WHITE PAPER
Secure Cloud
Secure Cloud
Transformation:
• Elastic cloud security
platform that autoscales
• Local Internet breakout
to improve end-user
experience
• Cloud-based visibility for
data loss prevention (DLP)
and SaaS visibility
Transformation
Adopt SaaS applications and manage
large increases in traffic volumes without
sacrificing security.
Software as a Service (SaaS) has helped drive innovation by providing
tools and applications to anybody who has Internet access. Though the
benefits in productivity and collaboration are great, the rapid adoption
of SaaS applications is forcing enterprises to rethink their infrastructure.
The changes in infrastructure affect security, breaking the traditional
centralized security appliance stack architecture. To securely allow users
to realize the full benefits of SaaS, IT and security leaders are realizing
they need to incorporate the following principles:
• Move to an elastic cloud security platform—SaaS breaks the
existing hub-and-spoke architecture for networks and security.
Today’s hardware security products were never designed for SaaS
applications, and they cannot scale without spending millions of dollars
for upgrades. Moving security to the cloud solves this problem by
providing a cloud-based platform that autoscales with an increase in
users, devices, and bandwidth.
• Deploy local Internet breakouts for seamless access—Users access
SaaS applications over the Internet, which is backhauled to a central
location and controlled by a comprehensive security stack. This
process introduces latency and bandwidth bottlenecks that result in
poor end-user experience. The best architecture for SaaS applications
is to send a user’s traffic directly using local Internet breakouts.
• Reclaim data and traffic visibility—As users go directly to the Internet,
enterprises lose control and visibility of their traffic. As a result, a
cloud-based DLP and CASB visibility solution is required so that
identical policies and protection can be applied whether the user is in
the main office, working from home, or traveling.
Secure Cloud Transformation is designed specifically for enterprises that
are adopting SaaS applications and need to move security to the cloud.
WHITE PAPER

Moving Security to the Cloud

The Menlo Security Cloud Platform provides secure direct access to an Internet
architecture designed for SaaS applications. Leveraging the promise of the
cloud enables autoscale security and bandwidth that allows for seamless on-
Secure Cloud demand growth in the number of users, devices, and applications. At the same
Transformation helps time, it centralizes security visibility and control for data protection. Secure
enterprises overcome Cloud Transformation helps enterprises overcome the challenges of security
the challenges with local services not scaling, a poor end-user experience, and lack of visibility and
Internet breakout by control for customers, and move security to the cloud successfully.
moving security to the
cloud seamlessly. Secure Cloud Transformation

SaaS Security Email Security Web Security

CASB Rewrite all links Remove browsing
DLP Isolate all attachments process to the cloud

MENLO SECURITY CLOUD PLATFORM

POWERED BY ISOLATION

Remote Worker Main Office Regional Office

The Cloud Changes How Data Flows Into and Out of the
Organization
Secure Cloud Transformation breaks the traditional hub-and-spoke network
architecture model that funnels all Internet traffic through a central security
control point. With the traditional architecture, users accessing new web apps
and SaaS platforms log on from around the world, creating a major latency
issue if traffic needs to be routed through a central control point. Enterprise
users change the SaaS applications they use over time, which can also change
traffic patterns. Office 365, in particular, can be problematic because it can
result in more than 20 persistent connections per user—which can overwhelm
existing hardware appliances and cause network performance issues. These
changes in traffic volume and traffic patterns make it increasingly difficult for
your existing network stack (next-generation firewall, secure web gateway, etc.)

02 | www.menlosecurity.com
 WHITE PAPER

to support. Given that enterprises will have to upgrade security appliances, it

may make sense to just rethink the network architecture and move to a design
and approach that is ideal for the cloud and SaaS platforms.

Network Performance Degradation Directly Impacts

User Experience
Secure Cloud
As network performance suffers, so too does the user experience. In addition
Transformation unlocks
to changes in traffic flows, enterprises can expect up to a 40 percent increase
the true value of the cloud,
in network bandwidth. This increase is caused by the usage and sharing of rich
allowing organizations to
media, such as video conferencing or multimedia files. In many cases, network
adopt SaaS applications
segments with limited bandwidth will experience bottlenecks that impact the
without having to worry
performance of SaaS applications, causing many users to bypass corporate
about user experience or
controls entirely and attempt to bypass security constraints.
security threats.
Loss of Visibility and Control
Losing a central security control point as a result of changing traffic patterns
and forcing users to bypass corporate security policies will result in a loss of
control and visibility into the security posture of users. SSL is used by every
SaaS application, and almost 100 percent of all websites also encrypt traffic,
resulting a huge blind spot for companies as they try to see and control the
data coming into and out of corporate networks that do not perform SSL
decryption on their network.

