If it’s not clear yet, elastic cloud gateways are a major focus of ESG’s network security research. I discussed the idea in a previous blog…and video…and second video. As a refresher, ECGs are multi-channel, multi-mode, cloud-delivered security gateways built on a globally distributed, cloud-native microservices platform. ECGs automatically scale to provide end-user access and threat prevention to a range of cloud services, with tightly integrated data loss prevention (DLP) capabilities utilizing a centralized control plane and scalable data plane to arbitrate access and inspect content.
Why does this concept deserve so much attention? Because it represents a necessary and logical evolution in securing modern hybrid and multi-cloud environments to improve performance and quality of service, maintain and enforce consistent policies, and improve visibility over the entirety of the corporate network. I’ll be drilling down on the different aspects of the ECG architecture via blog over the coming weeks, with today’s focused being on multi-channel capabilities.
Essentially, multi-channel indicates the integration of security functionality to provide deep visibility and control over a broader range of network traffic. ECGs represent an extensible architecture, meaning specific functionality could vary from one solution to the next. However, ESG believes the initial focus will be the integration of secure web gateway (SWG), CASB, and DLP capabilities. SWGs have evolved significantly over the last decade from a basic web firewall to more advanced threat prevention platform. However, the introduction of CASBs addressed the fundamental shift from employees accessing fairly static webpages to dynamic and incredibly complex cloud application ecosystems.
CASBs provide a deep understanding of cloud applications that SWGs simply don’t have. Yet there is overlap and consolidating policy and threat detection creates a more efficient management model. Further, CASBs have focused specifically on data protection to control sensitive information flowing to and through cloud applications. SWGs often have at least basic DLP capabilities as well, to say nothing of the broader enterprise DLP deployments many organizations have invested in. These siloed DLP technologies create management inefficiencies and through inconsistent policy have the potential to lead to gaps in coverage. By converging SWG, CASB and DLP, an organization can realize operational efficiencies, improve visibility, and increase security efficacy.
As mentioned previously, the extensible nature of ECGs allows for the coverage of additional channels: zero-trust access for both cloud and on-premises application access; DNS protection for additional web threat coverage; and even network security functionality for broader traffic visibility and control. There are a number of potential capabilities, but the cloud-native, microservices-based design of ECGs enables the architecture to support additional functionality at scale. More on that part of the story coming soon.