Skyhigh Networks recently patented a method for providing cloud access security brokers services that uses a reverse...
proxy mode to provide authentication and policy controls. What is a reverse proxy mode and how does it work? Is it something we should look for in potential CASBs? Are there other ways CASBs can provide authentication and policy controls?
A proxy is a device that acts as an intermediary between two components in a distributed system. Instead of communicating directly, each component communicates with the proxy, and the proxy then routes the packets, and performs other functions, to the target device. A reverse proxy is a proxy designed to hide an internal server and act as an intermediary for traffic originating on an internal server.
The Skyhigh Networks' reverse proxy mode allows enterprise IT departments to establish reverse proxies to intermediate traffic between on-premises sources and cloud services. The Skyhigh reverse proxy server coordinates traffic between client devices, single sign-on services and cloud services. When a cloud service prompts a user to authenticate, the request is first sent to the Skyhigh proxy. There, the proxy applies security controls and validates the request, which is then sent to the single sign-on service. This approach takes advantage of the Security Assertion Markup Language.
A key advantage of the reverse proxy mode is it does not require an agent on client devices. This is especially important when employees use personal mobile devices to access cloud services. Software agents can create conflicts on devices, have to be designed to work on multiple platforms, as well as stay up to date with operating system updates. Routing traffic through a proxy avoids these issues.
When evaluating a cloud access security broker, consider the ease of use and maintenance. Agent-based systems have more potential points of failures; each device that requires an agent could experience an issue that disrupts service for that user. The flip side is that a reverse proxy such as Skyhigh's could be a single point of failure for all users; however, that can be addressed with an appropriate failover mechanism.
Read more about how the cloud access security broker space is evolving
Dig Deeper on Cloud Computing Software as a Service (SaaS) Security
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading