As businesses pursue hybrid work and cloud innovations leveraging internet connectivity, they must address new cyber security risk exposures that arise in today’s highly distributed enterprise environments. One challenge is to mitigate threats coming from users browsing malicious websites. Secure Web Gateway (SWG) technologies have served as a helpful tool in solving this challenge, but these solutions have typically been an on-premises appliance—only effectively covering people and digital assets located within the boundaries of the corporate business. That situation no longer applies. With remote workers and assets now spread out far beyond the confines of corporate networks, security strategies must expand and so too must SWG technologies.
Here’s how to expand your security coverage, addressing the risks of the internet with SWG solutions and other tools designed specifically for securing a remote workforce using the public internet.
A SWG solution protects an organization from online security threats. In particular, it provides centralized protection for employees who are engaged in outward-facing activities like visiting websites and using web-based applications. Traditionally deployed as an on-premises appliance that sits between end users and the internet, the SWG enforces web-related security policies and filters traffic both to and from the internet. As a two-way protection it filters outbound traffic for policy enforcement and protects from inbound threats.
Modern SWG-as-a-Service (SWGaaS) solutions make security protections applicable regardless of location. With SWGaaS, organizations can get the benefits of cybersecurity wherever users are located. This capability is particularly helpful for companies connecting internet-based resources and remote workers.
How it works: An SWG can inspect web requests and compare them to acceptable use policies. It can block malicious applications and websites using techniques like URL filtering, malicious content inspection, application control and data loss prevention (DLP). An SWG is able to filter out corrupt content or block unwanted web page components such as adware or spyware—without completely blocking a site. The SWG achieves this by running a sandbox or remote-execution environment that keeps non-trusted content away from end users and their devices.
Centralization for more efficient security: Its ability to centralize the protection process drives better security outcomes partly because it takes the unreliable end user out of the loop. In addition, centralization helps security by allowing for remote execution and the upgrading of security controls in one place.
IT teams freed from management responsibilities: SWGaaS performs the same tasks as an on-premises, appliance-based SWG, but does so online and on-demand, wherever the functionality is required. There are a number of advantages to the SWGaaS approach, beyond the standard flexibility and economic benefits of an as-a-service offering versus on-premises. For one thing, SWGaaS shifts the resourcing of the SWG to the service provider, removing IT from many support tasks, such as upgrades.
Security without slowing the user experience: SWGaaS also delivers protection to remote users without requiring their web traffic to first go through the corporate network before going back out to the internet. This inefficient “hairpin” turn slows down web browsing and can degrade the performance of web-based applications while also tying up bandwidth.
As organizations embrace the internet as a primary connectivity type and a necessary tool in building and delivering digital experiences, security strategies must evolve in parallel. Digital transformation is dependent upon the need for security teams to safely enable new innovations, most of which are rooted in the adoption of emerging technologies.
For example, business strategies leveraging the cloud and machine learning may involve restructuring digital relationships with partners and other entities, leading to a perimeter-less, distributed enterprise. Companies might find they have edge computing points of presence (PoPs) accessing software and data from third-party entities and their cloud-based services. These end users may be accessing websites from places outside the corporate network. Other new initiatives may involve putting employees in touch with customers on social media sites and other public-facing Internet resources.
As such, the need for web security becomes all the more urgent. The question then becomes: Can companies tackle all the risks of the public internet and remote workers in just one investment, and, if so, how?”
Secure Access Service Edge (SASE) or Secure Access Service Edge (SSE) solutions and approaches offer a way for such a perimeter-less, distributed enterprise to stay secure without sacrificing efficiency. SASE combines technologies like SWG with cloud access service brokers (CASBs), next generation firewalls, zero trust network architecture (ZTNA) and SD-WAN. The goal is to create a pervasive, virtual and secure point of connection for widely distributed end users and devices leveraging the internet. With SASE, they can securely access data and software that might be hosted in the cloud, on-premises or through Software-as-a-Service (SaaS) applications. SWGs or SWGaaS are typically included in converged SASE and SSE solutions.
SWGs align well with today’s security needs, particularly when part of a broader SASE solution. They protect end users’ devices no matter where they are and how they’re connected to the internet. And, they enable the operationalization of Zero Trust security models. They achieve these objectives by protecting users and endpoints from the dangers that arise with online activities like web browsing and use of SaaS solutions.
The SWG has an important role to play in helping IT leaders defend their organizations when they are undertaking transformational projects and migrating to hybrid work. SWGaaS, in particular, has the ability to mitigate risk as users, their devices and corporate data move outside the traditional IT perimeter. SWGaaS also fits well with the strategy of implementing SASE solutions to address remote connectivity and security simultaneously.