Introducing Critical Infrastructure Cybersecurity: Security and Visibility Across the OT/IT Boundary.

Our Blog

Enabling the branch office via the Cloud

Share

Wednesday, May 30, 2018

Unmanaged devices

We previously discussed our Direct Connect Endpoint solution which enables organization to protect end users everywhere, without sacrificing latency. But there is no “one size fits all."

Specifically, there are situations where the endpoint does not solve all the problems; like BYOD or guests’ devices. Even when the device is fully owned by the employer, the IT department is not always willing to install new software: either due to internal processes, or compatibility concerns with the OS or other programs.

Protecting branch offices

This brings us to a restated business problem: can one protect branch offices without requiring endpoint software installation, or a large hardware/operational expense, and without impacting browsing speed?

The answer is again a resounding ‘yes’, and the solution is Forcepoint’s i500 appliance.

A picture is worth a thousand words – so let’s start with a diagram:

There are a few noteworthy interactions here; the appliance is managed entirely from the cloud platform and does not carry any local state or supporting infrastructure. It synchronizes browsing logs to the cloud data storage and enables seamless reporting without requiring any new user interface or data repository. This also means that as users travel outside of corporate locations, and/or go to the corporate headquarters, they get protection via the cloud proxy service or other means, all while retaining a consistent policy and reporting view.

The best of both worlds

Customers migrating to a cloud security solution often have to trade off reduced cost of ownership with latency. This especially applies to organizations with globally distributed branch offices. They start sending all their traffic directly via their security provider’s cloud proxies which might or might not be in proximity to all their office locations.

The i500 appliance is a solution offering the best of both worlds – low cost of ownership and minimal maintenance, all while retaining high performance. The transition from a pure On-Premise enforcement to cloud-managed appliances then looks like this, with Cloud components shown in green, and customer-deployed On-Premise components in blue.

Real-world organizations tend to have distributed offices of all shapes and sizes: ranging from headquarters with hundreds or thousands of employees, small/home office, with less than 10 workers. Modern security solutions need to cater to all sizes without requiring separate management or reporting consoles, while supporting guest users and BYOD combined with ease of use.

With the Forcepoint solution, a customer may choose to protect sizable branch offices with hardware i500 appliances, SOHO with a virtualized appliance and/or direct proxying via the Cloud, and the HQ with several load balanced devices.

What's next?

We recently talked about how pure Cloud security solutions can be extended to solve real world problems: geo-localization, latency reduction, BYOD, guest devices, and cost-effective protection of small offices.

However, there plenty more tools in this security toolbox and more real-world problems to solve: it’s not always cost-effective to deploy even lightweight appliances, such as i500, and there are alternative options to protect organizations without requiring any new on-premises software or appliances. Stay tuned!

About the Author

Roman Kleiner

Roman Kleiner was with Forcepoint until August of 2018, with a focus on the Secure Web Gateway portfolio. Previously to that, Roman held technical leadership and management roles within InfoSec in Symbian (later acquired by Nokia), and Finjan (later acquired by Trustwave). Roman holds a Masters...