Home

Published

- 5 min read

Google Cloud Bridges SSE and Cloud WAN with New NCC Gateway

By William OGOU
NCC Gateway Google Cloud WAN SSE integration Google Cloud security Network Connectivity Center secure network access hybrid workforce security cloud-native security GCP Cloud WAN SSE
img of Google Cloud Bridges SSE and Cloud WAN with New NCC Gateway

Securing the modern, distributed enterprise feels increasingly complex, doesn’t it? Managing separate security stacks for on-premises branches, remote users, SaaS access, and private applications often leads to inconsistent policies, frustrating user experiences, and gaping security holes. Recognizing this challenge, Google Cloud just unveiled a pivotal piece of its networking strategy announced at Next ‘25: NCC Gateway, a cloud-native solution designed to seamlessly integrate third-party Security Service Edge (SSE) capabilities directly with the power of Cloud WAN. Say goodbye to complex tunnel management and disjointed security – a unified future for network access is here.

The Hybrid Security Headache: Why a New Approach is Needed

Traditional approaches often stumble in today’s hybrid world. On-premises users might have traffic backhauled to a colocation facility with firewalls, while remote users connect through separate SSE solutions. This fragmentation creates significant pain points:

  • Inconsistent Policies: Different security stacks mean different rules and postures for remote vs. on-prem users.
  • Performance Bottlenecks: Hairpinning traffic through colocation firewalls or managing numerous complex VPN tunnels adds latency and overhead.
  • High TCO: Maintaining separate physical firewalls (sized for peak load) and managing complex routing configurations is expensive and operationally burdensome.
  • Scalability Challenges: Efficiently scaling security inspection for aggregated branch traffic directed towards cloud-based SSE has been difficult.

These challenges demand a simpler, cloud-native approach. For many organizations, adopting a cloud-native approach is part of their broader Zero Trust security strategy, which focuses on secure access regardless of network location.

Enter NCC Gateway: Unifying Security via Cloud WAN

NCC Gateway is the linchpin connecting Google’s planet-scale Cloud WAN backbone with leading SSE providers. As a new, regionally managed spoke type within Google’s Network Connectivity Center (NCC), it offers:

  • Managed SSE Integration: NCC Gateway facilitates native integration with third-party SSE stacks (launching with Palo Alto Networks Prisma Access and Broadcom Cloud SWG), eliminating the need for complex, manually configured IPsec tunnels between your network and the SSE provider.
  • Simplified Traffic Steering: It intelligently routes user traffic securely through the chosen SSE stack for inspection before forwarding it to its destination (public internet, private apps in Google Cloud, or other clouds via Cross-Cloud Interconnect).
  • Leveraging Google’s Network: Traffic flows over Google Cloud’s private, high-performance global network, minimizing latency and enhancing user experience compared to traversing the public internet.

Key Benefits: Why NCC Gateway Matters

The introduction of NCC Gateway delivers tangible advantages for securing your network access:

  • Unified Security Posture: Enforce consistent security policies across all users (branch, campus, remote) and applications (SaaS, private) through your preferred SSE provider, managed centrally via Cloud WAN.
  • Improved Application Experience: Benefit from lower latency for both SaaS and private apps, thanks to Google’s premium backbone and optimized routing. Google notes network latency improvements of over 40% compared to public internet routing in some tests.
  • Lower Costs & Simplified Operations: Reduce reliance on costly colocation firewalls and complex tunnel management. Adopt a more flexible, consumption-based model and streamline onboarding for new locations. Google suggests potential TCO savings of up to 40% over traditional customer-managed WANs.

Real-World Application & Partner Endorsements

NCC Gateway is designed for key scenarios like providing a high-bandwidth, secure on-ramp for branch users via Cloud Interconnect, offering a high-performance private off-ramp for remote users accessing private applications, and enabling protected internet access for users/apps regardless of location.

Leading SSE partners are already onboard:

  • Palo Alto Networks: Sees the integration enabling high-bandwidth on-ramps to Prisma Access and optimized private off-ramps.
  • Zscaler: Emphasized the integration enabling secure, direct connectivity through its Zero Trust Exchange, enhancing security and performance for hybrid workforces accessing applications.
  • Netskope: Highlighted the integration leveraging its Intelligent SSE platform to provide comprehensive data and threat protection for traffic, ensuring consistent security context and control.

Conclusion: A Streamlined Path to Secure Access

Google Cloud’s NCC Gateway represents a significant step towards simplifying and strengthening security for the distributed enterprise. By natively integrating leading SSE solutions with the performant Cloud WAN backbone, it offers a compelling path to achieving a unified security posture, enhanced user experience, and reduced operational complexity. As organizations increasingly navigate the challenges of hybrid work and multi-cloud environments, solutions like NCC Gateway provide a vital, cloud-native approach to securing network access effectively and efficiently.

(NCC Gateway is planned for preview availability in Q2 2025.)

To further enhance your cloud security, contact me on LinkedIn Profile or [email protected].

Frequently Asked Questions (FAQ)

  • What is NCC Gateway?

    NCC Gateway is a new, regionally managed component of Google Cloud’s Network Connectivity Center (NCC). It enables native integration between Google Cloud WAN and third-party Security Service Edge (SSE) solutions.

  • Why is NCC Gateway needed?

    It addresses the complexity and inconsistency of managing separate security solutions for on-premises and remote users by providing a unified, cloud-native way to route traffic through an SSE provider via Google’s global network.

  • How does NCC Gateway improve security?

    It allows organizations to enforce consistent security policies across all users via their chosen SSE provider, consolidates the security stack, minimizes the attack surface, and leverages Google’s secure backbone for traffic transport.

  • When will NCC Gateway be available?

    Google announced NCC Gateway will be available in preview starting in Q2 2025.

  • Which SSE providers integrate with NCC Gateway at launch?

    Initial integrations announced are with Palo Alto Networks Prisma Access and Broadcom (Symantec) Cloud SWG.

Resources