In this era of extreme mobility, increasing cloud reliance, and an expanding network edge, firewalls can only get you so far in the enforcement of security policies. You need tools that can help your branch offices and remote users connect to the internet in a highly secure manner. And you need cloudnative capabilities to help protect your users and data—wherever they are located.
Secure Web Gateways (SWGs) using cloud-native technologies help organizations fill in the gaps left by technologies designed for an on-premises world. They also set organizations on the right path for future-ready security in cloud and hybrid networks. The promise of applications moving to the cloud is so great that some pundits have predicted the death of firewall—but that outlook may be premature.
SWGs available today can replace some products such as SSL/TLS decryption appliances, sandboxing technologies, and even data loss prevention in some cases. However, SWGs are not necessarily a 1:1 replacement of traditional firewalls, next-generation firewalls, or web application firewalls since they do not provide security for inbound traffic. Most present use cases involve SWGs working in tandem with firewall technologies as an important cybersecurity layer to cost-effectively catch threats that firewalls cannot.
Five network security disruptions a secure web gateway address
The push for digital transformation in the enterprise has IT departments working diligently to enable employees using company-owned or personal devices, control what sites and data can be accessed, and—perhaps most importantly—empower employees to work from any location. This macro trend is driving rapid changes in network architecture.
Most commonly, organizations are making the decision to connect branch offices and remote users directly to the internet in order to deliver the best performance while using cloud-based applications. These changes are, in turn, causing a number of key disruptions in network security. That means that organizations need to revamp how they inspect traffic to satisfy business and security needs. These disruptions include:
1. Expanding network edge
Software defined wide-area network (SD-WAN) is proliferating throughout the enterprise. According to the latest figures, SD-WAN adoption rates have jumped up from 35% to 54% in the last two years. This change offers a great deal of flexibility. But it also expands the network edge. That makes it harder to monitor network traffic without causing major latency issues at remote offices. Unsurprisingly, 50% of organizations name security as the top challenge in getting the most out of SD-WAN.
Branch and field offices are just the start of the ever-expanding network edge. In addition to these offices, most companies have team members that work from home, from coffee shops, and while traveling. These remote users work beyond the confines of headquarters and require a wide range of options for connectivity and application access. This sprawl puts significant strain on traditional HQcentric firewalls when network traffic is backhauled with a hub-and-spoke network architecture. It’s leaving gaps and causing performance problems across many networks.
3. Hybrid cloud complexity
Network architectures are changing rapidly with the frequent use of SaaS and cloud-based applications. However, there simultaneously remains a lot of enterprise assets housed on-premises at headquarters or in-house data centers. The complexity wrought by this situation makes it challenging for organizations to consistently manage security policies across all users and machines.
4. Encryption’s double-edged sword
TLS/SSL encryption has been a boon for modern web security by maintaining data confidentiality in the event it was intercepted, such as a man-in-the-middle attack. That said, it has come with some unintended security headaches. Many organizations struggle to inspect encrypted traffic—even when traditional firewalls claim to offer this feature. It is true they can examine SSL/TLS traffic. However, it reduces firewall performance so greatly that most administrators choose to disable decryption.
5. Security appliance scalability woes
The expansion of IT assets across remote locations, the increased mobility of users, and the rapid growth of cloud-based applications have stretched security resources to the breaking point. Many organizations that rely on appliances and other on-premises tech now face scaling issues. They simply can’t meet the demand to support all remote locations and users utilizing on-premises devices. The cost is too high and the management too complex.
How cloud-native secure web gateways solve for these disruptions
Cloud-native SWG technology addresses the pain points we’ve discussed. A SWG is fundamentally a web filter that protects outbound user traffic through HTTP or HTTPS inspection. These filters restrict content based on security policies. They also protect user endpoints from web-based threats that can sneak in due to outbound user activity, such as clicking links on websites that are infected with malware.
SWGs can also protect servers when they act as clients. For example, when they go outbound to do things like downloading OS updates. They give enterprises the ability to grant access and control the use of specific cloud-based apps. Best of all, they centralize control, visibility, and reporting across many locations and types of users.
That’s a considerable security gap in an era where 70% of employees work out of the office at least some of the time. Fortunately, this is where a cloud-native secure web gateway excels. SWG technology is best for protection of users on the move. It’s web security for the mobile era.
Benefits of cloud-native secure web gateways
Secure web gateways help companies to:
- Take advantage of cost-savings, resiliency, and performance by connecting branch offices and remote users directly to the internet
- Apply security policy consistently across all users, regardless of location
- Centralize visibility across virtually all users and devices into a single dashboard
- Inspect encrypted traffic with minimal effect on network performance
- Quickly scale security as the organization expands
- Reduce the number of physical security appliances they manage
SWG technology offers organizations a more consistent path to policy enforcement when they’re centrally managing security policies across multiple locations and a widespread remote user base that’s connecting directly to the Internet and cloud resources. It makes it possible to migrate applications to the cloud in fulfillment of business initiatives, while reducing the amount of time dedicated to managing security policies.
Cloud-native secure web gateway use cases
There are number of important use cases for organizations of all sizes.
- Protection for highly distributed networks: provides uniform security across multiple locations and numerous remote workers
- Solving industry-specific cybersecurity problems: offers flexible security options to financial, retail, healthcare, manufacturing, distribution, federal government organizations
- Application migration to the cloud: provides the means to more safely adopt SaaS applications like Office 365 and to migrate to cloud providers like AWS, Azure, and more
- Security for SD-WAN connections: allows organizations to take advantage of the benefits of SDWAN by adding a layer of security between each data center or brand location and the internet
- Transform security: helps reduce up-front capital expenditures and move to predictable operational-expenditure model
- Helps support M&As and divestitures: organizations can quickly scale SWG up or down to accommodate changes in the number of physical locations or user count