proxy-based architecture

Proxy also means in place of. In the Information Technology world, proxy is a concept that is often associated with anonymous web browsing and private proxy servers. When it comes to online security, a proxy-based architecture is central to one’s efforts of enforcing policies equally for all users, on all cloud traffic, and at all locations. Only proxy architectures can achieve these goals well.

What is a proxy’s value to security? Looking from the perspective of an intermediary, proxies have the ability to shield users from bad actors or direct access to these entities. Proxies allow an enterprise to prevent the execution and spread of malicious code, isolate and identify threats, and inspect all traffic. They act as buffers designed to help keep data and applications safe from harm.

With that in mind, it is important to note that proxy-based security is also one of the core pillars of cloud-first architectures or strategies.

Introduction to Cloud First Architectures

Today, the cloud has become a critical component of a wide range of enterprise infrastructures. For an enterprise to be truly successful in this area, you will require a well-planned strategy to adopt cloud technologies. When it comes to cloud first computing, it is more of using shared infrastructures (protected, publicly hosted resources) than hosting your own private systems, storage facility, and more. Some of the main benefits of adopting a cloud first architecture include improving productivity and lowering overall operational costs.

Proxies Should be Served in the Cloud

Proxies are more valuable, in terms of security, if they are served in the cloud. When you deploy a proxy as a cloud-based service, your proxy-based architecture reduces the expense of appliances and user-related scales to meet evolving traffic demands. Most important of all, proxy-based architectures are required to inspect encrypted traffic.

The Problem With Encrypted Traffic

You should keep in mind that encryption can be exploited by malware. Nearly 60 percent of advanced threats have the ability to hide inside encrypted packets. Encrypted traffic is a great hiding space for malware because this is where few enterprises will check for threats.

HTTPS, the secure version of HTTP, is designed to encrypt all communications between the target website and your browser. 100 percent of traffic to and from Google is encrypted; 80 percent of traffic to and from Chrome is encrypted; and 65 percent of traffic to and from Firefox is encrypted. As you can see, related risk exposure is enormous. One cannot afford not to scan encrypted traffic.

Proxy-Based Architecture Makes Scanning Encrypted Traffic Easier

This type of architecture allows you to scan encrypted traffic without degrading performance (proxy-based architectures allow a tight handoff of packets after decrypting SSL) or increasing cost. You will be able to reduce latency and even improve overall user experience. Aside from scanning HTTPS and HTTP traffic, you can also inspect other protocols such as TDS, DNS, FTP, and other binary traffic that can be embedded within encrypted packets.

No Where to Hide

Legacy appliance-based TLS or SSL inspection procedures often pose huge obstacles to security, i.e. sluggish performance, complexity, and enterprise-sized costs. Things are different with a proxy-based architecture. It allows you to scan all encrypted traffic and ensure that there is no place for malware to hide.