Solving the Mobile Gateway Problem
No more undermining the privacy and productivity of your employees thanks to a zero gateway solution
Since the development of the Internet, organizations have struggled to gain control and visibility over corporate network traffic. With the emergence of Secure Web Gateways (SWGs), proxies that sit between the Internet and the edge of a network, came the ability to control employees’ access and use of internet sites and applications based on corporate compliance policies. SWGs use a combination of URL filtering, malware detection and application-level controls to protect employee devices from potential threats and limit access to pre-approved destinations. As mobile devices developed and gained popularity, also came the development of Secure Mobile Gateways (SMGs). These gateways then extended their controls and protections to smartphones and tablets.
However, despite these solutions, SWGs have a number of drawbacks and user experience issues. Many employees may not even be aware of these issues that can seriously inhibit their mobile usage and experience. Pushing user data through networks that the user and often the SWG solution providers themselves do not own, can open up the data to a number of risks and vulnerabilities. The use of perimeter gateways like proxies and VPNs can cause network congestion and slow down browsing speeds. Requiring traffic to pass through an external gateway can cause serious privacy issues if the company can see all employee device activity.
Is there a way to avail of the features and protections of a SWG without risking the financial, reputational, productivity, and user experience consequences of these drawbacks? Corrata believes there is.
What is a Secure Web Gateway and how does it work?
A gateway serves as the entry and exit point of a network. Usually implemented on the network boundaries, all data communication routed inward or outward of the network must first pass through and gain approval from the gateway. Secure Web Gateways have been used for years by enterprises on desktops and devices in the corporate environment to restrict employees from accessing inappropriate or malicious web traffic, to protect from malware infection and to ensure compliance with corporate regulatory policies.
Secure Web Gateways and by extension, Secure Mobile Gateways (SMGs), typically use a combination of features including URL filtering, application level control, data leakage protection and malware code detection. SMGs have become even more important to enterprises. The use of mobile devices for work, as well as personal business, has and continues to increase rapidly. They are extremely useful for securing devices from phishing, spam and malicious network traffic. They also protect against information leaks and block unapproved content such as gambling or adult materials.
Organisations can use SMGs to monitor and gain insights into corporate data usage and employee productivity. This is an increasingly important tool when managing enterprise costs. SWGs have gained popularity among organizations as they offer a level of security that is a step up from traditional firewalls and anti-virus solutions typically offered to corporate devices. By monitoring and controlling the boundary of the network and exactly what traffic the device can and cannot interact with, a SWG can detect and block any possible threats before they even reach the device. Technology and enterprise mobility continues to develop. Therefore, the need for the control, protection, and visibility offered by SWGs is only going to increase. However despite their uses, SWGs have a number of drawbacks that have created a gap in corporate device protection.
Drawback 1: Congestion and Time Delays
The first major drawback to using a SWG to monitor device traffic is congestion and time delays. These result from routing all data, both internal and external, through a central gateway. SWGs work best in environments where SSL traffic from remote servers is backhauled to a central location to take advantage of centralized network security tools, like gateways. However, backhauling and directing traffic like this can cause bottlenecks and major congestion within the network. This leads to delays in internet speeds, downloads and general user experience of the device.
In addition to this, mobile service providers, due to the way they were forced to architect their services years ago, must now act as Internet Service Providers (ISPs) by creating a ‘tunnel’ to the Internet for users. The problem here is that most mobile service providers are not experienced ISP’s. Therefore, they do not have the network tools available to them to provide users with a native ISP service. This can result in unreliable internet connectivity, latency, and incompatibilities with other services that may be impacted by the traffic routing or proxy requirements of SWGs. Many employees today rely on their mobile device and access to the internet to do their jobs. So, slow loading speeds could have a serious negative impact on productivity. As well as this is the general annoyance and displeasure associated with poor device performance.
Drawback 2: Impacting Employee Privacy
The second major drawback of using a SMG or SWG is its effect on employee privacy. By routing internet traffic through a gateway, all information relating to individual device activity is recorded and reported to the enterprise after passing through a number of networks and cloud hosting servers, often provided by unrelated third parties. This routing of employee internet browsing, downloads and app activity through unknown networks and making it visible to the company can have serious privacy and confidentiality implications for the organization. Generally, employees will expect and understand that managers may monitor activity on company-owned devices such as desktops or laptops. However, this understanding starts to blur when it comes to mobile devices.
In most companies, employees use the same device for personal as well as professional business. Therefore, they will not be as accepting of activity monitors and controls. This invasion of employee privacy could also have legal consequences as data protection regulations get more stringent around the world. Europe introduced GDPR legislation in May 2018. This has had a huge impact on how companies can collect, process and store employee and customer data. Failure to comply with these new restrictions could have serious financial and reputational consequences for organizations both inside and outside of the EU.
Many employees with SWG or SMG solutions installed on their devices are often unaware of gateway traffic. No one wants IP traffic passing through multiple networks around the world, compromising employee privacy and productivity in order to control mobility and cyber threats. However, gateway-based solution providers have thought that this was the only option. But for Corrata, this is not the case. We have solved the gateway problem with our patented technology. We have distributed these security and compliance features to the end user device. This eliminates all negative user impact while providing protections and controls that are class-leading.
Corrata’s Zero Gateway solution
Corrata understands how to control and monitor employee devices in a non intrusive manner. Mobile device usage is essential not just for security but also from a data and cost control perspective. We recognised that the features of existing SWG solutions; URL filtering, data loss protection and malware detection, are extremely important to enterprises. However, their drawbacks were having a negative effect on overall user experience. In response, Corrata developed mobile threat defense and data control solutions using our unique ‘Zero-Gateway’ architecture. Using this software, Corrata’s solution operates only on the device. This means that mobile traffic is never re-routed through a gateway or external network. Without the requirement for a gateway, the solution can provide all of the functionality of SWGs without collecting any information on individual device usage or compromising user experience.
Mobile Threat Defense
The Mobile Threat Defense solution detects and blocks any potential malware or phishing threats before they reach the device. It also protects against threats from insecure Wi-Fi, CnC servers and unofficial app stores. It also allows the company to enforce corporate policies relating to usage and appropriate browsing. Our solution gives organizations the ability to control data usage to reduce costs and the risk of bill shock.
Corrata is GDPR Compliant
By using the ‘Zero Gateway’ architecture, there is no need to collect any information like browsing history, downloads or app usage. As a result, employee privacy is never compromised. Analysis of data on-device means that our software will never record sensitive or identifying details of individual activity. This supports the GDPR principle of proportionality. The lack of a gateway and processing all data on-device also means that traffic cannot get congested. This in turn improves the overall functionality and user experience of the employee device.
With Corrata, enterprises can get all of the security and control benefits of a Secure Web Gateway. However, they don’t have to deal with any user experience drawbacks – a win-win for both the company and the employees.