Secure web gateways are essential for the remote workforce

Originally designed to shield against malicious websites or unacceptable content, secure web gateways (SWGs) have evolved to become essential to enterprise security, especially for remote workforces. This is especially true since early 2020, when COVID-19 created millions of remote workers almost overnight.

The VPNs that were widely implemented as an early response to the worldwide health crisis allowed secure access to network resources but came with an impact on productivity and network throughput. Meanwhile, for remote workers connecting directly to SaaS and cloud-based applications and data, VPNs weren’t even part of the equation. The reality is, with business-critical apps and data residing outside the network perimeter, remote users need access to these resources from anywhere.

SWGs are essential to ensuring that access. But how and where a SWG is implemented can make the difference between real protection and a false sense of security.

Putting the "S" in "SWG"

SWGs started as a means of URL classification -- identifying and blocking online destinations and content that was deemed inappropriate. Early on, organizations saw this as a productivity solution, keeping the inside sales team from going to sports sites when they should be making calls.

As SWGs became more about security, rather than productivity, they evolved to provide a level of protection beyond firewalls and anti-virus software; in particular, they enforce security policies by preventing users from reaching certain websites and keeping risky material off the network. The problem is, they also require sites to be categorized. Some of this can be automated, but much of the time, the security team needs to continually refresh the approved or blocked sites lists.

This sort of manual updating doesn’t account for "safe" sites that get infected by malicious code; a site that was known to be safe yesterday may be compromised today, and until the block list is updated, systems and data remain at risk. SWG appliance deployed on-premises means that all traffic needs to be backhauled through the network infrastructure, adding latency and increasing the need for corporate bandwidth. In a remote work environment, this just isn’t practical, especially for users who rely on cloud and SaaS resources. These solutions also require regular updates and upgrades to both software and hardware to address changes in technology and next-generation threats.

The core issue with how SWGs and other security solutions were implemented in the past is that they depend on a "detect and remediate" model. These solutions can’t keep up with evolving attack vectors, malware variants and compromised websites. All it takes is one wrong click to create an untenable security situation. Even if your solution is effective 99 percent of the time, that remaining one percent can leave you vulnerable to attack.

Does this mean SWGs are not effective for current security needs? In fact, the opposite is true. What has changed, though, is how an SWG fits into a complete strategy.

From Productivity Enhancer to Security Heavyweight

In a cloud-driven era, CISOs have to protect productivity while securing users and data from both known and unknown threats -- all in a remote or hybrid working environment. As the security stack moves from the network to the cloud, a SWG has become a fundamental building block of a Secure Access Service Edge (SASE) framework. All elements of your security stack need to coordinate and talk to each other, from your SWG to your cloud access security broker (CASB) to your data loss prevention (DLP) solution.

There’s one more factor that can make a critical difference in the effectiveness of a comprehensive security strategy: a zero trust approach that assumes every contact between a user and a resource is malicious until proven otherwise. To create a true zero trust environment requires an array of authentication and verification methods, but is also  supported through isolation -- that is, creating a virtual gap between the user and the online resource.

Using a SWG with an isolation core, users can view and interact with websites and online applications but active content can never actually touch an employee’s system. This is zero trust at its most fundamental: nothing is trusted, yet productivity is preserved. A cloud-based security stack, centered around a SWG to enforce policies and inspect traffic to and from that isolated environment, can enable users everywhere to safely access web resources without the slowdowns or incomplete protection of conventional solutions.

Threats Keep Evolving -- Security Must Evolve to Match

Where people work -- and where data resides -- has radically shifted; security, as always, will continue to follow suit. Going forward, the internet is the corporate network, and must be treated as such. While COVID-19 put VPNs in the spotlight, remote work will accelerate SWGs to the mainstream of security solutions. A cloud-based security stack, powered by isolation and featuring the configurability and capability of an SWG, is essential to ensuring both productivity and security, no matter where work happens.

Image credit: fizkes / Shutterstock

Mark Guntrip is Senior Director, Cybersecurity Strategy at Menlo Security