Modern-day secure web gateways are not new to IT. While this technology has been available for about as long as the web itself, back in the day, SWGs were referred to as web content filters or internet proxy filters. Secure web gateways have evolved into much more complex security controls, however, that are offered as both on-premises and cloud-based products. These web security products and services protect users from themselves and therefore protect the larger network from the evils associated with internet browsing and business usage.
It's one thing to assume that the network is secure regarding business internet usage, but it's quite another to monitor and enforce such behavior to ensure IT-related risks are minimized. That's where secure web gateways come into play. From blocking specific websites and filtering certain web content to detecting and responding to web-borne malware, SWGs are an invaluable resource for enforcing acceptable usage policies and minimizing overall network security risks. SWGs are also an essential part of a larger security program, as the latest features can provide granular application control as well as data loss prevention and cloud access security broker, or CASB, functionality.
Secure web gateways sit between the user and the internet and are typically deployed as direct cloud services or in cloud or appliance hybrid configurations. Thanks to the simplicity, efficiencies in getting up and running and overall costs savings, cloud-based SWGs are being offered and used more today. According to Gartner, enterprises are shifting their budgets from legacy appliances to cloud services. The five-year compound annual growth rate for SWG cloud services is 32%, and the five-year CAGR for SWG appliances is 5%. This growth has been fueled by an expanding mobile workforce and the need for protection when users are off-site and connecting to the internet via their mobile devices on non-corporate networks.
Cloud-based secure web gateways can easily scale to the largest of networks with minimal effort required by enterprise IT and security staff. Of course, choosing cloud-based services also decreases capital and operational expenses associated with on-premises hardware. Furthermore, the computing power, real-time analysis and shared threat intelligence allow cloud-based SWGs to extend oversight and mitigation to broad groups of users in the most complex and vulnerable of network environments.
Cloud-based secure web gateways serve as an intermediary between users and the web, regardless of their location. Connectivity simply requires internet access from corporate offices, remote branch offices and even users' homes. Web gateways monitor outbound and return web traffic and provide detailed reporting on internet usage and threat activities. Security policies are applied as needed. Secure web gateways can typically handle encrypted and unencrypted web traffic as well.
Here are key considerations for evaluating secure web gateways:
- Does the organization fully understand its web-related threats and vulnerabilities as they pertain to its users? What specific business risks are they creating?
- What compensating controls does the organization currently have in place to help with web-related risk mitigation?
- What additional business needs does the enterprise have to address the gaps and meet specific security requirements and goals?
- Does the organization have dedicated internal resources for deploying and managing yet another security tool? Would a cloud-based service minimize those requirements?
- What initial and ongoing support and oversight will the enterprise need for cloud-centric deployment? Can the cloud product integrate with existing on-premises tools?
- How will the business measure the success of a secure web gateway implementation? Will the organization's approach to security management foster changes and improvements where needed? What might need to be tweaked?
Once an organization has defined its specific needs, the stakeholders can take the next step and examine the available SWG products to select the one that's right for the business. Given what's at stake -- including risks to network systems and information assets as well as budget and resource requirements -- taking a measured approach is essential when choosing a secure web gateway for the enterprise. In the end, this is all about risk acknowledgment, mitigation and management. This is why it's critical to treat your approach to SWGs -- and network security as a whole -- as the business function it truly represents.