This is a series of articles focused on Next Gen SWG use cases. This is the final in a series of six use cases.
In my recent blog about advanced data protection, I covered how data protection requirements have evolved and how the SWG (secure web gateway) needs to also evolve to be effective in protecting data everywhere it goes. The final use case is centered around protecting users that are going direct-to-internet. This is arguably the most important use case I am covering in this blog series. We are at an inflection point where digital transformation, the explosion of cloud apps, and the dramatic rise in mobile workers are rendering the traditional “traffic backhauling” approach ineffective at providing fast and secure access to internet resources.
It is still common today to backhaul traffic from remote workers and branch offices over expensive MPLS circuits through security appliances located in the data center and then to a cloud or web destination. The obvious intent is to enable branch offices and remote workers to take advantage of the stack of security appliances that are physically located in the data center. There are four core challenges with this legacy approach.
First, it is very expensive, as you are relying on high-cost MPLS circuits. Second, the user experience suffers because the hub-and-spoke architecture is adding additional latency, impacting user response time and there is typically a VPN connection that needs to be performed for remote workers. Third, the load at the data center is increased. Furthermore, in today’s remote worker dominated world, this is obviously top of mind as users need to be protected as they access the cloud and web while working out of their home office. The recent rise of remote workers is putting a strain on legacy remote access architectures and COVID-19 is amplifying the limitations of old school hub-and-spoke architectures. Last, but certainly not least the security stack sitting in the data center, whether it is a NGFW or SWG, is most likely not built to adequately protect against today’s cloud-enabled threats.
A more modern approach is to deploy a Next Gen SWG, like Netskope’s off