Turning the browser into a security endpoint

As a consumer application, the web browser has long created security challenges for enterprises. The Enterprise Browser is set to change that, says Patrick Evans, CEO of SLVA Cybersecurity.

It is ironic to note that the browser has become the most commonly used application in the enterprise, considering that the consumer browser was never designed as an enterprise application. After all, it lacks the core elements any enterprise needs to work safely and productively, forcing enterprises to surround it with layers of additional security and management tools.

With basic governance, visibility and security all lacking, it turns out that the browser itself is perhaps the single biggest security challenge for businesses. The answer to this problem lies in turning the browser into the solution – and is what has led to the creation of the enterprise browser.

Having been in the industry since 1992, back at the advent of client server computing, and with experience at companies like Foster-Melliar and Symantec, I thought I was beyond being surprised in the ICT space. However, that is exactly what happened when I attended a recent conference that described the benefits of the enterprise browser, and the impact it is expected to have in the next decade. I believe this is one of the most exciting ICT developments in a number of years.

According to Gartner, an enterprise browser is defined as a stand-alone web access application with integrated security, centralised policy management, visibility, reporting, productivity and collaboration tools. Essentially, the enterprise browser ensures that security extends everywhere it’s needed, without getting in the way of work.

This is vital, as the consumer browser is the most commonly deployed application on the planet, with around five billion consumers using it today. Therefore, companies have been forced to protect everything around it, surrounding it with an endless security stack, DNS filtering, endpoint security, proxies, sandboxes, secure web gateways and more. This creates an additional issue, in that many of these tools come with agents, meaning you now need countless agents on your endpoint. And all of them require careful configuration and administration, adding to the burden of enterprise ICT teams.

On the other hand, with the enterprise browser, you have access not only to all the typical consumer browser features, but also the additional enterprise requirements that gives you the control you need to work securely.

Massive uptake anticipated

It’s worth noting that Gartner further suggests that by 2025, enterprise browsers or extensions will be featured in 25% of web security competitive situations, up from less than 5% today. By 2026, 25% of enterprises will be using managed browsers or extensions, up from less than 10% today.

By 2027, the enterprise browser will be a central component of most enterprise super-app strategies as productivity capabilities drive adoption. And by 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices, for a seamless hybrid work experience.

It is important to recognise that today, so much is being done through the browser that it could be considered the new endpoint. If you think about it, everything from Gmail to Salesforce, and from SAP to Workforce, is a browser-based tool, as are all the new financial apps.

In addition, employees who use standard consumer browsers also all use consumer products – whether it be their phones, laptops or desktop devices – add to the overall challenge of maintaining a strong security posture. In fact, something like 75% of attacks today occur via the browser.

The result of this is that organisations have had to deploy a myriad of controls to secure the environment, because the browser is the single most common point of entry into the business environment today.

Solving the security challenge

So how does the enterprise browser solve such challenges? To begin with, users need to authenticate themselves to the organisation’s identity platform (IDP). Through the IDP, the company is able to establish not only that you are who you say you are, but also what your specific role is. In understanding the individual’s role, the system is then able to determine which applications the user has access to, and which policies to apply.

It is a system that is just as effective for non-employees, such as contractors who enter the environment, but adopt the bring-your-own-device (BYOD) principle. In such instances, you have no control over that device. However, by controlling access to applications and resources through an enterprise browser, the business can ensure that their data is protected and contractors have only the access required for their job.

Of course, the one essential requirement for success is that the user experience must be good, and by my understanding, there are enterprise browsers that can be deployed in as little as 18 seconds.

It’s also worth noting that – while the enterprise browser appears to be ‘the next big thing’ – the next three years are likely to be critical for adoption. And that adoption is going to come down to key use cases.

For example, the enterprise browser should eliminate the unnecessary complexity and expense of VPN and VDI solutions and allows for the fastest deployment possible. This not only ensures that contractors can begin work in minutes, rather than days or weeks, but also solves the challenges associated with traditional BYOD solutions, by providing additional value in terms of security and privacy.

Another key use case will be configuring the enterprise browser as the only access point for software as a service (SaaS) and in-house web apps, also without any of the costs or complexity of a virtualised desktop.

The future

Looking ahead, I believe it will be beneficial in a number of other ways too, such as in a scenario where there is a lot of sensitive data flying around, such as in the case of a merger or acquisition. It will also assist in instances where a business utilises robotic process automation, or any kind of generative AI workflows.

With multiple capabilities that can be switched on and off according to your needs, the enterprise browser has been created to provide full last-mile control to businesses, allowing you to easily adopt a zero-trust approach to security.

I like to talk about the art of the possible, and the enterprise browser has opened a whole new range of possibilities for organisations to deliver high-quality, end-to-end security. In my mind, there is no doubt this should be on the radar of every forward-thinking enterprise, because the enterprise browser is the future of IT.