momius - Fotolia

How can a reverse proxy mode improve cloud security?

Skyhigh Networks recently obtained a patent to use reverse proxies for cloud access security broker services. Expert Dan Sullivan explains how the method works.

Skyhigh Networks recently patented a method for providing cloud access security brokers services that uses a reverse...

proxy mode to provide authentication and policy controls. What is a reverse proxy mode and how does it work? Is it something we should look for in potential CASBs? Are there other ways CASBs can provide authentication and policy controls?

A proxy is a device that acts as an intermediary between two components in a distributed system. Instead of communicating directly, each component communicates with the proxy, and the proxy then routes the packets, and performs other functions, to the target device. A reverse proxy is a proxy designed to hide an internal server and act as an intermediary for traffic originating on an internal server.

The Skyhigh Networks' reverse proxy mode allows enterprise IT departments to establish reverse proxies to intermediate traffic between on-premises sources and cloud services. The Skyhigh reverse proxy server coordinates traffic between client devices, single sign-on services and cloud services. When a cloud service prompts a user to authenticate, the request is first sent to the Skyhigh proxy. There, the proxy applies security controls and validates the request, which is then sent to the single sign-on service.  This approach takes advantage of the Security Assertion Markup Language.

A key advantage of the reverse proxy mode is it does not require an agent on client devices. This is especially important when employees use personal mobile devices to access cloud services. Software agents can create conflicts on devices, have to be designed to work on multiple platforms, as well as stay up to date with operating system updates. Routing traffic through a proxy avoids these issues.

When evaluating a cloud access security broker, consider the ease of use and maintenance. Agent-based systems have more potential points of failures; each device that requires an agent could experience an issue that disrupts service for that user. The flip side is that a reverse proxy such as Skyhigh's could be a single point of failure for all users; however, that can be addressed with an appropriate failover mechanism.

Next Steps

Read more about how the cloud access security broker space is evolving

Find out how CASBs can improve cloud security for enterprises

Discover why the security industry needs a standardized framework for CASBs

Dig Deeper on Cloud Computing Software as a Service (SaaS) Security