We just published my latest research, the Forrester Wave: SaaS Web Content Security, Q2 2015. Forrester categorizes web gateways/forward proxies into this web content security category. I did something different with this evaluation, instead of looking at on-premise appliances; I only evaluated the SaaS deployment model. If a vendor didn't have a SaaS delivery model, we didn't include them in the Wave. 
 
The decision to focus this wave on the SaaS model, wasn't popular with some of the vendors we evaluated. The majority of vendors who sell web proxies lead with the on-premises delivery model and relegate SaaS to a niche deployment option. As users, their endpoints, and their applications move outside the perimeter and into the cloud, the traditional web gateway model is being disrupted; yet many vendors are still very attached to their appliances.  Instead of evaluating a very mature on-premise market, I wanted to focus this Wave on the future.

You should be vary wary of any vendor who tells you on-premises should be your default deployment option. Don’t let a vendor position SaaS for just remote offices and remote users. There are reasons for on-premises deployments (cloud aversion syndrome, outbound DLP, data residency) but make sure the reasons are you’re own and not dictated by the vendor.  If you can hand off web content security (and email) to SaaS security vendors you can repurpose your limited security resources to more strategic functions like incident detection and response, security architecture, or application security. 

The web (and email) gateway vendors haven't done the best job of responding to disruption. FireEye was able to quickly capture market share because they weren't stopping phishing attempts and drive by downloads. FireEye completely disrupted their business and put these companies on the defensive.

I see the email and web gateway vendors behind disrupted once again, this time by the cloud and SaaS applications. The traditional web content security vendors should've owned security for SaaS applications; they have owned web-browsing security for over a decade. Instead, we have seen cloud security startups like Skyhigh Networks and Ionic Security emerge to provide visibility into and control of SaaS applications. I fear that the traditional web content security players have been disrupted again and are holding on to their precious appliances at the expense of their future. Web gateways aren't dead yet, but their day is coming and they will shift to niche deployments. Don't be like Gollum and his precious ring, don't follow your appliances into the lava of Mount Doom.

A special thanks to Peggy Dostie, Kelley Mak, & Claire O'Malley who helped make this Wave possible.