What is a Cloud Proxy ?
A cloud proxy is proxy that is based in the cloud instead of in a hardware appliance residing in a corporate data center. A proxy server acts as a gateway between you and the internet, and verifies and forwards incoming client requests to other servers for further communication.
Internet traffic flows through the cloud proxy on its way to an internet address. The request then comes back through that same proxy server, and then the proxy server forwards the data received from the website to you. It acts as an intermediary, separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. And, compared to other forms of inspection, proxy is generally viewed as the most secure way to inspect inline traffic.
The problem with appliance-based proxies
Despite the prolific use of proxies, IT leaders still have a heavy bit of skepticism when it comes to their applicability for end-user security. But, this not without some good reasons:
- By definition, proxies must be inline, and have historically been appliance-based, which adds significant latency due to the serial nature of routing traffic to them. This is particularly true with onsite enterprise deployments, and leads to a poor user experience.
- Those who have deployed various proxy appliances over the years have been met with more than their fair share of application compatibility issues. Such failures were hardly the fault of the IT administrators themselves, but rather the proxy solutions lacking the intelligence necessary to properly handle increasingly rich web-based applications.
- The costs for commercial proxy appliances are too high, consuming far too much of the annual IT budget, especially for what is really a commoditized offering. And, it gets even worse when IT administrators decide they want to use them to inspect SSL traffic, which generally comes with an estimate from the vendor for as many as eight times the number of appliances.
- Caching, once an important subset of a proxy architecture, has largely fallen out of favor among IT administrators. Aside from the fact that all modern web browsers provide a fair amount of caching in memory, as well as to disk, leaving the network-based caching as a secondary offering, what remains draws far less optimism as was once the case.
Move the proxy to the cloud
The great news is that proxies are still very much the right solution for enterprises. But to make them deliver as intended, some walls have to come crashing down. Specifically, proxies must:
- Be aware of all applications, especially those that are cloud-based, regardless of which port(s) they are running on, with proven low occurrences of application support issues.
- Scale globally, as users are constantly in motion, often far removed from the corporate network.
- Be remarkably cost effective, actually reducing the percentage of IT spending for any organization.
- Be a part of a comprehensive security architecture, fully capable of addressing the entire range of compliance and security benchmarks, without requiring gaps that might require forwarding to another offering to resolve. It does very little to send 100 percent of your traffic to a cloud provider if all they can address is a small percentage of the real issues.
- Provide a great user experience, proven at providing clean traffic, even when SSL inspection is enabled, with no perception of latency detected by the end user.
- Shield the organization from outside visibility, which of course really goes without saying in this case. But, must also support X-Forward-For (XFF) headers for those applications that require knowledge of the user’s real source IP address.
Many of the capabilities of SASE will use a proxy model to get in the data path and secure the access. Legacy in-line network and enterprise firewall vendors lack the expertise to build distributed, in-line proxies at scale, risking higher costs and/or poor performance for SASE adopters.
In more simple terms, it means that organizations desire to provide clean, safe, and compliant internet access to all corporate users, regardless of their physical location or network, with a great user experience, all at a price point that will have the CFO and CEO giving the CIO and CISO kudos for years to come. The solution is a cloud- based proxy—one that can address all the requirements mentioned above. the reality is that this will only fully succeed when we can demonstrate not only simple, but also complex, cloud-based application support.
The cloud proxy must know who the user is, where they are going, whether or not such access is permissible by company policies, and whether or not the traffic is clean and safe for consumption. At least for true web traffic, it doesn’t get simpler than this. And that’s as it should be. Because at the end of the day, all organizations really want is a clean internet experience, which is what a cloud proxy should provide. A cloud proxy should be fully capable of addressing the depth of security issues within those sessions.
Zscaler has taken a serious look at what has been missing from the proxy story and built an entire platform around making it a success.
- It’s not about being a proxy for web traffic, but a proxy for all traffic.
- It’s not about being a proxy for a location, but a proxy for all locations, even while roaming.
- It’s not about being a proxy in a silo, but being a proxy at unlimited cloud scale and intelligence.
See the difference for yourself
Still using appliance-based proxies? Are they protecting you as well as you think? Try our Internet Threat Exposure Analysis to find out how well your company is protected against ransomware and other threats. The test is safe, free, and informative.