Resources > Security Terms Glossary > What is Cloud Security Gateway

What Is a Cloud Security Gateway?

What is a cloud security gateway?

According to Gartner, a cloud security gateway is a cloud-delivered solution that filters malware from user-initiated internet traffic to prevent it from infecting user devices and compromising an organization’s network. By sitting between users and their internet destinations, it also enforces corporate and regulatory policies. What makes a cloud security gateway differ from legacy secure web gateways is that the complete security stack is delivered as a service—all the filtering and inspection and policy enforcement happens in the cloud, so there is no need for physical appliances.

By moving security out of data centers and regional gateways to a globally distributed cloud, cloud security gateways bring services close to the user for a fast, seamless experience without traffic backhauling over slow, expensive private networks. Moreover, with a cloud security gateway, organizations can easily scale protection to all mobile users and all offices via local internet breakouts, thereby simplifying their network and security infrastructures.


Why the shift to cloud security gateway?

The traditional security perimeter is broken. When applications in an enterprise data center were the center of everything, it made sense to direct all enterprise traffic to the data center over a hub-and-spoke network. Even as more traffic was headed for the internet and threats got more complex, you could still protect your perimeter and users with stacks of gateway appliances. However, applications and services have moved to the cloud for good. Users have left the network, too, working from home, on the road, just about anywhere, so their traffic goes straight to their cloud apps over the internet, bypassing the network perimeter and appliances altogether. The result is that the network where business takes place is now, simply, the internet. The move to cloud and work from anywhere is great for building an agile, digital business, but it has broken the traditional network security model.

Despite massive appliance investments, many organizations continue to struggle with providing consistent security—all you have to do is read about the latest breaches to know that’s true. Even when safely browsing trusted websites, users continue to fall victim to a host of internet-based threats. With the rise of SSL-encrypted traffic, which is a frequent hiding place for malware, zero-day threats, botnets, and other attacks, security now requires a fully integrated approach that inspects all traffic, including SSL. Hardware appliances, due to their limited capacities, often ignore “trusted” content from CDMs and allow SSL traffic to pass uninspected. Additionally, multiple appliances that are service-chained together are unable to share and correlate threat intelligence at the speed needed to properly respond to developing threats. All of these issues limit an organization’s visibility and curb its ability to prevent attacks. 


What are the benefits of a cloud security gateway?

A cloud security gateway delivers the complete security stack as a service, with in-depth protection against malware, advanced threats, phishing, browser exploits, malicious URLs, botnets, and more. A true cloud-native security gateway is a shift from traditional appliance models and offers a range of benefits:


Modernized security 

  • Provides secure, direct-to-cloud connections for all offices and users, eliminating appliances and reducing reliance on costly WAN infrastructure
  • Delivers the entire outbound gateway security stack as a service from the cloud with always-on security whenever, wherever users connect
  • Elastically scales your capacity requirements as traffic demands increase—no more hardware capacity limitations
  • Integrates services in a single platform, including secure web gateway, URL filtering, next-gen firewall, intrusion prevention, antivirus, data loss prevention, sandbox, CASB, and more

Faster user experience

  • Enables every user to connect directly to the internet with all security enforced in the cloud—no backhauling across hub-and-spoke architectures for inspection
  • Distributes all services cloud-wide to provide fast, local connections for users everywhere
  • Easily scales to handle the bandwidth demands of cloud applications and latency-sensitive apps, such as Microsoft Teams and Zoom

Unified policies and reporting

  • Policies follow users wherever they connect so they get consistent security and access controls from day one 
  • Uses one console to enforce a unified user or group policy across the entire security stack
  • Provides real-time reporting and centralized analytics that improve threat context and visibility across all users
By not backhauling our traffic, but directly using the internet, we expect we can drive down costs by 70%.
Frederik Janssen, VP Global IT Infrastructure Portfolio, SIEMENS

Where to get started with a cloud security gateway

Your organization should look for a completely cloud-native security solution. Many vendors claim to be designed for the cloud; however, they often rely heavily on VM instances housed in public cloud services. The problem is that VMs have the same limitations as their hardware counterparts in the data center, requiring you to spin up new VMs as bandwidth needs increase. Furthermore, a fast user experience requires services to be as close to users as possible—at the “edge” of the network—so that traffic doesn’t have to travel far to reach its destination. With a public cloud service, you have no control over where your security is housed, so your users’ traffic may have to traverse quite a distance for inspection on its way to and from cloud destinations.

With Zscaler, there is no hardware to deploy or manage and services are provided based on users, not usage, so you never have to worry about capacity. By simply making Zscaler your next hop to the internet, you’ll immediately enjoy increased security and compliance and your users will appreciate a faster experience as they access applications and services in the cloud. 

Zscaler built and operates the world’s largest security platform for the cloud. It is based on the secure access service edge SASE framework, which simplifies IT, reduces risk, and optimizes traffic routing to provide the best user experience. As a globally distributed platform, with services delivered through more than 150 data centers globally, users are always a short hop to their applications, and through peering with hundreds of partners in major internet exchanges around the world, Zscaler ensures optimal performance and reliability for all of your users.

Instead of forcing (via ‘tromboning’) various entities’ traffic to inspection engines entombed in boxes in the data center, we need to invert our thinking to bring the inspection engines and algorithms closest to where the entities are located.
Gartner, The Future of Network Security is in the Cloud, August 2019

With Zscaler, you can start with services that close security gaps for remote users, and easily add services as demand grows or as you phase out legacy appliances.

To learn more about the Zscaler cloud security gateway solution, visit Zscaler Internet Access (ZIA) or check out these additional resources: