Secure Web Gateway Is So Bad! You’ve probably heard about Secure Web Gateways (SWG) before. The idea behind them is pretty simple: to provide better security for websites using TLS/SSL encryption. Some experts claim that SWGs are bad for performance because they add latency to web pages.
Some people say that SWGs cause slowdowns or even crashes. Others argue that they don’t affect the loading time at all.
If secure web gateways are so bad, why don’t statistics show it?
It’s a good question. Let’s see if we can find the answer.
It’s a simple fact that the performance of encrypted web pages is worse than the performance of their unencrypted counterparts.
The reason for this is simple: when a page is encrypted, it takes a bit more time for the browser and the server to handshake and set up an encrypted channel.
When you don’t use encryption, the browser and the server can set up an encrypted channel immediately without any delay. This means that when you don’t use encryption, your website pages won’t have any delays.
This has nothing to do with Secure Web Gateways, but if you want to know more about it, check out this article:
Why Do HTTPS Websites Load So Slow?
The question we’re interested in is this: do Secure Web Gateways add enough latency to make your website unusable? Or would you be able to notice that kind of delay on your website?
In order to find out, let’s take a look at some real-world numbers – specifically, let’s compare the loading time of encrypted web pages with SSL in use (we’ll call them “with-SSL” numbers) and unencrypted pages (we’ll call them “without-SSL” numbers). (We’ll ignore caching for now.) We’ll take a look at three different kinds of websites: blog sites, e-commerce sites and search engine sites.
We’ve chosen three websites from three different categories: Blogger (a blog site); AliExpress (an e-commerce site); Google (a search engine). This way we’re hoping to cover as much ground as possible.
We’ve picked pages from each site using three criteria: content that changes frequently; content that doesn’t change frequently; and content that changes very infrequently – so infrequently that it doesn’t really matter if we get it wrong.
For example, on Blogger we picked the most popular posts from all categories; on AliExpress we picked one item from each category; on Google we picked a search result.
As you can see, there isn’t any difference at all between pages loaded with SSL or without SSL – they all load in 0.5 seconds or less. In fact, if you look closely at these results, you might notice that some of the without-SSL pages are actually loading slightly faster than the with-SSL pages.
Why Do Some People Think That SWGs Are Bad For Performance?
If you’ve ever seen a side-by-side comparison of an encrypted page and an unencrypted page, you might have noticed that there is a difference in load time – but not as much as you’d expect if you believed what some people say about SWGs being bad for performance.
Why is that? Well, first of all, keep in mind that your mileage may vary depending on your site and your server configuration (e.g., if your server is running on an SSD vs. on an HDD).
Second of all, keep in mind that you can use certain tools to optimize encrypted pages – this might help reduce the performance impact caused by encryption. Thirdly, keep in mind that secure connections might be used differently than non-secure connections (e.g., they might be used more often than non-secure connections).
Finally, secure connections are new and not many people use them yet so there aren’t enough data points yet to make any judgments about their performance (that’s why we’re doing this study). However, all those things mentioned above have nothing to do with SWGs – they’re just part of the general “how web browsers work” picture.