The modern workforce has changed in the wake of the COVID-19 pandemic. Software-as-a-service deployments now involve access to a service from devices, users, and connected applications that are no longer managed internally by information security professionals. On account of the shift from in-office work to remote work, traditional security measures such as web gateways and firewalls are unlikely to keep sensitive data secure. Organizations are now looking to Proxy architectures to enhance visibility and security in their SaaS environments.
But what exactly are proxies, and what kind of proxies are we working with?
A Proxy is either a physical or virtual server that serves as a bridge between an end user and another website or server. Proxies are commonly used in security against threats, from shielding an enterprise’s internal infrastructure from known threats to handling authentication requests to managing web traffic. Requests are first sent to the proxy server which handles the request along with the additional tasks of filtering content, scanning for malware, masking the origin of the request, encrypting messages, and more.
With Cloud Access Security Broker (CASB) deployment modes, CASB configurations refer to a proxy that operate between user-to-cloud and cloud-to-cloud systems. Proxies are employed either as a Reverse Proxy or a Forward Proxy.
Forward and Reverse Proxies
A reverse proxy provides inline security between a cloud service (your organization’s instance or sanctioned cloud tenant of Microsoft 365, as an example) and a user, incorporating a SAML (Security Assertion Markup Language) insertion like Okta (Identity-as-a-service or IDaaS) that verifies your identity and grants you access. Reverse Proxies are protecting sanctioned cloud tenants against unmanaged devices (personal phones, laptops, tablets), resulting in what is considered the “easiest” user experience.
A forward proxy works closer with the user, managing the traffic from an approved, managed device to cloud services by using either PAC Files, Agents, or some other configuration to send traffic to a location. Forward proxies inspect the cloud traffic for users and records various properties about requests, access attempts, and files accesses. It is the forward proxy that protects your managed, approved devices, against unmanaged destinations.
Application Programming Interface (API)
A third element in working with proxies, regardless of using a Forward or Reverse Proxy, is implementing an API. An Application Programming Interface (API) works as a backend framework for cloud applications, allowing services to talk to one another. API security prevents and mitigates attacks on cloud servers by recording all activity on server both with data in use and data at rest, tracing traffic origins, and tracking access attempts both successful and unsuccessful. This is not real time tracking but a record that can be accessed after an event and used in attempting to diagnose a potential cyberattack.
Forward and Reverse Proxies and APIs are designed to work independently, but all three of these measures can work together to provide security for both managed and unmanaged devices.