Our unique cloud proxy architecture is at the core of Zscaler Internet Access and a fundamental element of the Zero Trust Exchange, a comprehensive cloud native security platform.
- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
- Zenith Ventures Strategic cybersecurity investments
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
What Is a Cloud Proxy? A cloud proxy is a cloud-based system that sits between a client and a web server, SaaS application, or data center. It acts as an intermediary between the client and the server, providing secure access to resources while protecting the server from malware and other threats.
Why Do You Need a Cloud Proxy?
A cloud proxy functions like a reverse proxy in many ways—client requests flow through the cloud proxy on the way to an internet address, and replies (e.g., permission to access a webpage) return through the proxy on their way to clients—but because the cloud proxy resides in the cloud, it isn’t confined to data center hardware like a conventional appliance-based proxy.
Challenges with Appliance-Based Proxies
Traditional reverse proxy servers and HTTP proxies are still commonplace in today’s network security stacks, but IT leaders increasingly cite issues with:
- Latency: Proxies need to operate inline to intercept traffic. Routing traffic through bandwidth-limited appliances in a serial fashion can add significant latency to requests—particularly with on-site enterprise deployments—leading to a poor user experience.
- Compatibility: Traditional proxies are prone to application compatibility issues because they weren’t built for the ways rich web-based applications perform authentication, API calls, service requests, and more, forcing additional troubleshooting.
- Cost: Commercial proxy appliances cost too much compared to typical IT budgets—even more so if an organization wants to use them to inspect TLS/SSL traffic, for which some vendors can recommend as many as eight times more appliances.
- Caching: Once a critical function of a proxy architecture, caching is now a feature of all modern web browsers, making network-based caching a secondary offering at best.
Benefits of a Cloud Proxy
Proxies are still the right solution for enterprises looking to prevent stealthy threats without compromising the user experience. In the era of the cloud and mobility, hardware-based offerings can’t reliably deliver on that promise. An effective cloud-based proxy architecture offers:
- Universal application awareness, including cloud-based apps, on any port, with significantly fewer compatibility issues.
- Global scale to keep up with users who are constantly in motion, often far removed from the enterprise network.
- Significant cost savings compared to typical hardware proxy price points, reducing IT spend.
- Great user experience, even with full TLS/SSL inspection enabled, with no detectable latency for end users.
- No outside visibility into the server, with support for XFF headers for apps that require the user’s real source IP address.
The most effective cloud-based proxy architecture is part of a comprehensive security architecture, able to address the entire range of compliance and security benchmarks without leaving gaps for another function or a third party (e.g., a cloud provider) to resolve.
Many of the capabilities of SASE will use a proxy model to get in the data path and secure the access. Legacy in-line network and enterprise firewall vendors lack the expertise to build distributed, in-line proxies at scale, risking higher costs and/or poor performance for SASE adopters.
Gartner, The Future of Network Security Is in the Cloud
How Does a Cloud Proxy Work?
Sitting in the flow of traffic, a cloud proxy integrates with an organization’s authentication service (e.g., single sign-on), after which it can operate inline without an agent. This offers a straightforward user experience, with incoming traffic to managed cloud apps and the like redirected to the cloud proxy automatically.
Let’s take a closer look at this process.
A cloud proxy can protect sensitive data (e.g., PCI data, PII) by acting as a middleman or stand-in for the server on which that data resides. Client requests are routed first to the cloud proxy, then through a specified port in any applicable firewall, and then to the content server—and finally, back again. The client and the server never communicate directly, but the client interprets responses as if they had. Here are the basic steps:
- Client sends a request, which the cloud proxy intercepts
- Cloud proxy forwards the incoming request to a firewall if applicable
- Firewall either blocks the request or forwards it to the server
- Server sends response through the firewall to the proxy
- Cloud proxy sends the response to the client
Backed by the elasticity of the cloud, this all happens in near-real time regardless of traffic volume.
Many of the capabilities of SASE will use a proxy model to get in the data path and secure the access. Legacy in-line network and enterprise firewall vendors lack the expertise to build distributed, in-line proxies at scale, risking higher costs and/or poor performance for SASE adopters.
Gartner, The Future of Network Security Is in the Cloud
Zscaler Cloud Proxy
To provide clean, safe, and compliant internet access and a great user experience to all users, on any device or operating system, over any network—no matter where they are—the solution is a cloud-based proxy architecture.
Our proven cloud proxy-based architecture forms the foundation of Zscaler Internet Access™, a cloud native security service edge (SSE) solution that builds on a decade of secure web gateway leadership. Offered as a scalable SaaS platform from the world’s largest security cloud, it replaces legacy network security solutions to stop advanced attacks and prevent data loss with a comprehensive zero trust approach.
Zscaler Internet Access is part of the Zscaler Zero Trust Exchange™, a comprehensive cloud native security platform.
Cloud Proxy Use Cases
The Zscaler cloud proxy architecture provides reverse proxy coverage for all traffic, a core element of cloud access security broker (CASB) within the security service edge (SSE) model.
As part of an SSE framework, our cloud proxy architecture supports your organization in:
Securing Unmanaged Devices
Many of your employees may use multiple devices for work, including personal ones. Beyond that, plenty of suppliers, partners, and customers may need access to your internal applications on their own unmanaged devices, presenting a risk to your security.
You can install agents to manage devices your organization owns, but unmanaged endpoints are a different story. Third parties won’t let you install agents on their endpoints, and many employees don’t want agents on their personal devices, either. Instead, our proxy architecture offers agentless protection against data leakage and malware from any unmanaged device accessing your cloud applications and resources.
Data Protection
The Zscaler proxy architecture can enforce data loss prevention policies to prevent accidental or intentional uploads or downloads of sensitive information to or from sanctioned cloud apps. Because it operates inline and inspects all traffic, even encrypted traffic, it can ensure uploaded or downloaded data falls in line with your policies.
Threat Prevention
An infected file in a cloud service can spread to connected apps and devices—especially unmanaged devices. By agentlessly preventing uploads or downloads of infected files to or from cloud resources, our proxy architecture provides advanced threat protection against malware and ransomware.
By nature, our architecture also hides servers and their IP addresses from clients, which protects your web resources from threats such as distributed denial of service (DDoS attacks).
Load Balancing
The Zscaler proxy can be used to handle client requests that could otherwise overwhelm a single server with high demand, promoting high availability and optimizing load times by distributing requests to your servers evenly.
Suggested Resources
-
Proxy-based security: a pillar of the cloud-first architecture
Read the blog -
Why Proxies and Firewalls Are Essential in the Modern Threat Landscape
Read the blog -
Zscaler SASE at a Glance
Read the solution brief -
Zscaler Cloud Firewall
Learn more -
5 Key Requirements for Branch Transformation
See the infographic