sb-au logo
Story image

All we need to know about reverse proxy

04 Jun 2020

Article by Bitglass senior product marketing manager Jacob Serpa.

To misquote George Orwell, not all cloud access security brokers (CASBs) are created equal. This is crucially important since CASBs are the go-to solutions for securing the use of cloud-based tools.

Whether it’s major software-as-a-service (SaaS) apps, niche or long-tail SaaS apps, custom apps built on IaaS platforms, or something else entirely, CASBs are used to protect data wherever it goes.

So let’s review the different CASB architectures and discuss the importance of one deployment option in particular - reverse proxy.

Different CASB architectures address different use cases, so it’s important to be familiar with all of them. However, some deployment options are more limited than others.

  • API-based architectures integrate with application programming interfaces in order to grant out-of-band visibility and control over data at rest within managed cloud applications.
  • Forward proxy architectures require that agents are installed on all user devices in order to provide inline visibility and control over managed and unmanaged app traffic and data.
  • Reverse proxy architectures are agentlessly deployed in the cloud and provide inline visibility and control over managed app traffic and data.

As each of the above options solves its own set of security challenges, organisations evaluating CASBs ought to select a multi-mode CASB that provides all three instead of just one or two.

However, as reverse proxies are the most useful in today’s business world (and are also the hardest to engineer), prospective CASB customers must make sure that their solution of choice contains this deployment option, in particular.

Why is reverse proxy so important?

Reverse proxy is essential for organisations today because it overcomes drawbacks in the other architectures that are highly disadvantageous for modern use cases. API-only architectures cannot provide real-time, inline security and are typically limited to securing a smaller number of apps.

Forward-proxy architectures are difficult to deploy because they require installations on users endpoints--a logistical challenge that becomes nearly impossible where bring your own device (BYOD) is enabled due to employee concerns around privacy and personal device performance.

Reverse proxy addresses these issues through an agentless architecture (which reserves user experience and provides a rapid, simple deployment) and through inline security for managed apps and data only (meaning that employee privacy on endpoints and personal app instances is respected).

As data is now moving to remote users and personal devices more than ever before, these benefits are indispensable. Even for organisations that may not actively enable BYOD, reverse proxy is still critical for securing access from third-party devices belonging to contract employees, auditors, business partners and new users from M&A activities.

How do reverse proxies work?

Reverse proxies work by mediating interactions between users and the applications they access. When users open managed applications and authenticate, the reverse proxy is inserted into the path of traffic so that it can monitor data in transit and apply protections in real-time.

In essence, the proxy is a code middleman that acts like the user for the app, and virtualises the session to act like the app for the user. Unlike something like mobile application management (MAM), a reverse proxy preserves apps’ native user experiences.

What to seek

Typically, reverse proxies are hardcoded to specific versions of applications. This means that when apps are updated and their underlying code is changed, the reverse proxy won’t know what to do or how to pass the new code down to the user.

To rectify breakages once they occur, vendors have an engineer manually handle the code rewriting so that she or he can update the reverse proxy. However, this reactive approach takes time, impedes security, harms the user experience, and disrupts business continuity.

Since the early days of CASB, at least one vendor has recognised the criticality of automated security that can adapt and scale to businesses’ needs on the fly. Consequently, while competitors were focused solely on forward proxy, this vendor was patenting AJAX-VM, technology critical for robust reverse proxy functionality.

AJAX-VM employs machine learning so that it can automatically handle code rewrites when applications evolve and change. This means that there are no breakages and that there is no time wasted waiting for engineers to manually fix the reverse proxy.

Look for a vendor whose technology is designed for total cloud security wherever data goes—a vendor with agentless real-time protections that scale to organisations’ exact needs on the fly. The selected vendor’s solutions should meet a wide breadth of use cases and solve them elegantly and comprehensively.

Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More