Cloud/Sec vs. Competition: All About The Proxy
By: John Bertoli
There are many companies in the marketplace offering a cloud security service, promising to provide the most complete and comprehensive cloud security offering available. When these cloud security offerings are analyzed, you will discover that the only true, complete cloud security perimeter is Cloud/Sec. The reason that Cloud/Sec outperforms its competition is because Cloud/Sec avoids the competition's reliance on proxy servers which cause slow and high-maintenance connections.
The proxy server evaluates the request according to its filtering rules and then provides the resource by connecting to the relevant server and requesting the service on behalf of the client. The problem with proxies is that it is one of the slowest ways to access resources on a network. Proxies are problematic in function, leading to known support issues. Changes in browser or custom application technologies result in constant support issues with the proxy not interpreting functions properly.
The impact of using a proxy approach is getting a “sliver” of security for a handful of specific applications, receiving no comprehensive security at all. Proxy-based cloud solutions support limited ports, limited application protocols (HTTP, IM, FTP) and typically NO true application (Facebook, Gmail, OWA, Oracle, etc...) support. It is akin to building a gate with no fence around it, thus serving no purpose other than a reference point.
Proxies demand constant attention to allow consistent up time. Browsers and other technologies are constantly evolving at breakneck speeds. It is impossible for proxies to keep up with even the major subset of changes that browser-based/proxy aware technologies introduce. This translates to constant open issues of websites and applications that either don't work or don't behave as expected. This impacts productivity and undermines the function confidence of the solution, forcing people to white-list (build direct connections) rather than leverage the security solution in place.
Because of the way proxies work, the functional request is made to the proxy that then fetches the data. This process is slow. As we are moving more and more applications into the cloud, it is an approach that remains usable for the legacy approach of using the web for "browsing" but not sustainable for managing cloud-based solutions.
Cloud/Sec's competition covers only a handful of ports, specifically only ports 80/443 and demands proxy aware applications to work. If you don't have a proxy aware application, it frankly will not work. With Cloud/Sec, the security is delivered as a direct connection per client. Cloud/Sec works on every port protocol and application. The connection is a more natural connection than a connection between the proxy and the end-point, allowing “pure” connections that are not impacted by evolutions or revolutions in application technologies.