Comparing Secure Web Gateway Architectures
Secure web gateways come in a few varieties, each with its own benefits and drawbacks. Download this technical brief to learn what you need to know when deciding which SWG to deploy in your organization.
Two trends have driven a change how SWGs are deployed and architected:
-
Enterprises are rearchitecting their WANs so that web traffic from remote offices flows directly to the Internet instead of backhauling over expensive links;
-
Increasingly remote and mobile users that operate outside of traditional perimeters
One approach is to use cloud proxies. This option decrypts and inspects traffic via a proxy that is delivered through a cloud infrastructure; often designed as a private cloud deployment. It eliminates the use of costly appliances and removes the dependency on VPNs. However, this approach still creates an extra hop that creates latency and often becomes its own bottleneck.
The second approach places the functionality onto the end device. On-device SWGs decrypt and inspects traffic locally on each device, forgoing the need for on-premises appliances, VPNs, network hops, and cloud proxies. This approach ensures enhanced performance, scalability, cost savings, and user experience. Some implementations serve as certificate authority and provides secure key management on each endpoint to prevent man-in-the-middle attacks.
