This article provides an explanation of how to isolate and secure customer traffic in the Cato Multi-Tenant Cloud
Cato offers a true multi-tenant platform that eliminates the need for hardware appliances by delivering functions as a cloud-native, multi-tenant platform. Neither the enterprise nor the provider incurs the operational overhead of managing appliances.
Cato employs end to end encryption. All customer traffic is encrypted at every hop in both directions.
Cato has developed a unique routing algorithm that incorporates global routing optimization and flow isolation based on customer accounts through a tagging technique. This technique involves layering a packet tagging mechanism onto the existing global routing system. Cato's approach to isolating traffic using packet tagging is a well-established and widely accepted industry practice. Cato assigns a unique identifier to tag packets belonging to individual customers, which enables the identification of traffic at a granular level. This identifier is exclusive to each customer and serves to distinguish their traffic from other customers. At every stage of the traffic flow, Cato verifies the unique identifier assigned to each customer's account, ensuring that their traffic remains isolated and secure from that of other customers.