Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Bradon Rogers of Island says it’s time to rethink how we see the browser, as enterprise browsers stand tall as the new face of cybersecurity.
The advent of a new class of highly capable enterprise browsers can enable CIOs and CISOs to build, manage and control highly collaborative, productive, and efficient environments. As CIOs and CISOs know only too well, protecting the enterprise against cyber threats too often entails unfortunate compromises. Diminished productivity, an unsatisfactory user experience, and high costs are begrudgingly accepted as unavoidable trade-offs for cybersecurity.
Why?
The crux of the issue is that most security technology was built on IT architectures of the on-premises, server-based past. But these architectures have not kept pace with a world where cloud-based apps, remote workers (including many third-party contractors), and BYOD are the norm.
The Enterprise Browser as the Cybersecurity Cornerstone
What is desperately needed in the modern enterprise is a nimble means to enable security where it is required without getting in the way of the work users need to do. There is now, for the first time, a straightforward way to accomplish this– and when organizations first hear about the solution, the initial reaction often involves a few raised eyebrows. That’s because the answer is a new category of application software, the enterprise browser, that takes control and protection right to the place where users intersect with enterprise data, applications, and the internet– including the internet’s risks.
Yes, a browser– but not the consumer browsers everyone knows. The consumer browser is used every day in the enterprise workplace, but it was never designed for the enterprise. Enterprise browsers embed the core needs of the modern enterprise in the browser itself, giving organizations unprecedented control, visibility, and governance over the place where nearly all work happens. Users win, too, because they get the same Chromium-based experience they’re used to.
Enterprise browsers are increasingly being used across a wide range of industries, giving IT and security teams the latitude and dexterity to design and implement controls that don’t compromise the user experience. Companies are using enterprise browsers to simplify and streamline onboarding contractors and BYOD workers, who can now work freely on any device and access the data they need, safely. They are implementing policies in the browser across all SaaS and internal web apps to keep the data in them secure. Others are removing expensive and unwieldy desktop virtualization solutions entirely because the enterprise browser offers a superior way to access apps securely and a radically better user experience. The potential use cases are nearly infinite.
Nimble Last Mile Controls
Making the browser itself – the place where users are doing most of their work – the cornerstone for enterprise cybersecurity has many advantages. No other security solution offers comparable visibility. Security measures can account for who the users are, what devices they are using, what they are trying to do, what apps they need access to, how to handle the data within those apps, and more. Flexible last-mile control policies are implemented directly in the browser. The result is a more elegant security solution than blanket prohibitions that frustrate users, and tax IT teams.
With browser-based security, IT can control – for each user’s identity – when, where, and how copy/paste is used. It can inspect uploads and downloads and block critical data from screenshots. It can redact sensitive data in key applications for particular users, in specific scenarios. For example, for call center employees, the browser can be easily configured to hide credit card numbers while still providing employees access to all the other information needed to serve customers. A further advantage of embedding security controls directly into the browser session is full visibility into what users are doing without the complexity and difficulties of inspecting encrypted traffic. The browser itself provides logs of web activity for auditing and tracking purposes and to ensure against data leakage.
Superior User Experience
When an enterprise browser becomes one of an organization’s cybersecurity platforms, security gets out of the user’s way. The governance around work-related browser use is only around work. Controls are only invoked in the places where they need to be invoked.
This means that enterprise data security can be achieved without restricting users’ access to personal apps, such as Gmail. That is a degree of freedom generally not possible in conventional cybersecurity configurations. Enterprise browsers also enable IT to improve the user experience by automating tasks that are time-consuming or repetitive. For example, using an enterprise browser, IT teams can build smart clipboards that pre-populate fields with commonly used data, speeding up many workflows. And enterprise browsers impose no special training requirements on users. The way they interact with the browser is exactly the same as the experience to which they are accustomed.
Easier Administration and Deployment
Enterprise browsers also offer the opportunity to remove complexity, cost and friction from the task of ensuring enterprise data security. To start, implementation is not an all-or-nothing decision. Organizations can deploy against a single application to pilot and test the technology. Onboarding contractors or others working on their own devices also becomes much simpler. In place of agents, VPNs, virtual desktop infrastructure, or custom-configured laptops, contractors and BYOD workers simply download the browser, log in with their existing credentials, and are immediately presented with the applications needed to do their work. This means that an organization could easily and quickly deploy a strong, modern cybersecurity solution to hundreds or even thousands of geographically dispersed users who will need to do nothing more than download a browser already configured with the apps to which they need access.
IT teams also benefit from powerful new capabilities that enhance the security, utility, and value of legacy or third-party applications. Using enterprise browsers, IT teams can apply robotic process automation to put new business logic over a legacy or third-party application – for example, adding multifactor authentication to any web app or to any in-app actions outside prescribed thresholds– without touching the underlying code. Importantly, the adoption of enterprise browsers also presents opportunities to displace much of yesterday’s security infrastructure, reducing both licensing costs and the IT staff time required to maintain these legacy systems. By dramatically simplifying the security stack, enterprise browsers can help IT better utilize staff and capital resources.
This new category of enterprise browsers empowers CISOs and CIOs to evolve cybersecurity for the way their colleagues now work– on cloud-based apps, often off-premises and increasingly on their own devices. Now, security teams can achieve a topflight cybersecurity posture without the typical tradeoffs in user experience, system performance, and costs– relegating blunt instruments and blanket prohibitions to things of the past.
Bradon Rogers
Bradon Rogers leads Island’s customer relationships as Head of Presales, Customer Success, and Product Marketing. With over 20 years of experience in the cybersecurity industry, Bradon previously served as head of global sales engineering at Mimecast, senior vice president of sales engineering and product marketing ad D2IQ, and senior vice president at Symantec, where he led worldwide sales engineering and product marketing following its acquisition of Blue Coat where he held a similar role. Bradon has also held similar executive and technical leadership roles at leading global cybersecurity companies like McAfee, Secure Computing, and CipherTrust.
