The modern workforce has changed in the wake of the COVID-19 pandemic. SaaS deployments now involve access to a service from devices, users, and connected applications that are no longer managed internally by an InfoSec team. On account of the shift from in-office work to remote work, traditional security measures such as web gateways and firewalls are un to keep sensitive data secure. Cybersecurity is now looking to Proxy architectures in order to enhance visibility and security for the SaaS.

But what exactly are proxies, and what kind of proxies are we working with?

A Proxy is either a physical or virtual server that serves as a bridge between an end user and another website or server. Proxies are commonly used in security against threats, from shielding an enterprise’s internal infrastructure from known threats to handling authentication requests to managing web traffic. Requests are first sent to the proxy server which handles the request along with the additional tasks of filtering content, scanning for malware, masking the origin of the request, encrypting messages, and more.

With Cloud Access Security Broker (CASB) deployment modes, CASB configurations refer to a proxy that operate between user-to-cloud and cloud-to-cloud systems. Proxies are employed either as a Reverse Proxy or a Forward Proxy.

Forward and Reverse Proxies

Reverse Proxy

A reverse proxy provides inline security between a cloud service (your organization’s instance or sanctioned cloud tenant of Office 365, as an example) and a user, incorporating a SAML (Security Assertion Markup Language) insertion like Okta (Identity-as-a-service or IDaaS) that verifies your identity and grants you access. Reverse Proxies are protecting sanctioned cloud tenants against unmanaged devices (personal phones, laptops, tablets), resulting in what is considered the “easiest” user experience.

 

Forward Proxy

A forward proxy works closer with the user, managing the traffic from an approved, managed device to cloud services by using either PAC Files, Agents, or some other configuration to send traffic to a location. Forward proxies inspect the cloud traffic for users and records various properties about requests, access attempts, and files accesses. It is the forward proxy that protects your managed, approved devices against unmanaged destinations.

Application Programming Interface (API)

A third element in working with proxies, regardless of using a Forward or Reverse Proxy, is implementing an API. An Application Programming Interface (API) works as a backend framework for cloud applications, allowing services to talk to one another. API security prevents and mitigates attacks on cloud servers by recording all activity on server both with data in use and data at rest, tracing traffic origins, and tracking access attempts both successful and unsuccessful. This is not real time tracking but a record that can be accessed after an event and used in attempting to diagnose a potential cyberattack.

Forward and Reverse Proxies and APIs are designed to work independently, but all three of these measures can work together to provide security for both managed and unmanaged devices.

Skyhigh Security Scores Highest Across All Four Use Cases in 2022 Gartner® Critical Capabilities Report for Security Service Edge

Read the Gartner® Report