Patent attributes
A policy-based security system for establishing a secure session from client devices to a web server includes a policy component with policies, a client device with a local application to select a cloud service, and a mid-link server. A set of policies from the policies is determined. An encryption link specified for the set of policies and the cloud service is determined. A set of session protocols is selected to establish the secure session between the client device and the web server based on the set of policies. It is determined whether the client device satisfies security standards of one or more session protocols from the set and based on the determination, either a direct link is selected to establish the secure session using a session protocol from the set or a secure tunnel between the client device and the mid-link server and a corresponding tunnel protocol is selected.