Finding the "Unified" in Hybrid Security Solutions

Most web security vendors today will tell you they offer a hybrid security solution.  What most of them mean by that (including Blue Coat), is that they offer both an on-premise solution (in Blue Coat's case, web security ProxySG appliances) and a SaaS (Security as a Service) offering in the cloud (Blue Coat Cloud Service).  The benefit of implementing and using a hybrid deployment solution is around offering the right solution for each part of your organization. At the primary and regional data centers, an on-premise solution makes sense for most companies, since it gives IT administrators complete control over the security of the site.  For branch offices and remote and mobile workers, a SaaS offering is often a better fit when there's no local IT support and users can be on networks that often aren't associated or part of the corporate network.

You may be wondering though why Blue Coat calls its hybrid security offering Blue Coat's  Unified Security Solution.  Blue Coat's offering is "unified" because of its reporting, policy, and security products that offer a single reporting view and are offer consistent results across both the on-premise and in-the-cloud offerings.  For reporting, Blue Coat offers a single view across all users regardless of whether (and when) they are protected by cloud or behind an on-premise device.  IT administrators get a single reporting interface for generating reports, reviewing activity, auditing and forensics across all their Blue Coat web security products.  For policy, Blue Coat uses the same technology in both the on-premise and cloud offering.  With the same policy engine, policy implemented on-premise and in the cloud will produce consistent results regardless of where the user is located.  For security, Blue Coat also uses the same Webpulse defense for on-premise and in the cloud security.  This guarantees consistent URL ratings and enforcement for web activity. 

Why is it important to have this single consistent view?  With other security vendors who don't use the same technology behind their on-premise and cloud offerings, it's possible that IT admins need to use different management tools for reporting, generating two separate reports to track a user who has used both cloud and on-premise access. 

With many other security vendors, users are protected by different policy engines, security defenses and web category ratings; depending on whether the user is protected by cloud or on-premise security, creating the possibility of inconsistent enforcement.  This is the by-product of using completely different policy engines, and ratings mechanisms in the cloud from the on-premise solution.   Blue Coat's Unified Security Solution gives you get a single view, consistent policy and consistent ratings across both on-premise and cloud services.

Once you have consistency in policy and enforcement, you can then move towards the next evolution in security requirements for a mobile worker.  That evolution is context-aware policy.  Not only can you protect the user regardless of the network they attach to, but you can also making policy decisions based on the device they are using and the network they attach to.  Obviously blocking malware is a policy that you want to enforce regardless of the network or device a user is using to access the web.  But a personal device attached to a corporate network may have less policy enforcement, perhaps allowing personal email and even social networking on personal devices, but not alllowing those categories on corporate owned devices attached to an organization’s network.  Similarly, a corporate owned device on a public network may have access to social networking and private email.  

With context aware policy, IT administrators can now enforce policy that is appropriate for each user depending on which device and which network they are using.  Blue Coat's Unified Security Solution gives you a single view, consistent policy and consistent ratings across both on-premise and cloud services and the ability to implement context aware policy to protect a user on any device, in any location, on any network and the ability to use context aware policy as needed.