This post was originally published here by Rich Campagna.
I’m frequently asked whether Secure Web Gateways (SWGs) and Cloud Access Security Brokers (CASBs) compete. After all, they’re both proxies, they both offer data & threat protection, they’re both cloud-based (some SWGs), and both are gradually replacing firewalls in a lot of enterprise environments. Sounds similar, so they must be competitive, right? Actually, they serve as complements for two very different use cases.
As cloud-based SWG vendors add more capabilities, they are starting to look more and more promising as a direct replacement for a firewall. By that, I mean that for the same use case (network/perimeter protection), you can use either a firewall or cloud-SWG – they are simply delivering network security services via the cloud.
What’s different about CASB is that CASBs come into play for a different use case, one that makes the firewall (and any notion of perimeter protection) obsolete. As a pre-requisite for protection, both SWGs and the firewalls require traffic to transit through them. They are deployed either on the corporate network, or as a cloud-based extension of the corporate network.
When an outside user connects to a cloud app, that traffic doesn’t transit through the corporate network, which is what lead to the rise of CASBs, which are architected for exactly this “beyond the firewall” scenario. Every % increase in the amount of off-network cloud traffic translates into a CASB gain at the expense of the SWG/FW.
Gartner offers a well written research note, CASB Is A Market, Not A Feature, explaining this topic in further detail.
In short, SWGs and CASBs are both taking share from NGFWs, and both may be necessary in your enterprise.
Test drive the Bitglass Next-Gen CASB:
Photo:edX