What’s next for secure browsing given the rise of the corporate browser

If the enterprise browser category is still a new concept to you, you should probably check your pulse. Recently, these upstarts in the cybersecurity field have gained traction with investors and the media, solidifying their idea of the “secure enterprise browser” (SEB) on the minds of CISOs eager to fortify what little is left of their businesses’ security perimeters.

Island, the company behind the Enterprise Browser, was one of the quickest businesses ever to achieve unicorn status earlier this year after obtaining $115 million in venture funding only a few weeks after coming out of stealth (with a valuation of $1.3 billion). Talon Cyber Security, the company behind the TalonWork web browser, revealed the completion of a $100 million series A financing just last month (they did not disclose their valuation). Both amounts are considerable, particularly for two young firms working in a brand-new industry. While making headlines, these investments aren’t wholly unexpected given the breadth and depth of the difficulties CISOs face in the new world of hybrid work.

Browserization and hybrid work are rich ground for SEBs.

Both the IT architectures supporting our work and the way we operate have undergone profound change as a result of the rise of hybrid work and the spread of enterprise SaaS applications. In line with this new paradigm, online browsing has taken on the role of the primary access point for practically all daily tasks carried out by the average employee, from checking email and creating spreadsheets to sharing files and monitoring development procedures.

Although the expanding “browserization” trend has undoubtedly increased workplace productivity, it has also forced company security teams to scramble to strengthen their defences in the face of an influx of untrusted, unmanageable online connections. In only the previous 12 months, over two-thirds of enterprises had a device hacked by a browser-based assault, according to a recent analysis from Menlo Security. Furthermore, there is no sign that this trend will soon slow down.

Google announced in a blog post in March of this year that there has been a sharp increase in high-severity threats hitting Chrome and other Chromium-based browsers (such as Microsoft Edge and Brave) and that this trend is expected to continue for some time. They correctly note that browsers (and Chromium-based browsers in particular) are evolving into more and more alluring targets for malicious actors as a result of both their increasing ubiquity and complexity. They do, however, point to a number of contributing factors, including increased vendor transparency, that may explain the recent increase in Chromium-based exploits.

According to the author, “Browsers increasingly match the complexity of OS systems—providing access to your peripherals, filesystem, 3D rendering, and GPUs—and greater complexity implies more flaws.”

Malicious actors are stepping up their attempts to weaken web browsers in increasingly complex ways as they resemble operating systems in both shape and function. It should come as no surprise that these circumstances have been ideal for cybersecurity start-ups of all kinds. The amount spent in venture capital for cybersecurity firms more than doubled in 2021 to almost $30 billion, providing some crucial context for the eye-catching sums obtained by this new crop of SEBs.

In the safe browsing environment, minimising friction and increasing flexibility become crucial goals.

It has become mission-critical for security solutions targeting the space to reduce friction for the end-user as much as humanly possible given that online surfing has recently emerged as the modern employee’s principal gateway to work.

This has resulted in almost universal adoption of Google’s open-source Chromium project, the codebase for which Google’s Chrome and Microsoft’s Edge browsers are built, among companies in the secure enterprise browser market. It was a good choice for SEBs to base their solutions on Chromium because Chrome and Edge have a combined market share of more than 67%, which is the closest approach to market dominance one can realistically expect for the competitive browser market.

By using Chromium, SEBs may reduce friction for as many end users as they can by enabling Chrome and Edge users to import preferences, plug-ins, and other individualised features to reduce friction at the point of adoption. This will be a crucial differentiation for SEBs moving forward, given how fiercely most corporate employees guard their favourite office tools.

Though building on Chromium has undoubtedly increased the chances of the SEB category’s decision-makers winning over rank-and-file users, they still require staff members to accept a new browser and administrators to agree to the installation and management of yet another endpoint agent.

Next, what? Beyond the browser

While secure web gateways and remote browser isolation are the current state of the art, the core principles of the SEB do have certain inherent limitations. You can also be sure that the safe browsing wave won’t just be limited to SEBs as online surfing continues to take on a more and more important role in the workplace.

The growing disconnect between web browsers and the actual act of browsing the internet is the first and most crucial issue that next-generation solutions need to address. The truth is that, by a significant margin, not all web browsing really occurs in web browsers, and the English language hasn’t helped anyone on this front.

The typical enterprise SaaS portfolio has increased year over year by 44.2% since 2019. The majority of the most popular workplace SaaS programmes, like Slack, Outlook, and Dropbox, can be accessible through a browser, but that doesn’t imply they are. For reasons ranging from better user interfaces and more functionality to simple old habit, many users continue to choose the native desktop versions of these programmes.

Whatever the reasons, the instant a user downloads a distant file or clicks on a link in one of these applications, they have effectively taken web browsing outside the scope of the web browser. Nearly all of today’s popular safe browsing solutions, including SEBs, are concerned about this frequently disregarded area of the browser attack surface.

Policies requiring the use of web apps within the secure browser environment (instead of the desktop versions of these applications) may be a helpful stop-gap for the time being. One can’t help but feel that this issue still requires a more thorough solution, especially considering friction’s well-known propensity to encourage noncompliance and shadow IT.

Moving forward, the next generation of secure browsing solutions must discover an efficient, low-friction method of securing this expanding area of the browsing attack surface if we are to secure the complete browsing attack surface.

Reframing the experience of secure browsing

The next generation of secure browsing solutions should put a seamless user experience first in a world where web browsing is so integral to employees’ workdays. A recent poll found that 35% of participants already have to sneak beyond their company’s security policies in order to do their tasks. In such a setting, it can be harmful to impose restrictions or force the use of new tools, especially when those tools are as essential to an employee’s day-to-day duties as the web browser.

In order to secure the entire web browsing vector, regardless of browser, application, or device, safe browsing solutions must eventually move toward an agentless, agnostic architecture. This architecture must be able to achieve this without significantly interfering with the end user’s experience. Easy deployment and control on the admin side will be a major value proposition for next-generation solutions hoping to claim this emerging category in the era of app sprawl and overburdened IT departments.

One of the most important first steps in the fight for secure browsing

The emergence of enterprise browsers is a crucial first step in the right way for the cybersecurity industry, which has been rocked by the advent of work-from-anywhere policies. Although attempts to develop a secure browser have been attempted in the past, it seems that the notion is finally in the right place at the right time, and not a second too soon.

But if history has shown us anything, it’s that imposing any technology adoption in the workplace is no simple task. The absolute finest security tools, the ones that withstand the test of time, invariably operate in the background, shielding users without even being noticed. In today’s fast changing threat landscape, the secure enterprise browser is undoubtedly a welcome development, but in the months and years to come, there will undoubtedly be much more innovation.

For More IT Articles Click Here