The Rise of the Enterprise Browser and the Future of Secure Browsing
Register now for your free virtual pass to the November 9 Low-Code/No-Code Summit. Hear from the leaders of Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.
If you haven’t heard of the enterprise browser category yet, you might want to check your pulse. These newcomers to the cyber security space have recently caught fire in the media and with investors, cementing their notion of the “secure enterprise browser” (SEB) on the radars of CISOs eager to strengthen what little remains of their organizations’ security perimeters.
Earlier this year, Island, creator of the Enterprise Browserbecame one of the fastest companies to achieve unicorn status after achieving $115 million in venture capital just weeks after emerging from stealth (at a $1.3 billion valuation). Meanwhile, Talon Cyber Securitycreators of the TalonWork browser, announced the closure of a $100 million Series A earlier last month (they did not disclose their valuation). Both are considerable sums, especially for two young startups operating in an entirely new category. At the same time, these headline-grabbing investments aren’t entirely surprising, given the scale and severity of the challenges facing CISOs in the new world of hybrid work.
Hybrid work, navigability provide fertile ground for SEBs
The rise of hybrid workcombined with the proliferation of enterprise SaaS applications, has fundamentally reshaped both the way we work and the computing architectures that enable that work. In this new paradigm, web browsing has become the fundamental access point through which the average employee carries out almost all of their day-to-day responsibilities, from checking email and creating spreadsheets to sharing files and development process management.
While this growing “browsing” trend has certainly been a boon to workplace productivity, it has also left enterprise security teams scrambling to bolster their defenses amid a flood of web logins. unreliable and unmanageable. According to a recent report from Menlo Security, nearly two-thirds of organizations had a device compromised by a browser-based attack in the past 12 months alone. And there is no indication that this trend will slow down anytime soon.
In March of this year, Google released a blog post confirming a dramatic increase in high-severity threats affecting Chrome and other Chromium-based browsers (i.e. Microsoft Edge, Brave), and warning that this trend is likely to continue for the foreseeable future. While they point to a number of contributing factors to explain the recent increase in Chromium-based exploits – including increased vendor transparency – they also rightly point to the fact that browsers (and Chromium-based browsers in particular ) are becoming increasingly attractive targets for malware. actors, thanks to both their growing ubiquity and their complexity.
“Browsers increasingly reflect the complexity of operating systems – providing access to your peripherals, file system, 3D rendering, GPU – and more complexity means more bugs,” writes the author.
As web browsers increasingly resemble operating systems in both form and function, malicious actors are stepping up their efforts to undermine them in increasingly sophisticated ways. Unsurprisingly, these conditions have been fertile ground for cybersecurity start-ups of all stripes. Venture capital funding for cybersec startups has jumped to nearly $30 billion in 2021 – more than double the amount invested a year earlier, which gives important context to the sensational sums obtained by this new cohort of SEBs.
Minimizing friction and maximizing flexibility become essential missions in a secure navigation space
Given the recent emergence of web browsing as the modern employee’s primary gateway to work, it has become essential for space-targeted security solutions to minimize user friction as much as possible. final.
For players in the secure enterprise browser space, this has meant near-universal adoption of Google’s open source Chromium project – the codebase on which the Google Chrome and Microsoft Edge browsers are built. With a combined market share of over 67%Chrome and Edge represent the closest thing to market dominance one can reasonably expect for the split-browser space, which makes SEBs’ decision to build their solutions on Chromium a sensible one.
Using Chromium allows SEBs to minimize friction as much as possible for as many end users as possible, allowing Chrome and Edge users to import preferences, plugins and other customization elements to minimize friction at the time of adoption. Given how fiercely most company employees defend their favorite work tools, this will be an important distinction for ESPs in the future.
However, while SEB category makers have certainly improved their chances of being accepted by basic users by relying on Chromium, they will still need employees to adopt a new browser; and administrators to accept the installation and management of another Endpoint Agent.
And after? Beyond the browser…
While SEB is a welcome improvement over the current status quo of secure web gateways and remote browser isolation, one cannot help but note some inherent limitations in the underlying principles. And as web browsing continues to play an increasingly central role in the workplace, you can be sure that the wave of safe browsing won’t stop at SEBs.
The first and most important thing that next-gen solutions must address is the growing gap between web browsers and the act of browsing the web. The English language hasn’t helped anyone on this front, but the bottom line is this: Web browsing isn’t always actually arrived in web browsers, and by a considerable margin.
Since 2019, the average enterprise SaaS portfolio has increased by 44.2% Year after year. While many of the most widely used enterprise SaaS applications, such as Slack, Outlook, and Dropbox, box accessible via the browser, this does not necessarily mean that they are. Many users still opt for native desktop versions of these apps for reasons ranging from superior user interfaces and extensive functionality to force of habit.
Whatever the motivations, as soon as a user clicks on a link or navigates to a remote file in one of these applications, they have effectively moved the act of web browsing beyond the jurisdiction of the web browser. himself. This oft-overlooked segment of the browsing attack surface remains a concern not just for SEBs, but for virtually all secure browsing solutions today.
For the time being, policies mandating the use of web applications in the secure browser environment (as opposed to desktop versions of said applications) may serve as a useful palliative. But one can’t help but feel that there’s still a need for a more comprehensive solution to this particular problem, especially given friction’s notorious propensity to inspire non-compliance and shadow computing.
If we hope to secure the entire browsing attack surface, in the future, the next generation of secure browsing solutions must find an efficient, low-friction way to secure this growing segment of the browsing attack surface.
Reframe the Safe Browsing Experience
In a world where web browsing plays such a fundamental role in employees’ working lives, the next generation of safe browsing solutions should make frictionless user experience a top priority. In a recent survey35% of respondents said they had already need circumvent their company’s security policy just to do their job. In such a landscape, forcing the adoption of new tools or imposing barriers is a risky proposition, especially when those tools are as fundamental to employees’ day-to-day responsibilities as the web browser.
Going forward, safe browsing solutions that hope to gain widespread adoption must move toward an agent-agnostic architecture that can secure the entire web browsing vector, regardless of browser, application, or device. device ; and do so without unduly disrupting the end-user experience. And in an age of proliferating applications and overwhelmed IT services, easy deployment and management on the administration side will be a key value proposition for next-generation solutions looking to claim this nascent category.
A Critical First Step in the Battle for Safe Browsing
The dawn of the enterprise browser is a critical first step in the right direction for a field of cybersecurity disrupted by the new world of working from anywhere. While attempts have been made in the past to create a secure browser, now seems like the right place and the right time for the concept to finally take off – and not too soon.
But if history has taught us anything, it’s that by forcing the passage of any technology in the workplace is no small feat. The best security tools, those that stand the test of time, inevitably work behind the scenes, protecting users without them even being aware of their presence. While the Secure Enterprise Browser is certainly a welcome development in today’s rapidly changing threat landscape, we’re sure to see a lot more innovation in the months and years to come.
Dor Zvi is co-founder and CEO of Red access.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.
If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article your own!