We’ve established before that cloud access security brokers (CASBs) and secure web gateways (SWGs) do not compete and are, in fact, complementary security tools. However, in addition to this, there is overlap between the two which (along with other factors) is leading to their convergence.
In general, organizations use CASBs to secure managed software-as-a-service (SaaS) applications and infrastructure-as-a-service (IaaS) environments. SWGs are primarily used to secure and manage web access, as well as control the use of unmanaged SaaS apps, also known as shadow IT. The goals of both are to monitor and secure the flow of traffic to protect users and data in environments that the organization does not own or have complete control over — like a home office, the web, or the public cloud.
So what does this shared goal mean for the future of CASBs and SWGs? Instead of competing, CASBs and SWGs will converge, and are actually doing so already.
While the market had been moving in this direction for some time, last year’s global shift to remote work and heightened emphasis on digital transformation brought reality into sharp focus: most work is being done off premises, on the web and within cloud apps — not in physical offices. Consequently, companies have continued to accelerate the offloading of on-premises data and processes into public and private clouds.
Naturally, this shift calls for a change in the IT resources used to support this new style of operations. In short, the move to the cloud and the embracing of remote work means that legacy, on-premises security tools are no longer sufficient. The moat remains in place, but the castle and its inhabitants have gone elsewhere.
As work moves to the web and the cloud, defenses should follow. CASBs and modern SWGs do exactly that — protect users and data off premises. The convergence of these two solutions, along with the de-emphasis of on-location network security, has contributed to the rise of secure access service edge (SASE).
A SASE offering is a platform that integrates technologies like CASB and SWG so that organizations can extend consistent security to all interactions across the IT ecosystem. Instead of physical appliances sitting at a central location, SASE leverages smart endpoint agents, the edge, and public cloud technologies to support a distributed workforce using a heterogeneous mix of devices.
Of course, there are some assets that will stay on-premises and, as a result, hybrid architectures will remain. Luckily, SASE has a solution for that, too. Zero trust network access (ZTNA), another key SASE component, secures remote access to specific resources on the network based on a user's access context, without having to rely on unscalable hardware appliances like traditional VPNs.
Organizations have much to gain from the convergence of SWG, CASB, and ZTNA into SASE offerings. Rather than grappling with disparate technologies, enterprises can get unified and consistent visibility and control across the entire IT ecosystem, resulting in better overall security. Simplicity through the reduction of solution sprawl is another benefit. Finally, overseeing tightly integrated solutions through a single dashboard translates to consolidated ease of management and, as a result, time and cost savings.
Bitglass' Total Cloud Security Platform is designed to provide data and threat protection for any interaction between devices, apps, on-prem resources, web destinations, or infrastructure. From a single console, you can configure policies that deliver consistent security wherever data goes. Bitglass' SASE integrates CASB, SWG, ZTNA, DLP, ATP, RBI, IdaaS functionality like SSO and MFA, and even more.
To learn more about our solutions, download the SASE with Bitglass technical brief below.