Like a sprinkled topping on an ice cream sundae, Secure Web Gateway (SWG) tools are starting to meld into broader solutions, but that doesn’t mean SWG is losing its ability to stand out as an important ingredient and security capability–quite the contrary, actually. Gartner, for example, included SWG as one of the five core capabilities in its Secure Access Service Edge (SASE) framework. This makes sense, given SASE converges key network and security tools into one service designed to help companies manage hybrid workforces at home, in the office, and on the go.
With SWG layered in, these bigger offerings are better delivering on the needs of the anywhere business, but IT leaders shouldn’t shrug off SWG as just an added box on their favorites checklist. Here’s what you should know as solutions consolidate and companies look for a single provider to cover more of their business needs.
An SWG is a security technology solution that sits between enterprise employees and the wider web, the Internet. Think of SWG as a bouncer or gatekeeper who sits at the door between the user and the Internet, filtering access to websites according to its lists of “good,” “suspect,” and “bad” domains and networks. Essentially, an SWG helps enterprises protect their employees from digitally entering forbidden places.
Taking our gatekeeper analogy one step further, an SWG can also behave much like the Customs and Border Protection patrol would at an international crossing, when they ask if you are carrying any prohibited fruits, plants, and potentially foreign animal diseases into the country. Acting as a proxy for access, SWGs scan traffic coming back from external sources for malware and blocking unsafe downloads or other kinds of activity. Like invasive plants or even Mad Cow disease, security risks from “out in the wild” can be devastating if carried back into the corporate IT environment.
With so many employees working from home, more users are accessing information and corporate resources via Internet services, making SWG more essential than ever. And yet, the SWG solutions most IT teams have already established are problematic when applied to today’s work-from-anywhere world. Here’s why.
Traditionally, SWG has been an on-premise appliance sitting at an Internet egress point. This creates a “hairpin U-turn” in the enterprise WAN: user traffic comes in from the Internet across a VPN, hits the SWG, and heads right back out again. That sharp turn is an extra step that represents a significant process and performance inefficiency multiplied by every remote user.
On the other hand, many other employees have been pushed into home offices sans corporate VPN, and therefore are no longer gaining the protection of corporate SWG, unless that SWG is cloud-based AND they have been configured to use it as a proxy. This explains why more companies have rapidly shifted to cloud-provisioned SWGs. The cloud fixes the problem. As a result, SWG market is likely to reach a tipping point in 2021 with more IT leaders purchasing cloud SWG services.
As a security shield for Internet-dependent employees working from wherever they are, SWG fits solidly within the natural scope of the wide-sweeping SASE framework. SWG functionality is central to the idea of SASE, because it is easily deployed and managed via the cloud. Plus, it helps companies address the issues of Internet connectivity. But that value has made it a target for many solutions on the market.
It’s important to understand how prevalent consolidation is with SWG, as decision makers will have more choices than just SASE:
No matter which way you go about SWG, here are some things to think about.
IT leaders ready to invest in SWG as part of their remote work security improvement efforts should look for a solution that integrates cleanly and transparently into their broader SASE or SD-WAN architecture from both a policy control perspective and also a reporting and alerting perspective. If SD-WAN is not in place yet, leaders should be looking for robust directory integration and an easy fit into the security operations SIEM environments. Of course, cost is always a consideration, and it’s here where managed security services can come in handy for IT teams that might struggle with the tasks of threat detection and response.
With Masergy’s SWG solution, companies of every size can block websites that users shouldn’t be accessing, control applications, enable deep HTTPS/SSL inspection, and prevent data loss—all with a turnkey service.
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.