), Shmulik Ladkani (chief architect) and Alon Horowitz (VP of R&D), Meta Networks implements the zero-trust model via identity-based policy routing and packet-level identity verification -- patent-pending technologies that, the company says, are "essential for ensuring security and scale in a user-centric global network".
There are two ways to connect to the Meta NaaS platform: employees with managed devices can use an always-on IPSec VPN client (which also protects internet traffic), while employees with personal devices can access a restricted set of network resources via a browser. The latter method is also recommended for third parties such as contractors and partners -- who are often targeted by cybercriminals as a route into corporate networks. In both cases, policies define the applications and network resources that users can access.
See also: Special report: The cloud vs datacenter decision (free PDF)
Co-founder and chief architect Shmulik Ladkani told ZDNet: "For example, I can say: Shmulik is a member of the R&D team, so he can access whatever assets or deployments in the cloud that the organisation has. But Amy, as part of the marketing team, can access a different set of corporate applications that are deployed elsewhere. The whole idea is, it's software-defined and no longer based on the location of the users or the assets; it's based on the identity of the users or the devices."
"You have unified management that allows you to control the policies, the network topology, the access rights. You can see the entire access logs -- who has accessed which assets in which time -- no matter where the user was located. You can see them in one place, with everything programmable and available through our APIs," Ladkani added.
The internet security stack employed by Meta NaaS is open and interoperable: current partners are Symantec and Cyren, with more on the way; customers can also 'bring their own' security stack if need be.
Another big advantage for CIOs is the ability, thanks to a full set of APIs, to connect up cloud services to Meta NaaS rather than having to install and configure VPNs for each cloud instance. Meta NaaS also simplifies the onboarding of remote branches to the company network via a lightweight MetaPort virtual appliance or direct user connection. This approach is simpler and more cost-effective than using dedicated SD-WAN branch appliances and MPLS links, says the company.
Meta Networks is targeting medium-sized enterprises with significant numbers of mobile employees, which are in the process of cloud migration. Customers are currently in "double digit" numbers, according to chief marketing officer Amy Ariel, and include MyHeritage, Dynamic Yield, Infinidat and Arctiq Intelligent Architecture. Ultimately, Meta NaaS will be sold via resellers, integrators and MSSPs, but for the moment Meta Networks is using a direct sales approach.
RECENT AND RELATED CONTENT
XaaS: Why 'everything' is now a service
The three traditional pillars of cloud computing -- SaaS, PaaS and IaaS -- now support such a range of services that IT, and business, is entering the 'Everything as a Service' or XaaS era.
Zscaler wants to eliminate VPNs with cloud-based Private Access tool (TechRepublic)
Zscaler recently announced its new Zscaler Private Access (ZPA) tool, which ups security by separating data and network access for users.
Network security policy (Tech Pro Research)
This policy will help you create security guidelines for devices that transport and store data. You can use it as-is or customize it to fit the needs of your organization and employees.