惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
B
Blog RSS Feed
云风的 BLOG
云风的 BLOG
G
Google Developers Blog
Recent Announcements
Recent Announcements
A
About on SuperTechFans
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
Google DeepMind News
Google DeepMind News
S
Schneier on Security
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
Martin Fowler
Martin Fowler
P
Proofpoint News Feed
Security Latest
Security Latest
Jina AI
Jina AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Recorded Future
Recorded Future
T
Tor Project blog
有赞技术团队
有赞技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News | PayPal Newsroom
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
Forbes - Security
Forbes - Security
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
C
Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Google DeepMind News
Google DeepMind News
Project Zero
Project Zero
IT之家
IT之家
T
Threatpost
Cyberwarzone
Cyberwarzone
O
OpenAI News
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
月光博客
月光博客
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
Apple Machine Learning Research
Apple Machine Learning Research

Aryaka

How Unified SASE Improves China Connectivity: Performance, Security, And Compliance | Aryaka Blog Why China Connectivity Remains A Major Enterprise Challenge For Global IT Teams | Aryaka Blog The Market Has Spoken (Twice): Why Enterprises Choose Aryaka For SD‑WAN And Unified SASE AI Performance Is A Network Problem, Not Just Compute From ZIP File To Crpx0 Ransomware: Anatomy Of A Multi-Stage Attack Aryaka AI-Ready Network: Why Your WAN Fails For AI Workloads AI Is Redefining Cybersecurity: How CISOs Can Stay Ahead In An AI‑Driven Threat Landscape | Aryaka Blog Aryaka Named Leader In G2 Spring 2026 For SD-WAN & Cloud Security Governing Tens Of Thousands Of AI Agents: Why Policy Chaining Matters For Scalable Runtime Governance | Aryaka Blog Enterprise AI Agent Governance: Build, Deployment & Runtime Explained Is Your Outdated Network Holding Your Business Back? Why Modernization Matters For Cloud, Security, And IT Costs | Aryaka Blog Kernel In The Crosshairs: How The BlackSanta EDR-Killer Campaign Targets Recruitment Workflows | Aryaka Blog Addressing The “God Key” Challenge In Agentic AI For MCP Servers: Why You Need MCP-Aware, AI-Aware ZTNA | Why Browser Security Alone Will Not Protect Us In The Agentic AI Era Aryaka How Modern Security Platforms Organize Rules | SASE & SSE Securing OpenClaw Agents From ClawHavoc Supply-Chain Attacks With AI-Driven Protection Securing OpenClaw: Why ZTNA Is Critical For Enterprise AI Agent Authentication
Modern Workplaces Need A New Meaning Of “Site”: How AI>Secure Uses Logical & Physical Sites For Consistent GenAI Security | Aryaka Blog
Srini Addepalli · 2026-02-23 · via Aryaka

Modern Workplaces Demand a New Meaning for “Site” in Network Security

The Problem with the Traditional Idea of a Site

For a long time, the concept of a “site” in networking and security was synonymous with a physical office. This included:

  • a headquarters building
  • a branch office
  • a campus connected to the corporate network

This traditional model was built on several assumptions:

  • employees primarily worked from offices
  • security measures were enforced at the boundaries of the network
  • policies could reliably depend on the origin of network traffic

However, these assumptions no longer reflect the reality of modern work environments.

Today, employees:

  • work from home, coffee shops, hotels, and other temporary locations
  • move between locations multiple times throughout the day
  • use GenAI tools continuously, regardless of their physical location

When security policies are tightly coupled to physical locations, several issues arise:

  • the same user may receive different security policies during the same day
  • remote access exceptions accumulate
  • GenAI controls become inconsistent and difficult to audit
  • security posture can drift unpredictably

AI>Secure addresses these challenges by redefining what “site” means in its platform.

