Secure Web Gateways (SWGs) — Unsung Heroes of Remote Work

As the world shifts into a new, more remote way of working, there is one question that comes to mind: how secure? Professionals can no longer work on-site where security is guaranteed by their companies’ on-premise servers. Secure Web Gateways offer a solution to this growing issue. SWGs are gateways that provide secure experiences for users on the internet, in and out of the office. In this blog, we will be going over SWG capabilities and the different architecture offered for this solution.

Breaking Down Secure Web Gateways

A Secure Web Gateway is a solution that filters unwanted software or malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. In simpler wording, SWGs are a turnkey solution to keeping potential website viruses far away from company networks while keeping true to company policies. They are able to detect if a website is malicious or not in mere milliseconds and directs the user away immediately once identified. At the very least, Service Web Gateways include:

• URL filtering
• Malicious-code detection and filtering
• Application controls for popular Web-based applications (think Skype!).
• Native or integrated data leak prevention

Given all of these features, SWGs are still customizable and can mold to any way IT teams see fit.

SWG Architecture

With on-premises SWG, the use of proxy architecture processes all the web-bound traffic, which ensures that all the traffic that comes in and out of the Internet are inspected and kept under control. Of course, protection is only active when using company specified facilities. If your organization is looking for more control over your deployment, then on-premises SWG is the perfect solution for you.

With hybrid SWGs, they allow gateways to be placed close to where the users are which ensures low latency. In addition, SWGs can reach geographic locations that would otherwise be impractical. Hybrid deployment allows more freedom for organizations that want more control over their deployments but also need to address a widespread group of users.

Cloud-based SWG takes it one step further by completely integrating with the company’s infrastructure. Cloud-based is deployed to provide protection and enable secure web and cloud access from anywhere — including outside the office by mobile users. Cloud-based is the most flexible deployment and is suitable for businesses of any size and highly distributed teams.

Bitglass’ Secret Sauce

At the end of the tunnel, there is Bitglass. Bitglass provides the world’s only on-device SWG. What makes Bitglass special is that we decrypt and inspect traffic locally via a SmartEdge agent on each device, eliminating the need for on-premises appliances, VPNs, network hops, and cloud proxies. Rather than sending all traffic to an appliance or cloud proxy, Bitglass’ solution decodes and reviews HTTPS traffic directly on users’ devices. The only logs that are created and sent to the cloud are when security policies are violated, so this means personal browsing traffic is private and stays on the users’ devices. Usually, all the personal credentials, activities, and information are revealed to the corporate network, but we work hard here at Bitglass to avoid this shortcoming.

We often forget how important SWGs are and how crucial they are to keeping us out of trouble. Although often taken for granted, SWGs are the unsung heroes working to provide users a seamless, safe, and smooth experience.