Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Why Do I Need a Next-Gen Secure Web Gateway?

Published 12/16/2022

Why Do I Need a Next-Gen Secure Web Gateway?

Originally published by Lookout.

Written by Stephen Banda, Senior Manager, Security Solutions, Lookout.

The internet is now your default corporate network. This has some major perks — it means that your employees can access whatever they need from wherever they need it.

But using the internet like this has also made your organization's security posture more complex. People are using networks and devices your IT doesn't manage, and they are accessing data that is scattered across countless apps. And you can’t forget the prevalence of internet-based threats like phishing, which can steal credentials and deliver malware.

To keep data protected while still providing seamless access to employees, organizations are now moving to a zero-trust strategy, which asks users and devices to prove that they are trustworthy rather than assuming that they are. A true zero-trust approach requires security solutions that work together, and a key piece of this puzzle is a secure web gateway (SWG).

Traditionally, SWG is a piece of hardware that sits at the edge of your corporate perimeter to monitor web traffic as users connect to the internet. But now, nearly all connections happen via the internet. And because your data now resides in the cloud, there’s no point in redirecting traffic back inside your corporate perimeter to be filtered. Not only does this create a poor user experience, but the traditional SWG lacks visibility into any traffic that isn’t forced back on premises.

To support the way your organization now operates, you need a modern, cloud-based SWG that matches the way you work.

With greater flexibility comes greater risk

It used to be that the internet was only an occasional destination for employees. That, combined with the fact that most users and devices were located inside a corporate office, meant that a physical piece of SWG hardware could do the job of inspecting web traffic just fine.

But now, your employees are working from anywhere, and they’re using the internet to access the things they need. While the flexibility of being able to work from anywhere and on any device makes your users more productive, it also introduces new risks. Your corporate data could be leaked via employees’ personal web apps, social media, and more, and the constant exposure puts you at a higher risk for phishing attacks and other internet-based threats. This means a physical piece of hardware simply can’t protect against the volume and variety of internet-based threats.

A traditional hub-and-spoke approach to monitoring web traffic is also unnecessarily complex, leading to a poor end-user experience, which in turn puts a damper on productivity. Your organization needs a tool that allows you to enforce acceptable use and restrict access to websites based on corporate policies, even when employees aren’t in the office.

Security doesn’t stop with SWG

To find the right SWG solution, organizations need to think beyond product. Finding a cloud-delivered SWG rather than a piece of physical hardware is a good start, but it shouldn't be your only criteria. Instead, you need the ability to efficiently enforce policies across your entire organization — whether your employees are working on the internet, in cloud apps, or in private apps.

In order to protect corporate data and enforce governance, your organization needs full visibility and the ability to enforce granular controls. This starts with tools like URL filtering and malware detection, but that’s not where it stops. Because it’s so easy for employees to use web apps — even when they’re unsanctioned — you also need to be able to automatically detect shadow IT and enforce data protection policies.

But a cloud-based SWG should only be one part of a well-rounded security solution that also includes a cloud access security broker (CASB) and zero trust network access (ZTNA). Working together as part of a unified security service edge (SSE) solution, these tools will extend your security protections from internet traffic to cloud apps and private apps, as well.

Share this content on your favorite social network today!