What a Site Means in AI>Secure

In AI>Secure, a site serves as a policy anchor rather than merely representing a physical building. A site may represent:

  • a physical office location
  • a logical home location
  • a functional or organizational boundary
  • a security boundary that is not tied to geography

This flexibility allows organizations to choose whether policies should:

  • follow the user
  • follow the location
  • or implement a hybrid of both approaches

Two Ways to Use Sites (Both Supported)

AI>Secure supports both models simultaneously. Customers may choose to use one, the other, or a combination of both.

Logical Sites: Policies Follow the User

In this model:

  • a site represents a logical home location
  • policies remain consistent as the user moves between locations
  • physical location does not affect policy enforcement

Example:

  • a user belongs to the “San Jose Engineering” site
  • the user works from home in the morning
  • later works from a coffee shop
  • then visits another company office

Throughout the day:

  • the same GenAI policies apply
  • the same data protection rules apply
  • the same inspection and enforcement behaviors apply

This model is well-suited for:

  • hybrid and remote-first workforces
  • consistent GenAI security
  • predictable auditing and compliance

Physical Sites: Policies Follow the Location

In this model:

  • a site represents where network traffic originates
  • policies change based on physical or network location

Example:

  • working from HQ applies HQ policies
  • working from a branch applies branch policies
  • working remotely applies remote policies

This approach is particularly useful when:

  • regional regulations differ
  • trust levels vary by location
  • existing operational models must be maintained

Logical Sites Also Work with IPsec-Based Transparent Proxy

A common misconception is that logical sites are only compatible with forward proxy setups. In AI>Secure, logical sites function with both:

  • forward proxy deployments
  • IPsec-based transparent proxy deployments

Site determination is explicit and driven by configuration, rather than being inferred.

How Site Determination Works with Forward Proxy

When users access AI>Secure via a forward proxy:

  • each logical site is mapped to a specific proxy port
  • employee devices are provisioned with the relevant proxy domain and port
  • traffic always lands on the same port, regardless of the user’s location

As a result:

  • the port maps to a site
  • the site is associated with a security profile
  • the same policies are enforced everywhere

Even though users connect to the nearest AI>Secure point of presence (POP) for performance, AI>Secure ensures site mappings, security profiles, and policy configurations are available across all POPs configured for that site.

How Site Determination Works with IPsec-Based Transparent Proxy

With IPsec-based deployments:

  • multiple dedicated VPN tunnels can be established
  • each tunnel is explicitly associated with a site
  • traffic arriving on a tunnel determines the site

Important details:

  • a physical office can have multiple VPN tunnels
  • one tunnel can represent a logical home site
  • other tunnels can represent access from other offices or mobile users
  • logical sites are preserved even in transparent proxy mode

This means:

  • a site does not have to equal a building
  • a site represents policy identity
  • physical and logical models can coexist

Additional Scenarios Enabled by Logical Sites

When a site is treated as a policy identity, new use cases become straightforward.

Role-based sites:

  • engineering
  • finance
  • legal
  • executives

Each role can have distinct GenAI access, inspection depth, and data protection rules.

Contractor and partner isolation:

  • contractors assigned to dedicated logical sites
  • tighter controls without the need for separate networks

Temporary or project-based sites:

  • M&A activity
  • investigations
  • special R&D projects
  • sites can be created and removed cleanly

Regulatory segmentation:

  • GDPR-covered users
  • HIPAA-related workflows
  • export-controlled teams
  • segmentation enforced without redesigning network topology

Why This Matters for GenAI Security

GenAI usage is:

  • user-driven
  • location-independent
  • continuous throughout the day

Security controls that are tied exclusively to physical locations no longer match the reality of modern work. By treating site as a flexible policy abstraction, AI>Secure supports:

  • consistent GenAI guardrails
  • predictable enforcement
  • reduced policy drift
  • improved auditability

Summary

In AI>Secure:

  • a site is a policy anchor, not just a physical office
  • sites can be logical or physical
  • logical sites work with both forward proxy and IPsec transparent proxy models
  • policies can follow users, locations, or both
  • enforcement remains consistent across global points of presence

This approach aligns security with the realities of modern work and GenAI usage.