SaaS security solutions like cloud access security brokers (CASB) and cloud-based data loss prevention (DLP) have become a must-have to prevent data leakage and exfiltration in popular cloud apps like Slack, Google Workspace and Office 365.
In theory, these tools give security administrators much needed visibility and control over the sensitive information that resides in these apps, reducing the likelihood of costly compliance fines and data breaches.
But there’s just one problem: what these tools do in theory doesn’t always live up to how they perform in practice.
There’s a reason for this, and it comes down to the fact that many security teams rely on legacy proxy-based tools to secure SaaS applications. Below, we’ll explore why proxy-based solutions fall short of expectations and what you should go for instead.
What is a proxy-based SaaS security solution?
Proxy-based security solutions were the first technological development that enabled security teams to garner a level of control and visibility into SaaS applications. The approach has been around for about a decade now and, while it was innovative in the early 2010s, the SaaS security game has changed a lot since then.
Proxies work by acting as a gateway between the end user and the cloud-based resource they are trying to access. An analogy would be to think of proxies like a middle man or bouncer, contextually inspecting user requests and granting access in line with predefined security policies.
The proxy-based approach achieves this by terminating the end user session as they make their request, and starting up a new one, filtering all traffic through the proxy to give security teams visibility and control over cloud app access.
The challenges of proxy-based solutions
For security teams desperate to shine a light into otherwise opaque cloud apps, you can see why proxy-based solutions have proven popular, especially when they were first released.
However, over the years, these tools have proved themselves rather troublesome in several ways, including:
End user friction
Speak to any organization using a proxy-based solution and you’ll no doubt hear about end user friction. This is because many proxy deployments require IT teams to place agents on users’ endpoint devices. Not only is this invasive from a privacy perspective, but it can also cause productivity lags and impede efficiency.
After all, proxy-based CASBs need to terminate the user’s session and restart it to allow them access to cloud apps, which inherently takes time. In the longer term, organizations using proxy-based deployments may even find their employees try to circumvent these solutions altogether, spurred by a desire to get their work done without any blockages.
Of course, it’s not that employees don’t care about security. It’s just that, when it comes to accessing cloud resources, they don’t necessarily understand the data security risks, and therefore see proxy-based solutions as a hindrance rather than a help.
Not every cloud application works well with proxies. Microsoft, for example, has been vocal about disliking the use of proxy-based security for Office 365. This is because proxies can trigger performance issues, such as lags and glitches.
In the worst-case scenario, proxy-based solutions simply won’t be compatible with some applications, creating glaring security gaps where users can access, upload and download data in the cloud without any form of security control in place.
Complex to deploy and manage
For your proxy-based solution to work, you’ll either need to hard code the proxy’s script into a browser’s settings or deploy agents onto end user devices. And that’s just the beginning. You’ll also need to think about your auto configurations, log collectors and more. Inherently, this involves a lot of technical know-how, configuration and ongoing management.
For time-pressed security teams, the whole setup and management of these solutions is therefore innately unappealing. Setting up proxy-based solutions is error-prone, manually intensive and requires constant attention–not to mention the fact that, should an employee use their own device for work purposes, the whole setup is completely undermined!
Moreover, because proxy-based solutions are ‘middle men’, they remain siloed from your organization’s core security stack. This lack of harmonization creates further operational issues, making it difficult for your security team to streamline data security efforts across the board.
So, what’s the alternative?
It’s clear that proxy-based cloud security solutions leave a lot to be desired. In today’s fast-paced, dynamic cloud landscape, security teams need a data security solution that is easy to deploy, minimizes user friction and enhances data protection. And that’s where API-based DLP solutions come in.
API-based DLP tools are a more powerful, more modern approach to SaaS security. These solutions evolved directly from their proxy-based counterparts, designed specifically to overcome the challenges we explored above like end user friction and operational complexity.
Rather than rely on agents or coding, API-based DLP tools integrate effortlessly with the APIs used by Slack, Teams and so on. Instead of enforcing security at the gateway of an application, these DLP tools live inside your cloud apps, working silently in the background to enforce security policies based on predefined rules and compliance templates.
When a user attempts to access a cloud resource, they won’t experience the same lag as they would with a proxy-based solution. In fact, they won’t even know that the API-based tool is monitoring them until they violate a security policy, at which point the tool will alert them to a security misdemeanor and block the action.
Better still, because API-based solutions are out-of-band and agentless, they work across user devices—whether BYOD, mobile or laptops. No matter where or when users attempt to access cloud resources, the solution is always on, meaning you gain 100% visibility and control over data 24/7.
Lastly, while proxy-based solutions are complex to deploy and manage, API-based DLP tools like Polymer DLP are ‘no-code’. You can install our solution, for example, in just minutes.
Furthermore, because we have infused our tool with natural language processing (NLP) and artificial intelligence (AI), it protects data autonomously on your behalf, automatically reducing the risks of SaaS data exposure without you having to lift a finger.
Say goodbye to proxies and hello to Polymer DLP
If you’re still relying on cumbersome proxies to protect data in cloud apps, know there is a better way! Polymer DLP is a no-code solution that integrates seamlessly with mission-critical SaaS applications like Slack, Google Workspace, Teams and more through APIs.
Find out more about Polymer DLP for SaaS today.