Remote Working Makes Web Security Vital

For many companies, the COVID-19 pandemic has forced a massive shift to remote working. It's now clear that many organizations plan to sustain a substantial amount of work-at-home indefinitely, or even permanently. As businesses see how productive remote work can be, some are deemphasizing bricks-and-mortar real estate by choice, not just necessity.

Accordingly, cybersecurity teams will need to systematically address the threats associated with a highly distributed workforce, including three issues related to their employees’ at-home interactions on the Internet: bad content, bad systems, and bad behavior. To manage those threats, organizations are increasingly turning to cloud-based web security gateways, which help protect employees wherever they are—and provide the scalability and flexibility to quickly adjust to future changes in working arrangements.

Multiple Web Problems, One Unified Solution

Bad content refers to malicious code hosted on web sites either mounted or corrupted by hackers. Remarkably, even after all the money that’s been lavished on safeguarding web sites and traffic, one-thirteenth of all web requests still lead to malware. Bad systems are software tools you don’t want people to use. Thom Bailey, Mimecast’s Senior Director, Product/Strategy, offers one common scenario: “Say you tell your employees to use a VPN from an approved supplier, but someone’s brother has given them another VPN of questionable origins, and they decide to use that one instead.” Finally, there’s bad behavior—and, says Bailey, that’s not just employees using gambling or porn sites on company time or equipment. It’s also people using unauthorized web-based email or file transfer services that seem too convenient to resist.

A secure web gateway can help you address all of this, by integrating crucial security functions such as URL filtering, malware protection, and data leak prevention, and simplifying the task of enforcing compliance with your Internet and acceptable use policies, wherever your people are connecting from. (You can learn more about the latest advances in secure web gateways at Mimecast’s Cyber Resilience Summit, taking place online June 23-24, 2020.)

The Advantages of a Cloud-Based Secure Web Gateway

Many early web security gateways were hardware appliances designed to be hosted on a customer’s premises. Now, however, cloud-based web gateway services have become more attractive for many organizations, because they're quick to deploy, easy to operate, and for all practical purposes infinitely scalable. Perhaps even more important in the current environment, cloud-based web security products are a natural fit for a distributed workforce.

In an uncertain world, it can be helpful to have a web security solution that can scale to serve more or fewer employees as needed, and deploy in hours or even minutes—without spending a fortune upfront, or risking delays in hardware deliveries associated with suddenly shaky supply chains disrupted by the pandemic. Cloud solutions also help address performance—so if you've been trying to get by with squeezing a legacy hardware appliance beyond its limits, you needn’t do that anymore.

Some cloud-based web security gateways radically simplify the administration of standard web access policies, configurations, accounts, roles, and permissions, through easy-to-use consoles. For many organizations, once you’re up-and-running, they’re set-and-forget. But if you do need to make changes, robust and regularly updated filters or templates should make that easy.

Advanced cloud-based SWGs are beginning to offer browser isolation, an approach that assumes all websites are dangerous unless proven otherwise, and prevents malicious code and other web-based security exploits from reaching your user’s endpoint or your network assets. It’s an important step towards the zero-trust environment many IT organizations are pursuing.

Integrating with Email and Other Security Systems

For many organizations, integrating web security gateways with other security products is important to ensure faster detection and response to threats. That starts with close integration between web and email security, since 99% of all threats come from either email or the web, and email often drives users to web threats. As Bailey notes, when web and email security are tightly integrated, important new use cases become possible. “If web goes red in an incident, email will also reflect a change in its status. If a laptop tries to visit casinogambling.com, email security can immediately recognize that something’s up, and place a hold on emails to or from that domain.”

Other integrations also matter. For example, APIs can make it easy to exchange information with SIEM and SOAR systems, so you can leverage real-time web security data more fully in reporting and analytics, and quickly recognize patterns you need to act on. Also, since blocking a web page associated with a phishing or spoofing attack is the perfect moment to educate your users, some cloud-based web security gateways can integrate relevant, just-in-time awareness training.

The Bottom Line

For many organizations, the shift to remote working may continue indefinitely, and perhaps even permanently. That means employees may be more vulnerable to web security threats that can endanger the entire organization. Cloud-based web security gateways help you systematically protect them wherever they go—with the performance, scalability, and flexibility you need, and often at lower cost than on-premises solutions.