On-Premises? Making the Case for Cloud SWG

Organizations today can no longer depend on building a network barrier with on-premises web proxies to monitor traffic. With a plethora of remote users and devices linking in from their own access points and with enterprise data traversing back-and-forth across public networks to cloud-based applications, organizations need a more secure approach to web access.

While organizations grapple with proxy-based architectures and complex network requirements, business innovation continues to live on. The adoption of SaaS applications, digitalization, and workforce transformation gives added pressure on IT teams to secure remote workers with the same level of protection as in-office employees. The goal? Govern this tension between business innovation and security, and construct a hardened chain of ‘zero trust’ from the end user to the enterprise. In this blog, I will make the case with four key reasons why companies should switch from traditional on-premise secure web gateway (SWG) solutions to a cloud-based SWG.

1. A Multilayered Zero-Trust Approach is More Secure

Cybercriminals today have reached an unprecedented level of sophistication when circumventing traditional SWG defenses. They can hide malware behind web pages and use dynamically generated URLs in phishing attacks to bypass traditional SWG database engines. Adversaries also use ‘cloaking’ techniques to capitalize on the fact that many traditional solutions rely on offline crawling to identify threats. And given the rise of zero-day phishing attacks, including those that leverage SaaS platforms, phishing kits, and sophisticated Man-in-the-Middle (MitM) techniques, SWGs must keep pace in order to remain resilient against modern cyberthreats.

Today’s cloud SWG solutions provide a package of interlocking security strategies that work with decentralized models of enterprise networking. As a full security-as-a-service layer–on a security service edge (SSE) architecture–they combine advanced URL filtering, SSL decryption, SaaS application control, DNS security, and threat detection and prevention, among others. With cloud-based SWGs, organizations can take full advantage of the complementary strengths of multiple security services within a zero trust framework.

2. Optimal User Experiences can Boost Productivity and Security

On-premises SWG appliances can also add significant latency and reduce performance of web-based applications and services, which lead to poor user experiences. When network latency impacts the user experience, workers will resort to turning off their virtual private networks (VPNs), which is a security dependency under an on-premises model. The moment an employee turns off their VPN, organizations lose visibility over internet traffic and risk exposure to cyberthreats.

A key benefit of cloud SWG is that they can improve the performance and availability of web-based applications and services. They can leverage the elastic scale and availability of hyper-scale public clouds with dedicated fibers to ensure the highest availability and resiliency. That’s why so many organizations are moving away from legacy on-premises SWG appliances to a more pervasive and always-on cloud SWG that guarantees high uptime and performance.

3. Centralized Operations will Increase Efficiencies and Reduce Costs

Many organizations struggle with the complexity of deploying, configuring, and maintaining multiple on-premise security appliances (i.e., SWG proxy, DLP, anti-virus, etc.). Cloud SWG solutions, on the other hand, are delivered as-a-service and can be configured and managed from a centralized console. Uniform management and enforcement of security policies not only helps organizations streamline operations, but reduce the risk of security breaches caused by misconfigurations and human error.

Another advantage of cloud SWG solutions is that they are entirely managed by the security vendor. The cloud provider is responsible for maintaining and updating the infrastructure, which means that companies can focus on their core business activities. With on-premises proxy-based solutions, companies need to invest in and maintain the hardware, software, and other infrastructure required to support the solution. Cloud SWG solutions, on the other hand, eliminates the need for companies to invest in costly maintenance.

4. Cloud-based Solutions can Enable Workforce Transformation

As organizations adopt more enterprise applications and the internet becomes a key tenet of workforce productivity, backhauling all remote and branch traffic to an on-premise SWG becomes untenable. With cloud SWG, mobile users and remote sites can securely access all internet and business-critical applications, whether those apps are hosted in corporate data centers, public cloud(s), or are SaaS-based. One of the key benefits of a cloud-based SWG is that they allow organizations to support modern workforce transformation that empower employees to work from anywhere, securely.

As more companies shift to cloud-based services and adopt remote workforce models, traditional on-premises solutions for securing web access are becoming less effective. A cloud SWG solution can help organizations improve their security posture, increase performance and availability of web-based applications and services, provide more flexible and scalable protection for remote and mobile users, and reduce the growing cost and complexity of on-premise appliances. For these reasons, and more, it is recommended that companies switch to a cloud SWG solution from an on-premises solution.

Prisma Access, by Palo Alto Networks, is a security service edge (SSE) solution that delivers best-in-class Cloud SWG by coordinating intelligence across all attack vectors to stop exploits and unknown threats, including malware, fileless attacks, phishing and malicious URLs, as well as DNS-based attacks. Even organizations with proxy-based architectures can easily transition to Prisma Access with minimal networking changes to operationalize next-generation internet security. To learn about Prisma Access Cloud SWG, visit our webpage or contact your Palo Alto Networks representative.