Since the development of the Internet, organizations have struggled to find a way to gain some form of control and visibility over traffic in the corporate network. With the emergence of Secure Web Gateways (SWGs), proxies that sit between the Internet and the edge of a network, came the ability to control employees’ access and use of internet sites and applications based on corporate compliance policies. SWGs use a combination of URL filtering, malware detection and application-level controls to protect employee devices from potential threats and limit access to pre-approved destinations. As mobile devices developed and gained popularity, also came the development of Secure Mobile Gateways (SMGs) which extended these controls and protections to smartphones and tablets. However, despite these solutions, SWGs have a number of drawbacks and user experience issues that many employees may not even be aware of but can seriously inhibit their usage and experience of mobile devices. Pushing user data through networks that the user and often the SWG solution providers themselves do not own, can open up the data to a number of risks and vulnerabilities. The use of perimeter gateways like proxies and VPNs can cause network congestion and slow down browsing speeds, while requiring traffic to pass through an external gateway can cause serious privacy issues if all employee device activity is made visible to the company.
Is there a way to avail of the features and protections of a SWG without risking the financial, reputational, productivity, and user experience consequences of these drawbacks? Corrata believes there is.
What is a Secure Web Gateway and how does it work?
A gateway serves as the entry and exit point of a network. Usually implemented on the network boundaries, all data communication routed inward or outward of the network must first pass through and gain approval from the gateway. Secure Web Gateways have been used for years by enterprises on desktops and devices in the corporate environment to restrict employees from accessing inappropriate or malicious web traffic, to protect from malware infection and to ensure compliance with corporate regulatory policies. Secure Web Gateways and by extension, Secure Mobile Gateways (SMGs), typically use a combination of features including URL filtering, application level control, data leakage protection and malware code detection. SMGs have become even more important to enterprises as the use of mobile devices for work, as well as personal business, has and continues to increase rapidly. They are extremely useful for securing devices from phishing, spam and malicious network traffic, information leaks, and unapproved content such as gambling or adult materials. SMGs can also be used by organizations to monitor and gain insights into corporate data usage and employee productivity, an increasingly important tool when managing enterprise costs. SWGs have gained popularity among organizations as they offer a level of security that is a step up from traditional firewalls and anti-virus solutions typically offered to corporate devices. By monitoring and controlling the boundary of the network and exactly what traffic the device can and cannot interact with, a SWG allows any possible threats to be detected and blocked before they even reach the device. As technology and enterprise mobility continues to develop, the need for the control, protection, and visibility offered by SWGs is only going to increase. However despite their uses, SWGs have a number of drawbacks that have created a gap in the protection of corporate devices.
The first major drawback to using a SWG to monitor device traffic is the congestion and time delays that can result from routing all data, both internal and external, through a central gateway. SWGs work best in environments where SSL traffic from remote servers is backhauled to a central location to take advantage of centralized network security tools, like gateways. However, backhauling and directing traffic like this can cause bottlenecks and major congestion within the network leading to delays in internet speeds, downloads and general user experience of the device. In addition to this, mobile service providers, due to the way they were forced to architect their services years ago, must now act as Internet Service Providers (ISPs) by creating a ‘tunnel’ to the Internet for users. The problem here is that most mobile service providers are not experienced ISP’s and therefore do not have the network tools available to them to provide users with a native ISP service. This can result in unreliable internet connectivity, latency, and incompatibilities with other services that may be impacted by the traffic routing or proxy requirements of SWGs. Many employees today rely on their mobile device and access to the internet to do their jobs so slow loading speeds could have a serious negative impact on productivity, as well as the general annoyance and displeasure associated with poor device performance.
The second major drawback of using a SMG or SWG to protect and control an employee device is its effect on employee privacy. By routing internet traffic through a gateway, all information relating to individual device activity is recorded and reported to the enterprise after passing through a number of networks and cloud hosting servers, often provided by unrelated third parties. This routing of employee internet browsing, download and app activity through unknown networks and making it visible to the company can have serious privacy and confidentiality implications for the organization. Generally employees will expect and understand that activity on company-owned devices such as desktops or laptops may be monitored while in the corporate network, however this understanding starts to blur when it comes to mobile devices. In most companies, employees use the same device for personal as well as professional business and therefore, will not be as accepting of monitors and controls on their activity. This invasion of employee privacy could also have legal consequences as privacy and data protection regulations get more stringent around the world. In Europe, GDPR legislation was introduced in May 2018 which has now had a huge impact on how companies can collect, process and store employee and customer data. Failure to comply with these new restrictions could have serious financial and reputational consequences for organizations both inside and outside of the EU.
Many employees with SWG or SMG solutions installed on their devices are often unaware of the realities of routing their traffic through a gateway. No one wants IP traffic to have to be pulled through multiple networks around the world, compromising employee privacy and productivity in order to control mobility and cyber threats, however for the providers of these gateway-based solutions this has seemed the only option and a price that must be paid. But for Corrata, this is not the case. We have solved the gateway problem and using our patented technology have distributed these security and compliance features to the end user device, eliminating all negative user impact while providing protections and controls that are class-leading.
Corrata’s Zero Gateway solution
Corrata understands that the ability to control and monitor employee device, particularly mobile device, usage is essential not just from a security perspective but also from a data control and cost control perspective. We recognised that the features of existing SWG solutions; URL filtering, data loss protection and malware detection, are extremely important to enterprises, however their drawbacks were having a negative effect on overall user experience. In response, Corrata developed mobile threat defense and data control solutions using our unique ‘Zero-Gateway’ architecture. Using this software, Corrata’s solution operates only on the device so mobile traffic is never re-routed through a gateway or external network. Without the requirement for a gateway, the solution can provide all of the functionality of SWGs without collecting any information on individual device usage and ensures user experience is never compromised. The Mobile Threat Defense solution detects and blocks any potential malware or phishing threats before they reach the device and can also protect against threats from insecure Wi-Fi, CnC servers and unofficial app stores. It also allows the company to enforce corporate policies relating to usage and appropriate browsing. The Data Control solution gives organizations the ability to manage and control data usage to reduce costs and risks of bill shock events. By using the ‘Zero Gateway’ architecture, there is no need to collect any information relating to individual browsing history, download or app usage meaning employee privacy is never compromised. Analysis of data on-device means that sensitive or identifying details of individual activity is never logged, supporting the GDPR principle of proportionality. The lack of a gateway and processing all data on-device also means that traffic cannot get congested which improves the overall functionality and user experience of the employee device.
With Corrata, enterprises can get all of the security and control benefits of a Secure Web Gateway without the user experience drawbacks – a win-win for both the company and the employees.
To find out more about Corrata’s Zero Gateway solution and how we can help you secure and manage your mobile devices, visit www.corrata.com or email us at firstname.lastname@example.org.