itb-au logo
Story image

All we need to know about reverse proxy

04 Jun 2020

Article by Bitglass senior product marketing manager Jacob Serpa.

To misquote George Orwell, not all cloud access security brokers (CASBs) are created equal. This is crucially important since CASBs are the go-to solutions for securing the use of cloud-based tools.

Whether it’s major software-as-a-service (SaaS) apps, niche or long-tail SaaS apps, custom apps built on IaaS platforms, or something else entirely, CASBs are used to protect data wherever it goes.

So let’s review the different CASB architectures and discuss the importance of one deployment option in particular - reverse proxy.

Different CASB architectures address different use cases, so it’s important to be familiar with all of them. However, some deployment options are more limited than others.

  • API-based architectures integrate with application programming interfaces in order to grant out-of-band visibility and control over data at rest within managed cloud applications.
  • Forward proxy architectures require that agents are installed on all user devices in order to provide inline visibility and control over managed and unmanaged app traffic and data.
  • Reverse proxy architectures are agentlessly deployed in the cloud and provide inline visibility and control over managed app traffic and data.

As each of the above options solves its own set of security challenges, organisations evaluating CASBs ought to select a multi-mode CASB that provides all three instead of just one or two.

However, as reverse proxies are the most useful in today’s business world (and are also the hardest to engineer), prospective CASB customers must make sure that their solution of choice contains this deployment option, in particular.

Why is reverse proxy so important?

Reverse proxy is essential for organisations today because it overcomes drawbacks in the other architectures that are highly disadvantageous for modern use cases. API-only architectures cannot provide real-time, inline security and are typically limited to securing a smaller number of apps.

Forward-proxy architectures are difficult to deploy because they require installations on users endpoints--a logistical challenge that becomes nearly impossible where bring your own device (BYOD) is enabled due to employee concerns around privacy and personal device performance.

Reverse proxy addresses these issues through an agentless architecture (which reserves user experience and provides a rapid, simple deployment) and through inline security for managed apps and data only (meaning that employee privacy on endpoints and personal app instances is respected).

As data is now moving to remote users and personal devices more than ever before, these benefits are indispensable. Even for organisations that may not actively enable BYOD, reverse proxy is still critical for securing access from third-party devices belonging to contract employees, auditors, business partners and new users from M&A activities.

How do reverse proxies work?

Reverse proxies work by mediating interactions between users and the applications they access. When users open managed applications and authenticate, the reverse proxy is inserted into the path of traffic so that it can monitor data in transit and apply protections in real-time.

In essence, the proxy is a code middleman that acts like the user for the app, and virtualises the session to act like the app for the user. Unlike something like mobile application management (MAM), a reverse proxy preserves apps’ native user experiences.

What to seek

Typically, reverse proxies are hardcoded to specific versions of applications. This means that when apps are updated and their underlying code is changed, the reverse proxy won’t know what to do or how to pass the new code down to the user.

To rectify breakages once they occur, vendors have an engineer manually handle the code rewriting so that she or he can update the reverse proxy. However, this reactive approach takes time, impedes security, harms the user experience, and disrupts business continuity.

Since the early days of CASB, at least one vendor has recognised the criticality of automated security that can adapt and scale to businesses’ needs on the fly. Consequently, while competitors were focused solely on forward proxy, this vendor was patenting AJAX-VM, technology critical for robust reverse proxy functionality.

AJAX-VM employs machine learning so that it can automatically handle code rewrites when applications evolve and change. This means that there are no breakages and that there is no time wasted waiting for engineers to manually fix the reverse proxy.

Look for a vendor whose technology is designed for total cloud security wherever data goes—a vendor with agentless real-time protections that scale to organisations’ exact needs on the fly. The selected vendor’s solutions should meet a wide breadth of use cases and solve them elegantly and comprehensively.

Story image
Video: 10 Minute IT Jam - Who is 8x8?
In this interview, we speak with 8x8 regional manager for New Zealand Deane Jessep. 8x8 is a provider of integrated cloud phone, meeting, collaboration and contact centre as a service solutions, and has a global network with offices all over the world. More
Link image
UCaaS adoption skyrockets as modern workplaces evolve
With fundamental changes in the nature of the modern workplace, cloud is the obvious choice for providing a flexible work environment. Hear from LogMeIn, KMPG, and CCNA about why UCaaS is an important business priority.More
Link image
How virtualisation has overhauled the traditional HSM
Hardware security modules (HSMs) have undergone a drastic change since the inception of cloud computing. Here's how virtual HSMs can boost growth and security, compared with their predecessor.More
Story image
New solution allows Windows apps on Chromebook Enterprise
Parallels and Google have partnered to enable Windows applications to run in VMs on Chromebooks without rebooting or an internet connection.More
Download image
Strengthen the weakest link in your security chain
Globalisation. Remote working. High-turnover workforces. These factors and more add up to make increasingly dynamic workforces - and without proper management, your business could fall behind.More
Story image
How data analytics can save APAC businesses millions
Given the economic impact of COVID-19, businesses across the APAC region need to identify and plug financial leakage quickly to prevent further losses. Data analytics could be the answer.More