Use Cloud SWG to Simplify Remote Workforce Security

Apr 18, 2022
5 minutes
... views

Just a few years ago, teams of corporate datacenter security and network experts worked tirelessly to maintain their on-premises infrastructure to support employees working at the main office headquarters. This on-premises security and network infrastructure typically included a range of multi-vendor web proxy appliances that were not designed for use with cloud-based applications and lacked the ability to support large numbers of remote workers.

In addition, the dramatic adoption of cloud infrastructure, cloud applications, and cloud services also makes it difficult for traditional on-premises datacenter security and network appliances to keep up. Employees today regularly access a variety of cloud- and datacenter-based applications from coffee shops, home offices, parks–just about anywhere–via a wide range of personal and employer-provided devices that includes phones, tablets, and computers.

The combined increases in cloud technology adoption and the number of employees working remotely have resulted in  61% of organizations reporting they've struggled to provide the necessary remote security to support work-from-home capabilities.

Traditional Web Proxy Solutions Can’t Keep Up

Traditional, on-premises web proxy appliances were designed for use in datacenter environments, providing headquarters-based office workers with internet access and security. However, these secure web gateway (SWG) appliances were never designed to support large numbers of remote workers, lacking the scalability and performance needed to support cloud-based applications. As a result, many organizations are open to a new approach to SWG, with only 8% of organizations indicating they are very satisfied with their current SWG solution and not planning to change any time soon.

Some of the key limitations associated with traditional on-premises web proxy appliances include:

  • Incomplete security. On-premises web proxy appliances and other multi-vendor legacy products fail to provide complete, consistent security across all users, locations, and devices.
  • Limited app coverage. Over half of all remote workforce threats are for non-web apps, which are invisible to web proxies. Security teams can’t block what they can’t see. The risk of a data breach increases without security for both web and non-web apps.
  • Poor end-user experience. Performance bottlenecks happen when organizations backhaul remote worker internet traffic to datacenter-based web proxy appliances for access and security. In addition, remote workers use a VPN–not a SWG–to gain remote access to private applications, which can cause confusion and more IT help desk calls.
  • Multi-vendor appliance limitations. Using many web proxy appliances results in a lack of centralized management, inconsistent security policies, slow performance, and poor visibility into network threats across the organization.

A Modern Cloud Secure Web Gateway

Traditional web proxy appliances are managed separately from other security controls, creating complexity, policy inconsistency, and ultimately leading to security gaps that put enterprises at risk. Fortunately, organizations can now transition from traditional web proxy appliances to the modern Cloud Secure Web Gateway capabilities in Prisma Access.

Prisma Access provides a natively integrated cloud SWG and a completely reimagined, user-centric workflow built from the ground up to offer simple and easy-to-define web security rules. Now, businesses can go beyond the traditional “allow” or “block” rules to enable more granular action controls that accommodate the emerging needs of their hybrid workforces to achieve:

  • Protection for all app traffic. Prisma Access provides access to all apps and secures against both web- and non-web-based threats, helping organizations reduce the risk of a data breach by up to 45%.
  • Complete, best-in-class security. Prisma Access converges industry-leading capabilities into a single cloud-delivered platform, providing more security coverage than any other solution and delivering more than 4.3M unique security updates per day, 24.5x more than our nearest competitor.
  • Exceptional user experience. Prisma Access resides on a massively scalable network that provides ultra-low latency and is backed by industry-leading SLAs to ensure the best digital experience possible for end-users. Prisma Access also eliminates performance bottlenecks caused by backhauling traffic with 10x more total encrypted tunnel throughput than the nearest competitor and performance SLAs that are 10x better than any other cloud-delivered service.

We also simplify the transition from traditional web proxy appliances to the Cloud Secure Web Gateway capabilities in Prisma Access. By leveraging the cloud explicit proxy option, organizations can use Prisma Access Cloud Management to update existing PAC files so that internet-bound traffic is directed to Prisma Access cloud explicit proxy for user access and internet threat protection without requiring any network architecture changes.

We also provide a best practices dashboard, assessments, field checks, and reports to improve your security posture, streamline management, and increase user productivity. Continually assess your configuration against these inline checks, which include:

  • Rulebase checks that look at security policy organization and management, including configuration settings that apply across many rules
  • Security rules
  • Security profiles
    • Anti-Spyware
    • Vulnerability Protection
    • WildFire and Antivirus
    • URL Access Management
    • DNS Security
  • Authentication
  • Decryption
  • GlobalProtect

Cloud Secure Web Gateway in Prisma Access also provides flexible connectivity options that make it easy for organizations to protect all users and applications, wherever they reside, including:

  • Managed mobile devices can be protected via the GlobalProtect agent to secure all ports and protocols, protecting web and non-web traffic.
  • Unmanaged devices can use our agentless access for full protection.
  • Branch offices can seamlessly connect via IPSec.

By using the Cloud Secure Web Gateway capabilities available in Prisma Access, organizations can consolidate or eliminate the need for multi-vendor web proxy appliances to enjoy simplified management, lower costs, improved security, and a superior remote user experience. Learn how our Cloud Secure Web Gateway in Prisma Access can protect all of your users and applications, everywhere.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.