Dedicated IP Addresses

A few weeks ago we launched Dedicated IP addresses, a popular and innovative new feature in our Cloud SWG (Secure Web Gateway) service. Dedicated IPs solve a number of key problems that most enterprise organizations will face as they transform to a cloud-centric network security model. Some key takeaways:

• Completely cloud native - no dependency on the legacy data path or on-prem hardware
• Designed to scale behind a small number of static IPs to minimize long-term maintenance of 3rd party app IP Access Control Lists (ACLs)
• Compatible with all connection methods
• No additional cost

In this blog, I’ll talk about how customers are already using the feature to retire legacy hardware and the role Symantec’s elastic infrastructure model played in getting this valuable technology to market.

A key factor often limiting the speed of a cloud transformation is the complexity of the end-user data path. Migrations can result in workloads being split between the legacy data path and the modern cloud data path for various reasons. More routing complexity equals a longer time to value and increases the fragility of the solution.

By integrating Dedicated IPs natively into our Cloud SWG, we eliminate a common cause of split routing where most web traffic goes directly to Cloud SWG but sensitive SaaS apps must continue to hairpin through the corporate data center to ensure that the apps are accessed using IPs unique to the customer’s legacy data centers. Most enterprises have dozens or perhaps hundreds of these sensitive SaaS apps. There are plenty of valid criticisms of this practice that I won’t attempt to adjudicate here. Regardless, none of the practitioners tasked with cloud transformation have any immediate power to change the status quo. Their only immediate concern is to get migrated to the cloud as quickly and painlessly as possible and Dedicated IPs in Cloud SWG provide an elegant solution.

The other common need is to preserve source IP-based conditional access rules common to Microsoft 365 and similar application suites. Enterprises often want to be sure that users are accessing the corporate app suite over a trusted, secure data path. To our customers, Cloud SWG is an extension (or replacement) of the legacy data path, so with the Dedicated IPs feature, Cloud SWG can provide the same “trust signal” as the legacy data path.

Let’s talk a little about how our infrastructure model improved customer outcomes by reducing the time it took us to get this feature to market. There are a lot of activities in the software engineering lifecycle. At the risk of oversimplifying things, there is a design phase, a development phase, and finally an operationalization phase. The design and development phases do not vary widely from vendor to vendor. Some have slightly more resources than others or slightly different approaches to development methodology, but these factors will typically not result in materially different delivery times.

However, in the operationalization phase, there can be massive differences in delivery times depending on the requirements of the solution design and the infrastructure model employed by the vendor. In particular, if the design requires new or upgraded physical infrastructure and if the vendor operates a significant number of what I call DIY (do-it-yourself) cloud data centers, the time it takes for them to mobilize new features can easily take months to years.

For this reason and many others, in 2020 Broadcom adopted a completely virtual stack built in Google Cloud and Azure allowing us to roll out infrastructure on a global scale and at an astonishing pace. Our technology even earned Broadcom customer of the year recognition from Google Cloud. But more importantly, it makes global deployment of new features requiring significant new infrastructure investment (like Dedicated IPs) possible in about 2 weeks. This capability also improved quality by making it easier to offer customers in diverse geographies access to early technology previews, providing critical customer validation and feedback.

As a product delivery team, we’re simultaneously very proud and very humble about our work here at Broadcom. Proud because of what we’ve helped customers accomplish and humbled by the ongoing opportunity to learn and improve. If you’d like to learn more, don’t hesitate to reach out to me directly or your account manager.