Better Together: The Future of CASBs and SWGs
Published 06/21/2021
This blog was originally published by Bitglass here
Written by Jacob Serpa, Bitglass
We’ve established before that cloud access security brokers (CASBs) and secure web gateways (SWGs) do not compete and are, in fact, complementary security tools. However, in addition to this, there is overlap between the two which (along with other factors) is leading to their convergence.
In general, organizations use CASBs to secure managed software-as-a-service (SaaS) applications and infrastructure-as-a-service (IaaS) environments. SWGs are primarily used to secure and manage web access, as well as control the use of unmanaged SaaS apps, also known as shadow IT. The goals of both are to monitor and secure the flow of traffic to protect users and data in environments that the organization does not own or have complete control over — like a home office, the web, or the public cloud.
So what does this shared goal mean for the future of CASBs and SWGs? Instead of competing, CASBs and SWGs will converge, and are actually doing so already.
While the market had been moving in this direction for some time, last year’s global shift to remote work and heightened emphasis on digital transformation brought reality into sharp focus: most work is being done off premises, on the web and within cloud apps — not in physical offices. Consequently, companies have continued to accelerate the offloading of on-premises data and processes into public and private clouds.
Naturally, this shift calls for a change in the IT resources used to support this new style of operations. In short, the move to the cloud and the embracing of remote work means that legacy, on-premises security tools are no longer sufficient. The moat remains in place, but the castle and its inhabitants have gone elsewhere.
As work moves to the web and the cloud, defenses should follow. CASBs and modern SWGs do exactly that — protect users and data off premises. The convergence of these two solutions, along with the de-emphasis of on-location network security, has contributed to the rise of secure access service edge (SASE).
A SASE offering is a platform that integrates technologies like CASB and SWG so that organizations can extend consistent security to all interactions across the IT ecosystem. Instead of physical appliances sitting at a central location, SASE leverages smart endpoint agents, the edge, and public cloud technologies to support a distributed workforce using a heterogeneous mix of devices.
Of course, there are some assets that will stay on-premises and, as a result, hybrid architectures will remain. Luckily, SASE has a solution for that, too. Zero trust network access (ZTNA), another key SASE component, secures remote access to specific resources on the network based on a user's access context, without having to rely on unscalable hardware appliances like traditional VPNs.
Organizations have much to gain from the convergence of SWG, CASB, and ZTNA into SASE offerings. Rather than grappling with disparate technologies, enterprises can get unified and consistent visibility and control across the entire IT ecosystem, resulting in better overall security. Simplicity through the reduction of solution sprawl is another benefit. Finally, overseeing tightly integrated solutions through a single dashboard translates to consolidated ease of management and, as a result, time and cost savings.
Related Articles:
Zero Standing Privileges (ZSP): Vendor Myths vs. Reality
Published: 11/15/2024
Modernization Strategies for Identity and Access Management
Published: 11/04/2024
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Published: 11/04/2024