Cloudbrink launches SaaS to cut SD-WAN, VPN hardware needs

Cloudbrink launched a new software-as-a-service (SaaS) that will reduce the need for VPN and SD-WAN hardware appliances in hybrid work environments.

The software extends Cloudbrink's end-point networking application to act as a “bridge” or local gateway to other devices on the same network, allowing them access to Cloudbrink's capabilities without having to install the company’s software on multiple devices.

The Cloudbrink app's new bridge mode functionality is specifically tailored to power users such as software developers, financial traders, metaverse engineers and designers who “need to connect multiple computers and other devices simultaneously,” the company said.

That bridge concept is “similar to past software-only security products that allowed installation of a software application, a VM or a container that contained functions normally found on a SOHO [small office/home office] router/firewall,” explained Roy Chua, founder and industry analyst at AvidThink.

Chua told Fierce that while there are potential limitations to a software-based gateway running on end-devices, the service reduces “the complexity of rollouts by providing the functionality of a gateway device without having to install one, allowing faster deployment and less hassle.”

The Cloudbrink software is like any other app (or agent) that users are accustomed to installing. End-users can download the app from Cloudbrink’s website (or IT admins can push these via an enterprise software distribution tool such as SCCM or an MDM platform), Cloudbrink CEO Prakash Mana told Fierce.

The service uses intelligent edge routing to minimize latency and increase usable bandwidth, and the company claims it delivers 30 times the performance of small branch office and home routers when it comes to unreliable Wi-Fi and broadband connections.

Reducing the number of devices at users’ locations minimizes security risks (connections are secured using integrated mTLS 1.3 encryption protocol, with certificates refreshed every few hours.) Because the software enables every device to share a zero-trust network access (ZTNA) connection with moving target defense security without the need for multiple agents or additional hardware, Cloudbrink indicated it also can cut cost of ownership significantly.

Mana said the SaaS app is different from typical software-based SD-WAN because it isn’t a micro service running on laptops consuming “significant CPU and memory resources.”

“Instead, it is a very thin app with built-in intelligent SD-WAN capabilities, a deny all firewall and zero-trust security, all three together consuming less than 0.5% of the device’s compute,” Mana told Fierce.

The service has built-in digital experience monitoring (DEM) to help end-users understand their current network limitations and performance, and as a SaaS service it offers auto edge selection and global load balancing “so that end-users never have to worry about learning about their IT infrastructure, application access points, and manually selecting the appropriate gateways to connect to a particular application or network service.”

Hardware is 'out of vogue'

The faster deployment that comes with a software-only solution like Cloudbrink’s “does align with what many enterprises want — expanded functionality and span of control without managing or shipping hardware,” Chua said.

Increasingly, the VPN function on hardware appliances is being replaced by software VPNs, according to Chua, who said this is “already quite dominant with free/cost-effective IPsec software implementations but expanding with the WireGuard VPN making its way into the standard Linux kernel, and being supported across multiple operating systems.”

Software-based ZTNA is becoming compulsory when it comes to network security, reducing the scope and attack surface of corporate resources.

“VPN is less in vogue with enterprises,” Chua said.

Chua noted that a pure software-based bridge/gateway running on end-devices (in the case of the Cloudbrink app) could present some limitations, including a lack of a separate, independent hardware device that can provide network-wide monitoring. The bridge concept also implies a dependence on the bridge device being turned on for network communication, and potential performance impacts on the end-user device that's acting as the gateway.

However, Chua noted these concerns and advantages apply more generally, and that he hadn’t specifically reviewed Cloudbrink’s software “in detail.”

The software-only approach can’t aim to replace the multi-WAN functionality of SD-WANs, Chua said, “but it does compete with the QoS management, traffic encryption, intelligent routing and edge-gateways-based fast on-ramps provided by SD-WAN vendors."

"Particularly since Cloudbrink includes some end-to-end network/WAN optimization with their new approach to the traditional FEC (forward error correction) features of some SD-WANs that help improve communications traffic (audio/video, VDI etc)," he added.