As business processes and modern work evolve, security must adapt along the way. Overnight, companies are becoming global and dependent on cloud services to enable their anytime, anywhere workforce. And while the global COVID-19 pandemic forced employees to work from home, organizations are now adopting hybrid models of working that promote flexibility—not only from a location standpoint, but also when it comes to devices.
Today’s knowledge work has accelerated the need for security delivered from the cloud, paving the way for cloud-based secure web gateways (SWG) as a critical tool for security departments that need to replace legacy on-premises proxies and deliver on the promise of the Secure Access Service Edge (SASE) architecture. However, not all SWGs (pronounced swigs) are created equal.
So the question is, why does a modern business require a cloud SWG to protect employees and enhance productivity? To get an answer, we spoke with career CISO and current Menlo Security Head of Global Services, Jack Miller.
Organizations originally used on-premises (or on-prem) proxies as one of the main tools that secured and protected employees in their network. Traditionally these proxies worked by blocking sites and preventing access to sites that were either known to be malicious or were considered bad for productivity. As these on-prem security tools evolved, additional features like file scanning and anti-virus (AV) were added to help secure the organization even more.
However, as businesses digitally transform, increase their use of cloud SaaS applications, and enable a distributed workforce, they need to migrate their security stacks from physical data centers to the cloud. They also need to accommodate modern workforce requirements, which means accessing the Internet directly, Miller says. Given the speed at which business is conducted today, the previous approach of blocking and preventing Internet access would only stunt productivity, he adds.
A distributed workforce that needs unfettered access to the Internet means that traditional on-premises proxies no longer serve the needs of modern organizations.
A cloud SWG is one of the most effective solutions designed to protect users and the organization no matter where employees are or what devices they’re using for work. But you need to be aware of key considerations when your organization is in the market to buy one. You’ll want to consider a cloud SWG that:
1. Puts the security in SASE.
If you haven’t given it thought yet, consider how your organization and cybersecurity department will adopt the Secure Access Service Edge (SASE) architecture. This relatively new security framework incorporates the needs of a digital-first organization, improving cost-savings and flexibility while reducing complexity.
Ensuring that your cloud SWG fits with your plan to adopt and upgrade to a SASE architecture will help you identify the right solution that will integrate with your vendors and/or have a road map to help you plan your strategy moving forward.
2. Uses Zero Trust to ensure zero malware.
Traditional on-prem cybersecurity solutions used deterministic logic that decided whether websites were safe or not safe (or would cause productivity issues). This binary system wasn't very reliable and could cause issues depending on how threats were categorized.
“By the time you identify an attack, a threat, or an indicator of an attack, the attackers could make a tweak to bypass that logic,” Miller says. This detect-and-remediate approach struggles to keep up with today’s threat landscape.
The most effective cloud SWGs leverage a Zero Trust model and isolation technology to protect employees. A Zero Trust model treats all content as untrustworthy, so it’s not determining what content is safe and not safe. By leveraging isolation technology, employees aren't prevented from going to the websites they need to use. This cloud SWG creates a protective layer around users—through isolation—as they navigate the web, blocking not only known and existing threats but unknown and future ones as well. This creates a preventive approach to cybersecurity that works behind the scenes, preserving the user experience and protecting productivity.
3. Works with existing (and future) environments.
Your on-prem solution isn’t completely obsolete and is likely one of your most integrated systems within your network. As you look for a cloud SWG solution that’s right for your organization, you have to be sure it will work with your existing infrastructure and is adaptable as your organization evolves. When migrating from an on-prem proxy to a cloud SWG, you’ll have an opportunity to make some fundamental upgrades to your infrastructure. Part of choosing the right cloud SWG is moving to one that lets you do that.
As with any major IT purchase, there’s a balance between budget and finding the solution that fits your organization best. “You want a solution that will be scalable and supports the changes in your organization that are going to come,” Miller says. “You don’t want to buy something that may be affordable, but you’ll outgrow in a year. You want something that will support the organization now, as well as grow with you.”
4. Preserves the user experience.
Legacy on-premises proxies severely impacted the user experience, even for sites that were deemed safe to access. Other solutions, such as VPNs, don’t scale well. “If an organization has 10,000 employees who need to access their network securely, a VPN wouldn’t be able to handle that,” says Miller. “There would be too much lag, or latency, and it would severely impact productivity.”
As you’re evaluating cloud SWG solutions, considering the end-user experience is paramount. Is there latency or lag? Are all kinds of documents, files, videos, and so on supported and secured properly? You’ll need to understand how each solution you consider will impact your organization’s different departments and their workflows.
5. Decreases time to value.
Speed and agility can be hard to come by in security, but these are essential ingredients when it comes to selecting the right cloud SWG. Deployment needs to be seamless and fast, providing you with the ability to focus on the most risky users and regions where the consequences are the highest. Flexible deployment options are a must, whether hosted on premises or in the cloud, integrating with any existing network infrastructure and supporting any device. With cloud-delivered security, a swath of users can be swiftly protected dynamically, eliminating the need for capacity planning.
As you’re considering a cloud SWG, part of your due diligence should be focused on decreasing time to value in order to quickly secure work that enables the business.
These top five considerations are essential as you’re looking to migrate from your on-prem proxy and secure your workforce no matter where they conduct work or the devices they use. It’s just as essential to properly understand the needs of your organization now and in the future. Having an understanding of how your organization, security, and IT department will grow and change will also help you understand how a cloud SWG will address your organization’s needs.
Discover how Menlo Security’s Secure Web Gateway powered by an Isolation Core™ protects productivity and accelerates the business.