This option decrypts and inspects traffic via a proxy that is delivered through a cloud infrastructure; often designed as a private cloud deployment. It eliminates the use of costly appliances and removes the dependency on VPNs. However, this approach comes with its own set of challenges.
By pushing decryption and inspection to the edge (to users’ devices themselves), an on-device architecture does not introduce network-based latency; it also forgoes the use of appliances and VPNs while eliminating the scale limitations of cloud proxies. This saves money, ensures enhanced performance, and provides far greater scalability without limiting user privacy. Additionally, on-device SWGs automatically manage the creation, storage, and revocation of certificates on each device. This prevents man-in-the-middle attacks and saves time for admins who would otherwise have to manage certificates manually.