Secure Web Gateway: How it serves the hybrid workforce and SASE too

Like a sprinkled topping on an ice cream sundae, Secure Web Gateway (SWG) tools are starting to meld into broader solutions, but that doesn’t mean SWG is losing its ability to stand out as an important ingredient and security capability–quite the contrary, actually. Gartner, for example, included SWG as one of the five core capabilities in its Secure Access Service Edge (SASE) framework. This makes sense, given SASE converges key network and security tools into one service designed to help companies manage hybrid workforces at home, in the office, and on the go.

With SWG layered in, these bigger offerings are better delivering on the needs of the anywhere business, but IT leaders shouldn’t shrug off SWG as just an added box on their favorites checklist. Here’s what you should know as solutions consolidate and companies look for a single provider to cover more of their business needs.

Secure web gateway: A simple explanation

An SWG is a security technology solution that sits between enterprise employees and the wider web, the Internet. Think of SWG as a bouncer or gatekeeper who sits at the door between the user and the Internet, filtering access to websites according to its lists of “good,” “suspect,” and “bad” domains and networks. Essentially, an SWG helps enterprises protect their employees from digitally entering forbidden places.

Taking our gatekeeper analogy one step further, an SWG can also behave much like the Customs and Border Protection patrol would at an international crossing, when they ask if you are carrying any prohibited fruits, plants, and potentially foreign animal diseases into the country. Acting as a proxy for access, SWGs scan traffic coming back from external sources for malware and blocking unsafe downloads or other kinds of activity. Like invasive plants or even Mad Cow disease, security risks from “out in the wild” can be devastating if carried back into the corporate IT environment.

SWG challenges and solutions in a work-from-anywhere world

With so many employees working from home, more users are accessing information and corporate resources via Internet services, making SWG more essential than ever. And yet, the SWG solutions most IT teams have already established are problematic when applied to today’s work-from-anywhere world. Here’s why.

Traditionally, SWG has been an on-premise appliance sitting at an Internet egress point. This creates a “hairpin U-turn” in the enterprise WAN: user traffic comes in from the Internet across a VPN, hits the SWG, and heads right back out again. That sharp turn is an extra step that represents a significant process and performance inefficiency multiplied by every remote user.

On the other hand, many other employees have been pushed into home offices sans corporate VPN, and therefore are no longer gaining the protection of corporate SWG, unless that SWG is cloud-based AND they have been configured to use it as a proxy. This explains why more companies have rapidly shifted to cloud-provisioned SWGs. The cloud fixes the problem. As a result, SWG market is likely to reach a tipping point in 2021 with more IT leaders purchasing cloud SWG services.

How secure web gateway fits in the SASE framework–and then some

As a security shield for Internet-dependent employees working from wherever they are, SWG fits solidly within the natural scope of the wide-sweeping SASE framework. SWG functionality is central to the idea of SASE, because it is easily deployed and managed via the cloud. Plus, it helps companies address the issues of Internet connectivity. But that value has made it a target for many solutions on the market.

It’s important to understand how prevalent consolidation is with SWG, as decision makers will have more choices than just SASE:

• Bundled SD-WAN solutions typically include SWG and next-generation firewalls.
• Security solutions commonly adjoin SWG and Cloud Access Security Broker (CASB).
• SASE solutions go farther–stirring into one solution all of the above tools plus Zero Trust Network Access.
• Additionally, Zero Trust strategies and solutions also typically include SWG.

No matter which way you go about SWG, here are some things to think about.

Important considerations with secure web gateway

IT leaders ready to invest in SWG as part of their remote work security improvement efforts should look for a solution that integrates cleanly and transparently into their broader SASE or SD-WAN architecture from both a policy control perspective and also a reporting and alerting perspective. If SD-WAN is not in place yet, leaders should be looking for robust directory integration and an easy fit into the security operations SIEM environments. Of course, cost is always a consideration, and it’s here where managed security services can come in handy for IT teams that might struggle with the tasks of threat detection and response.

Secure web gateway and SASE from Masergy

With Masergy’s SWG solution, companies of every size can block websites that users shouldn’t be accessing, control applications, enable deep HTTPS/SSL inspection, and prevent data loss—all with a turnkey service.

• Powered by Fortinet, the Leader in the Gartner Magic Quadrant for WAN Edge Infrastructure, Masergy’s solution goes beyond standard web proxies to keep enterprise networks safe from malicious Internet traffic, preventing threats from entering the network and causing an infection or intrusion
• A fully-integrated solution: At Masergy, secure web gateway and next-generation cloud firewall technologies are fully integrated, helping businesses of every size widen their security coverage with ease
• Comprehensive solution:
  • Protection at the packet level and at the application level
  • Granular per-application visibility along with a Shadow IT Discovery solution
  • Identity-Based WAN Analytics that enable a Zero Trust approach to security
  • 24/7 managed detection and response services from Masergy’s three global SOCs

Learn more about SWG from Masergy as well as our broader SASE capabilities.