Secure Cloud Transformation Powered by

Isolation
Internet isolation fundamentally changes the way an organization protects
users from malicious web and email attacks. Isolation works by executing
sessions away from the endpoint and delivering only safely rendered content
to devices. This strategy protects users from malware and other malicious
activity because threats do not have access to users’ devices—no matter what
links are clicked or which documents are downloaded. Users can freely explore
the Internet and take advantage of the accessibility, mobility, and scalability of
cloud tools without posing a risk to the organization.

Internet isolation unlocks the true value of the cloud—allowing organizations

to access SaaS applications while enhancing, not losing, security controls
and traffic visibility. Users are protected and are able to freely use SaaS
applications because all web traffic is sent to the Cloud Security Platform,
which is designed to provide 100 percent malware protection. It also gives
cybersecurity professionals peace of mind, because users have access to the
tools and information they need to be productive, without posing an increased
risk to the business.

www.menlosecurity.com | 03
WHITE PAPER

But not all Internet isolation technologies are created equal. Here are four
requirements that organizations need to consider when selecting an isolation
technology for Secure Cloud Transformation:

1. Clientless Deployment
The beauty of moving critical business systems to the cloud or subscribing
The Menlo Security Cloud
to a SaaS platform is that the management burden on IT is greatly reduced.
Platform provides a single,
It is up to the cloud provider or SaaS vendor to keep the application and
controlled port of entry
underlying infrastructure up to date. Reinserting another management
and exit between users
touchpoint into the mix would completely wipe out that benefit. A clientless
and the Internet.
solution, on the other hand, means that there is no client to deploy, install,
and update on endpoint devices, and employees are guaranteed to be using
the latest version with no gaps in upgrade policies.

2. Native User Experience

The consequences of implementing changes that degrade the user
experience are that user adoption lags and people find ways to circumvent
security controls—putting the organization at risk. No one wants to learn a
new browser or email client. Your employees want to use the same solutions
they’ve always used, in the same way they’ve always used them. They do
not want to experience latency or lose basic browsing functions like copy,
cut, paste, and print. Users should not have to change their web browsing or
email habits or experience slow performance.

3. Scalability
You need to protect users no matter where business takes them—and that
could be anywhere around the world or to the far reaches of the Internet.
A clientless, cloud-based Internet isolation solution should have a global
footprint that covers users in other regions. It needs to be elastic—ebbing
and flowing in real time to meet growing requirements. It needs to protect
users from uncategorized websites without restricting access to those sites.
And it needs to provide the level of performance your users expect from
their browsing and email experiences.

4. Integration with the Security Stack

Finally, your isolation solution needs to integrate with your existing security
stack to provide secure Internet access. Isolation is just a part of a holistic
security strategy that works with threat intelligence, anti-virus, and anti-
malware solutions to protect users and the organization from growing
threats. Each tool needs to work together, orchestrating complex security
policies across your entire user base and geographic reach.

04 | www.menlosecurity.com
 WHITE PAPER

The Bottom Line: Secure Cloud Transformation

Powered by Isolation Is the Best Choice
The cloud is changing the way we work, but security is failing to keep up.
Traditional cybersecurity solutions continue to use outdated and ineffective
detect-and-respond strategies—a risky security approach for organizations
moving critical business systems to the cloud. Now is the perfect time to
rethink how to protect users from growing email and web threats without
impacting productivity or wiping out the efficiency and scalability benefits of
SaaS applications.

The Menlo Security Cloud Platform puts a shield around all websites and
online content so malware and other web-based threats can’t access users’
devices. It doesn’t matter if users visit a suspicious site or download a
malicious document. Menlo Security allows only safe or read-only content to
be rendered to users’ browsers—keeping organizations safe without impacting
user productivity.

As cloud computing becomes more ubiquitous in the enterprise, Menlo

Security helps the IT organization take more control over the security of users’
web browsing and email habits. As a result, users are able to access SaaS About Menlo
applications wherever they want, on any device they want, without worrying Security
about cyberattacks. Menlo Security protects
organizations from cyberattacks
by eliminating the threat of
To learn more, visit menlosecurity.com or email ask@menlosecurity.com. malware from the web, documents,
and email. Menlo Security has
helped hundreds of Global 2000
companies and major government
agencies achieve Secure Cloud
Transformation. The company’s
Cloud Security Platform scales
to provide comprehensive
protection across enterprises of
any size, without requiring endpoint
software or impacting the end-user
experience. The company was
named a Visionary in the Gartner
Magic Quadrant for the Secure
Web Gateway.

© 2019 Menlo Security,

All Rights Reserved.

Contact us
menlosecurity.com
(650) 614-1705
ask@menlosecurity.com