September 21, 2022

4 Min Read
key in a door lock against a background of blue sky and clouds
Feng Yu via Alamy Stock Photos

Not too long ago, most employees worked at corporate offices, accessing all of their apps and data from the corporate data center. Teams of network and security professionals worked diligently to protect employees and secure office environments from the threats that lurked outside their walls, deploying a wide range of on-premises appliances, including web proxy appliances, to provide employees with secure internet access.

Cloud and Hybrid Work Changed Everything

Fast forward to today and we see significant numbers of employees frequently working from anywhere but their corporate offices. At the same time, the data center is no longer the center of the universe. Employees now access a variety of work applications and data stores, that reside both in the cloud as well as the on-premises data center, from anywhere--including their home offices, coffee shops, parks, and more--via a combination of employer-provided and personal devices. So what does the new world of working from everywhere mean for an on-premises data center secured with legacy, on-premises web proxy appliances? And how does this traditional architecture impact remote worker access and productivity?

Research shows that this paradigm poses significant challenges for security professionals, including:

  • Limited app coverage. Over half of all remote workforce threats are for non-web apps, a vast majority of which are invisible to web proxies. Security teams can’t block what they can’t see, and the risk of a data breach increases without security for any and all internet traffic - web and non-web apps.

  • Incomplete security. Multi-vendor legacy products fail to provide complete, consistent security across all users and locations. On-premises web proxy appliances weren’t designed for access to cloud-based apps, so they lack the flexibility and scalability required in today’s environments. Also, the lack of integrated security policies, single-pane-of-glass management, and limited visibility expose organizations to advanced threats.

  • Poor end-user experience. Remote workers often struggle with slow performance caused by backhauling all internet-bound traffic to the on-premises datacenter for inspection. This approach made sense when most users were at the main office or when organizations were forced to centralize the security stack. This legacy architecture results in bottlenecks now that most workers are remote. The combination of poor performance, inconsistent app access that can vary based on the user’s location and device permissions, result in friction and frustrated users, and more calls to the IT support desk.

A Modern, Complete, Cloud-Delivered Solution

Research from ESG Global shows that many organizations are open to a new secure web gateway approach, with only 8% of survey respondents indicating they are very satisfied with their current solution and not planning to change anytime soon. Many organizations have already made the decision to transition from on-premises web security to a cloud-delivered option to improve scale and user experience. Now it’s a matter of selecting the right solution that will secure all internet traffic, not a subset of it. Don't be fooled by web proxies that have simply shifted their location to someone else's data center. Their behavior-by-design still limits their ability to inspect internet traffic to 'proxyable' applications and not much else.

Today, organizations require a solution that seamlessly protects their workers as they access web and non-web applications from just about anywhere. The cloud secure web gateway capabilities of Prisma Access deliver modern, complete cloud security, as well as:

  • Protection for all app traffic, with inspection capabilities for all apps and securing against all threats, not just web-based apps and threats, reducing the risk of a data breach by up to 45%.

  • Complete, best-in-class security with industry-leading capabilities converged into a single cloud-delivered platform, providing more security coverage than any other solution with 4.3M unique security updates per day, 24.5x more than our nearest competitor.

  • Exceptional user experience with our massively scalable network that provides ultra-low security processing latency, backed by industry-leading SLAs, ensures the best digital experience possible for end-users. We provide 10x more total encrypted tunnel throughput than the nearest competitor, with performance SLAs that are 10x better than any other cloud-delivered service.

Learn how the cloud secure web gateway capabilities in Prisma Access can help your organization protect all users and applications, everywhere.


Jason Georgi serves as Palo Alto Networks' global Field CTO for Prisma Access and Prisma SASE. He focuses on building C-level relationships and advising client executives on the strategic alignment of cloud-delivered security solutions as enablers of customers' cloud transformation journey.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights