I'm frequently asked whether Secure Web Gateways (SWGs) and Cloud Access Security Brokers (CASBs) compete. After all, they're both proxies, they both offer data & threat protection, they're both cloud-based (some SWGs), and both are gradually replacing firewalls in a lot of enterprise environments. Sounds similar, so they must be competitive, right? Actually, they serve as complements for two very different use cases.
As cloud-based SWG vendors add more capabilities, they are starting to look more and more promising as a direct replacement for a firewall. By that, I mean that for the same use case (network/perimeter protection), you can use either a firewall or cloud-SWG - they are simply delivering network security services via the cloud (in Bitglass’ case, our SmartEdge SWG is a bit different and deploys locally on each user’s device - but you can read more about that approach and its benefits here).
What's different about CASB is that CASBs come into play for a different use case, one that makes the firewall (and any notion of perimeter protection) obsolete. As a pre-requisite for protection, both SWGs and the firewalls require traffic to transit through them. They are deployed either on the corporate network, or as a cloud-based extension of the corporate network.
When an outside user connects to a cloud app, that traffic doesn't transit through the corporate network, which is what lead to the rise of CASBs, which are architected for exactly this "beyond the firewall" scenario. Every % increase in the amount of off-network cloud traffic translates into a CASB gain at the expense of the FW.
In short, SWGs and CASBs are both taking share from NGFWs, and both may be necessary in your enterprise.