Enterprise users are adopting more services in the cloud offered by various third party service providers. Users may access these service provider sites from mobile devices while outside the enterprise premises by connecting directly to the cloud resource. Enterprises would still like to inspect this type of traffic as part of their security policies (e.g. for data loss protection).
One of the challenges in doing this is finding a way to steer cloud traffic to a proxy layer to perform the inspection. This is particularly true on mobile device platforms. While one might be able to use access point name (APN) or virtual private network (VPN) technologies for some level of steering, it is often difficult to provision those solutions on a user's device in a way that can reliably enforce the traffic redirection. For example, APN techniques do not work at a Wi-Fi™ hotspot). Additionally, users do not want to have all of their traffic inspected, which is likely to be the case when device level techniques such as APN, VPN, or global hypertext transport protocol (HTTP) proxy configurations are used.
Most enterprise Software-as-a-Service (SaaS) solutions offer Single-Sign-On (SSO) techniques, to provide a way for enterprises to enforce authentication mechanisms associated with the enterprise. However, once the SSO transaction is complete, the traffic flows back directly to the cloud resource and enterprise visibility of the data is lost.