Building Secure, Private Cloud Networks for AWS Bedrock

Joint Technical Webinar

How we started Prosimo and why it’s architected for the future.

At Prosimo, we firmly believe that in order to build a disruptive solution in this new cloud era, we need to learn from past experiences, leverage cutting-edge architecture concepts, and build a new architecture from the ground up that is 100 percent cloud native and can be used in any cloud. That’s exactly what we’ve done at Prosimo.

Learnings from Viptela

At Viptela, our team developed the first, and leading, SD-WAN solution in the cloud networking and security space. SD-WAN has unequivocally been a significant step toward modernizing the enterprise WAN infrastructure. Not only does SD-WAN give a lot of operational control back to the enterprise from the cloud service providers, but it also provides cost benefits and operational simplicity for IT infrastructure teams.

The Need for a Better Enterprise Infrastructure

During the Viptela journey, however, we started to realize that although SD-WAN is a great first step, the problem space has evolved since SD-WAN came into existence. Here are a few trends and recent developments that got us thinking about building a brand-new enterprise architecture:

  • The cloud-native mindset. With workloads increasingly moving to the cloud, there’s an acute need for an infrastructure solution born in the cloud. Initial use cases for SD-WAN were about connecting branches to data centers. Although technologies like Cloud OnRamp were a great addition to SD-WAN, they weren’t really built to deliver an optimized cloud-native experience.
  • Intelligence is moving toward the app and the user. Although SD-WAN certainly moves the intelligence closer to the user, it fails to provide enough insights into user identity for better identity-level security policies. In addition, port/protocol-based insights into applications are quite limited. Enterprises need complete visibility into who is accessing which application, when they do so, and where.
  • User expectations are the same, whether people are working in an office or at home. The COVID-19 pandemic has proven that productivity is not lost away from the office. But the resulting work-at-home requirements have increased the pressure for IT infrastructure to meet users’ needs from any location. Users want the same experience whenever they access any application, whether they’re working at the company office, their favorite coffee shop, or home.
  • Applications are talking to each other, too. Software is now seen as a clear differentiation point and a key part of innovation for companies. Applications are creating new experiences, and just like the users who are accessing apps, the apps need access to other apps and services across different clouds. Enterprises need optimal and secure access between apps, regardless of source or destination app—whether it’s a traditional monolithic app or a modern service-mesh app—while getting insights into app identity and access patterns in order to remain competitive.

Fundamentally, enterprises need a solution that can solve the modern problem of how to allow users from anywhere to receive the same application experience for all applications—especially those in the public clouds—while still providing operators with complete visibility into and control of who can access what.

So, it became increasingly clear to us that traditional approaches wouldn’t suffice!

Hence We Started the “Next One”—Prosimo

When we took a fresh look at the problem space, we quickly realized the need for a solution that is built from the ground up in the cloud, for the cloud. We knew that we needed a simple, yet scalable, architecture for customers to use—one that keeps the application experience, security, visibility, and data-driven decisions at the forefront—and that’s exactly what we’ve built! Here are some aspects that were near and dear to us when we started Prosimo—aspects that we’ve made sure to get right:

  • Team First. Teamwork is our “secret sauce,” and the MOST essential ingredient is our team chemistry and culture. At Prosimo, we’ve assembled a kick-ass group of folks who’ve built yet another world-class product and can solve anything that comes their way in the future.
  • One software architecture. That’s all you need, regardless of where the solution gets deployed—on any public cloud, at the edge, in a colo, or at a data center.
  • Leverage the microservices architecture. This principle enables us to expand and shrink the Prosimo infrastructure based on dynamic scale requirements to ensure seamless application experience. For example, for some content-heavy apps, the Prosimo caching service might need to spend more compute cycles, whereas some highly security-sensitive apps might require the Prosimo WAF service or MFA service to spend more cycles. Using a microservices architecture lets us achieve this scalability easily, while keeping cloud costs in control.
  • Visibility cannot be an afterthought, and it doesn’t stop with visibility. In this day and age, visibility is table stakes, but more interestingly, it’s the action you take with the data that’s even more important. Using all of the rich telemetry information in Prosimo’s ML engine not only provides deep insights but also enables Prosimo solution elements to automatically adopt relevant optimization techniques based on user location, access patterns, and application characteristics. One size does not fit all, so it’s important to use the data gathered intelligently to dynamically adapt based on the characteristics of the app as well as the client (user or app) accessing that app.
  • Security is table stakes. When we talk about a solution that connects users or applications to applications of interest, security must be built in. Some of the fundamental pieces of this solution include per-user and per-application policy controls, continuous Zero Trust, WAF/DDoS protection, and risk-based user policy controls that are adaptive and data driven. Unfortunately today, some user and application security solution pieces are cloud native and others are third party. As this divergence increases, the enterprise security architecture becomes totally fragmented. An ideal solution needs to be feature rich, flexible enough to allow third-party security integrations, and cloud native, but without the requirement to send all traffic for inspection to yet another third-party cloud. In short, security must be in the customers’ administrative control.
  • Solve at the right layer. The Prosimo solution functions at the optimal layer of the network stack. We’ve stayed away from operating at the network layer primarily because the multi-cloud connectivity problem has already been efficiently solved by cloud service providers. Another drawback of operating at the network layer is that the user’s identity, an essential piece of the puzzle, can’t be ascertained. We’ve also stayed away from operating at the visibility layer, so we don’t lose the ability to steer traffic in an optimal way. Based on the problem we’re solving and the manner in which we’re solving it, we’ve found it best to operate within layer 4 through layer 7 of the OSI model.

Trends That Make the Prosimo Solution Future Proof

Prosimo’s solution is positioned to solve not only the problem of today; it’ll also be very relevant for the foreseeable future. Here are some of the trends we’re starting to see that support this theory:

  • As applications move to the cloud, the need for a standardized experience across IaaS/PaaS and SaaS applications will become paramount. Prosimo’s solution allows enterprises to modernize their application delivery and give users a seamless access experience across this spectrum.
  • Imagine two years from now—our laptops will be speaking 5G to the wireless carrier infrastructure, which will drop us into the public cloud. Prosimo will seamlessly leverage this new network infrastructure and allow users to access applications in a uniform fashion anywhere without compromising the experience.
  • Today’s enterprises are grappling with a whole spectrum of apps, from legacy monolithic to super-modern apps based on a service-mesh architecture. The Prosimo solution caters to all those apps and provides a way to address application experience and security challenges in a uniform and optimal fashion.
  • The Prosimo ML engine today optimizes how to access apps, but using the same rich telemetry, it could easily provide recommendations for “where” to place the apps for optimal performance.
  • We don’t have a crystal ball, but as enterprises embrace more modern identity- and app-based, shift-left, and cloud-native security approaches, they simply can’t afford to ignore the experience aspect of application access. Enterprises can’t just bolt together multiple disjointed solutions. Both security and application experience need to be built hand-in-hand in a modern enterprise infrastructure solution.

Please take a moment to evaluate your own application experience here!