"The question I have is how companies are meant to do this without a product like IWG? Surely this is a task beyond most network administrators - can any network admins on HC validate?"
I know a lot more about network administration than most, although you @throwtheslider are among the IWG investors on HC who choose to disbelieve me. For any one else who might be interested, I can answer the question. (I'll simplify for an investor oriented audience.)
Segregating networks is a simple task well within the capabilities of the most junior network admin. Even the most basic of ADSL routers do it, so you can probably do it at home if you choose to dig into the options of your router.
There are many reason to segment a network, with security being just one of them. From a security perspective the correct approach is to break up the network into segments using the internal firewalls in your routers and switches. Each segment then handles information of varying degrees of value. You then keep the various computers and devices (or user accounts, depending on how you do it) in their appropriate segments. In order to connect to different segments, or to move information between segments, users need extra passwords and privileges. The idea is to ensure that if a user's computer is breached, the attacker will still need to find different accounts and passwords to get to the computers holding the customer credit card information, the IP, the accounts, management's strategic plans, etc.
Network segmentation is a difficult thing to get right. It requires designing, then properly enforcing to keep the information protected. Devices, passwords and accounts all need to be configured, then the boundaries need to be monitored and protected. All this needs to happen in a way which does not impact the business. People still have to be able to access the information they need, the network must not slow down, etc. Setting up the network infrastructure is the trivial bit, it is all the rest of it which is hard. That is why so many companies do not do it.
iWebGate's product does not help with any of this. Network segmentation is another of the buzzwords they have hijacked for marketing purposes. The iWebGate product does segment the network, in the sense that it creates a "network segment" all of its own. It is just one Linux computer which is isolated by itself and which separates the corporate network from the internet. The general approach is OK, and has been around since networks were invented. The rest of the ICT world calls it a de-militarized zone ("DMZ") after the military term for separating armies. There are many single-computer DMZ products in the Linux world, most of them free. Selling a Linux based DMZ product is like selling sand to Arabs. That is why iWebGate's sales figures are what they are.
It is the fact I understand all this which makes me scoff at the iWebGate product, while everyone else sucks up the marketing hype and thinks this really is a billion dollar company in the making. The lesson is an old one: only invest in what you understand.
IWG Price at posting:
17.0¢ Sentiment: None Disclosure: Not Held