Securing Remote Work pt 1: Web Traffic, SWG, & a Smarter Digital Edge

Close-up of human hand holding key. Idea concept

Enterprises are embracing digital transformation and moving their applications and data to the cloud. This is accelerated by today’s expansion of the remote workforce. Despite the obvious benefits of embracing a modern cloud environment, many organizations still hang on to their legacy security practices – secure web gateways (SWG) are no exception. 


Originally created to inspect and protect all types of web traffic, SWG proxy architectures were developed for an on-premises world when data resided in the corporate datacentre behind a firewall or at the branch office. 

First-generation SWG technologies combined inelastic appliances and simple traffic forwarding agents to handle the bulk of cloud data and traffic. The downside is they cause latency, management overhead, upgrade challenges, and don’t scale to meet the dynamic requirements of a cloud environment where users and data can be anywhere, and workloads are constantly shifting. Legacy VPN architectures where remote worker data is backhauled only adds complexity, latency, and cost. 

Taking advantage of the cost efficiency and productivity of cloud services requires a new approach to securing web traffic. In a world where data is completely distributed and workers are often remote, protecting user access to apps and data on the device is not only more economical, it provides better security. Once access is compromised and data leaves the cloud through a user’s account, the data is gone  forever. For that reason, moving traditional network security features such as URL filtering, threat protection, and SSL decryption and inspection closer to the user makes more sense in cloud environments. 

With the Bitglass SmartEdge Secure Web Gateway, users endpoints are equipped with their own on-device SWGs. Using an elastic cloud architecture, intelligent endpoint agents inspect traffic without the latency caused by the need to backhaul to aggregation POPs in a private cloud or on-premise. What’s more, without appliances to manage and upgrade, overhead maintenance costs are reduced, and user privacy is maintained. Extending the perimeter to the endpoint results is greater security and more agile IT workflows. 

For example, using the SmartEdge SWG, IT can enforce security policies on remote worker devices dynamically. Access to risky web content can be denied or approved depending on categories, such as gambling sites or ones that could include malware, or while tailoring acceptable use policies to particular internal departments – such as finance or human resources (figure 1) and deliver a customized blocking page (figure 2). 

Figure 1. Bitglass SmartEdge SWG URL Filtering by Website Category 


Figure 2. Bitglass SmartEdge Blocking Page User Alert. 

Screen Shot 2020-04-21 at 2.57.40 PM

The most secure approach to protecting today’s enterprise data is to combine inline CASB (cloud access security broker) for SaaS traffic with a modern SWG built for the cloud. A secure access service edge (SASE) platform that leverages the best of both worlds gives enterprises comprehensive security for any app or traffic running on any type of device and over any network – at scale. 

Let’s stop trying to remold older legacy approaches to fit a new cloud-first reality and start getting smarter at the digital edge. 

Engage any of our worldwide cloud specialists to learn how the most innovative organizations in your industry are using Bitglass to fast track their digital transformation 

Want to learn more about how Bitglass can help your organization and its remote workers stay safe in today’s trying times? Download the white paper below. You can also request a free trial of Bitglass’ solution.

Enabling Zero Trust Remote Work

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Jonathan Andresen. Read the original post at: