If your job is anything like mine, you find yourself using a wide range of SaaS-based applications. Today alone, I found myself using Salesforce.com, WebEx, Workday, Spark, Office 365, Box, JIRA, Trello, SmartSheets, and Google Docs. And I’m not even counting some of the things I use for fun: Spotify, Netflix, and Instagram. Every company is dealing with the implications of all of these applications being moved to the cloud. And this is on top of the massive shift towards mobility and BYOD that IT has already been working to address.

This is a huge challenge. Sometimes users are connected to the VPN when they’re working on the road, but more frequently they aren’t. In fact, 82% of workers admit to not always using the VPN. Plus, many branch offices are now connecting directly to the internet instead of backhauling traffic to headquarters — 70% of branch offices have some level of direct internet access.

And that means most companies are between a rock and a hard place. On one hand, you want to move to the cloud, but you recognize the visibility gaps and new attack surfaces it creates. If your employees don’t use the VPN, then they’re left with very little protection. Let’s face it, one of the reasons your security team is overwhelmed with malware and ransomware is due to what happens when your employees are off the corporate network

But what about your Secure Web Gateway (SWG)? Originally designed for bandwidth and access controls, they’ve been repurposed to help with threat protection. And while they may appear to accomplish this — they often do so in an ineffective and inelegant way. They’re complex to deploy, requiring agents or PAC files to be installed in order to get protection.  You’d be hard pressed to find a admin who loves their SWG.  They constantly create problems around latency and capacity.  Even the cloud versions of SWG carry over the complexity and maintenance burdens of traditional proxies. The SWG is not enough to properly secure your users in this mobile, cloud-era.

To address these challenges and provide effective protection for users everywhere, we set out to reimagine how security is delivered. For us, it wasn’t about taking the old technology and just sticking it into the cloud. We knew the approach of yesterday wouldn’t solve the challenges of today. We wanted to create a new layer of defense — protecting users whether they’re on and off the corporate network. We want it to be easy to deploy, be highly effective, minimize latency, support world-wide installations and support the open architectures that have made SaaS so effective.

Think of this new category as a Secure Internet Gateway (SIG). A SIG is a secure onramp to the internet. Wherever users go, even when they are off the VPN, this cloud-delivered internet gateway provides safe and secure access. As internet requests are made, a SIG acts as the first line of defense and inspection. For more details about the key capabilities of a SIG, check out our whitepaper.

Today, we’re announcing the industry’s first SIG in the cloud, Cisco Umbrella. Umbrella was built upon the OpenDNS platform, a platform that has been delivered from the cloud since its inception. Then we integrated technology from across the Cisco security portfolio, including capabilities from the Cloud Web Security proxy, and the Advanced Malware Protection (AMP) file inspection. These technologies haven’t just been stitched together, but re-engineered to be delivered within Umbrella, so that they’re easy to use and able to deliver even more effective security.

For more details on new features in Cisco Umbrella, check out our product blog or product webpage — umbrella.cisco.com. And stay tuned for more — there are additional security capabilities that we’ll be bringing to our cloud platform in the coming quarters.


Brian Roddy

Engineering Executive

Cloud Security