Introducing Secure Web Proxy for egress traffic protection
Naveen Prabhu
Product Manager, Google Cloud
Anil Nandigam
Product Marketing Lead, Google Cloud Security
Google Cloud provides multiple layers of security to help customers stay ahead of evolving threats and keep their cloud workloads safe. Today at our annual Security Summit, we are excited to announce the general availability of Secure Web Proxy, a new cloud-first network security offering that provides web egress traffic inspection, protection, and control. Secure Web Proxy (Cloud SWP) can help networking and security teams implement Zero Trust networking principles, discover malicious activity, and support forensic investigations
How Secure Web Proxy works
You configure workloads to use Secure Web Proxy as a gateway. Web requests can originate from virtual machine (VM) instances, containers, serverless environments, and workloads outside of Google Cloud connected by Cloud VPN or Cloud Interconnect. Policies and rules in Cloud SWP will be applied to traffic sent from these workloads to the internet.
Secure Web Proxy architecture
Cloud SWP helps enable organizations to enforce granular access policies, limiting egress web traffic based on source, identities, destination, or request types. With Cloud SWP you can create policies with Google Cloud Identity Access Management (IAM) context using service accounts and secure tags to block egress. For example, you can set a policy to limit a service account to sending traffic to a specific outbound destination.
Secure Web Proxy offers a scalable TLS inspection service that lets you intercept TLS traffic, inspect the encrypted request, and enforce your policies. Cloud SWP integrates with Cloud Logging to record metrics and transaction logs for requests handled by the proxy.
Common use cases for Secure Web Proxy
Many organizations employ a proxy like Cloud SWP to programmatically restrict workload access to only trusted external web services.
You can also use Cloud SWP to monitor outbound access. The proxy identifies traffic that doesn't conform to policy and logs it to Cloud Logging. This allows you to monitor internet usage, discover and disrupt threats on your network by spotting command and control traffic or anomalous data transfers. Logs can be also used in forensics to investigate security events and incidents involving egress web traffic.
Operational benefits
Secure Web Proxy is another example of how Google Cloud continues to deliver built-in, cloud-first security capabilities that offer operational efficiencies for our customers.
Cloud SWP is easy to deploy and manage because it is a managed service. Unlike frequently deployed proxy solutions, it does not require users to configure virtual machines (VMs) to run and scale the proxy. Security patching is handled automatically. As your business and outbound traffic grows, Cloud SWP takes care of growing your proxy infrastructure for you.
Secure Web Proxy can also help make cloud migrations more seamless. If you are using an on-premises proxy, you can easily port the existing proxy’s policies to Cloud SWP when you migrate the app, maintaining the same egress protection in the cloud as you had on-premises.
Customer testimonials
Preview customers validated the operational and security value of implementing Cloud SWP:
"Google's Secure Web Proxy is a powerful tool that can help businesses of all sizes protect their cloud workloads from online threats. By using the granular policy controls and TLS inspection, we are ensuring that our cloud applications only access approved external destinations. Additionally we are able to comply with data security regulations,” said David Saleh, director, Cloud Architecture and Application Security, ATB Financial.
"Secure Web Proxy has helped us to improve our security in Google Cloud. We are now able to filter outbound HTTP and HTTPS traffic from our applications. In addition, having a native solution will allow us to replace the VM-based solution we currently have, providing us with cost savings and continuing to deliver on our strategy of replacing products with cloud native services," said Roberto Vega, cloud analyst, Carrefour.
Getting started with Secure Web Proxy
You can get started with Cloud SWP by visiting our documentation page to learn more about Cloud SWP prerequisite requirements and configuration options. If you want to quickly evaluate Cloud SWP for your cloud environment, use the SWP evaluation guide for step-by-step instructions. Be sure to check out all our sessions at this year’s Google Cloud Security Summit.