Break Free from Appliance-Based Secure Web Gateway (SWG)

Zscaler Blog

Break Free from Appliance-Based Secure Web Gateway (SWG)

The way we work today is vastly different from a few years ago. McKinsey & Company's State of Organization 2023report identified that before the COVID-19 pandemic, most organizations expected employees to spend more than 80% of their time in-office. But as of 2023, says the report, 90% of employees have embraced hybrid models, allowing them to work from home or other locations some (if not most) of the time.

On a similar note, applications previously hosted in on-premises data centers are increasingly moving to the cloud. Gartner predictedthat SaaS application spending would grow 17.9% to total $197 billion in 2023.

With employees and apps both migrating off-premises, security controls logically must do the same. It's no exaggeration to state that cloud and mobility have broken the legacy way of approaching security-so why should the castle-and-moat security approach, heavily reliant on hardware such as appliance-based proxies/SWGs, still exist?

Users need fast, reliable, secure connectivity to the internet and cloud apps, with the flexibility to connect and work from anywhere. However, traditional SWGs have certain limitations, leading to security challenges, poor user experience, constant maintenance, and scalability issues.

Let's take a look at why it's time to break free from appliance-based SWG.

Security challenges

In December 2013, the Google Transparency Report showed just 48% of World Wide Web traffic was encrypted. Today, the same report shows at least 95% of traffic is encrypted. So, it's no surprise that the Zscaler ThreatLabz 2023 State of Encrypted Attacksreport showed 85.9% of threats-malware payloads, phishing scams, ad spyware sites, sensitive data leaks, and more-are now delivered over encrypted channels. While most organizations have some form of protection against malware, attackers are evolving their techniques, creating new variants able to bypass reputation-based detection technologies.

As threat actors increasingly rely on encrypted channels, it's more crucial than ever to inspect 100% of TLS/SSL traffic. This is the biggest way appliance-based proxies weigh down organizations: most SWG appliances lack the capacity to perform 100% inspection.

Our 2023 State of Encrypted Attacks report surveyed 284 IT, security, and networking professionals and found that they mainly use legacy tools like web application firewalls and network-layer firewalls to scan traffic. However, respondents agreed that complexity, cost, and performance degradation are the biggest barriers to inspecting all TLS/SSL traffic. Furthermore, certain regulations require different policies for distinct data types, making inspection an arduous task.

Poor user experience

Compared to only a few years ago, the meaning of "fast" is very different for today's internet users. Instant access and connectivity has become the norm at home. Employees juxtapose the great digital experience in their personal lives with poor connectivity and performance issues that plague their digital work lives.

Appliance-based SWGs are among the main culprits of poor user experience because they can't scale quickly to handle traffic surges, and they require traffic to be backhauled to a central data center, leading to high latency and lost productivity for users trying to access the internet or SaaS applications. And all this inevitably affects revenue.

Maintenance and scalability issues

Apart from complexity and tedious management, other challenges of appliance-based SWGs are maintenance and scalability issues. To account for traffic surges and future growth, security teams are forced to overprovision, leading to expensive appliances sitting unused. At other times, they may need to wait multiple months for appliances/upgrades to arrive. With appliance-based SWG, security teams are always spread too thin, having to constantly update SWGs to account for changes to the organization and/or the threat landscape.

The Zscaler difference

Overcome the limitations of appliance-based SWG with Zscaler.

Better security:Inspect 100% of TLS/SSL traffic to find and stop threats-86% of which are delivered over encrypted channels.

Better user experience:Stop backhauling internet/SaaS traffic with AI-powered Zscaler SWG, delivered from 150+ points of presence worldwide-close to your users and their cloud destinations for lower latency.

No hardware to maintain:Move to a cloud native proxy architecture and eliminate the hardware headaches of maintenance, updates, patches, and upgrades.

Platform approach:Extend comprehensive security functions, such as cloud firewall, sandbox, CASB, and data loss prevention, as well as end-to-end experience monitoring from a single unified platform and agent.

If you'd like to know more about the reasons to break free from appliance-based proxies, check out this on-demand webinar.

Explore more Zscaler blogs

Get the latest Zscaler blog updates in your inbox