Site Search

Island

island

エンタープライズブラウザによる管理 - ラストマイルへの挑戦

- Reconstructing the role of browsers in enterprise security architecture -

~エンタープライズセキュリティアーキテクチャにおけるブラウザの役割を再構築する~

Making your employees more productive has never been easier. With cloud computing and modern collaboration tools enabling us to work anywhere, anytime, hybrid workers are now the norm, not the exception.

While the shift to BYOD, cloud, virtual desktops, and remote work has accelerated dramatically during the pandemic, companies face unique challenges with this flexibility, and are facing unprecedented challenges when it comes to protecting critical resources. There is a need to take different cybersecurity measures.

Security concepts like Zero Trust, as well as regular data loss prevention, identity management, and cloud access security tools provide a framework for managing risk. On top of that, we're starting to pay attention to factors that weren't considered before, like web browsers.

Limitations of consumer web browsers

Many of the productivity tools we use are not intended for enterprise security. Web browsers fall right into this category. Consumer browsers are particularly vulnerable to attacks from insiders (such as insider threats). This is because companies have little control over the behavior of users using applications and services within their browsers. Compounding this problem is often the lack of visibility and the ability to see user behavior in the last mile.

In a typical enterprise, users require different levels of privileges depending on their job title and organization, and administrators are accustomed to building policies at the network, OS, and application layers to support this, ensuring that users, By assigning permissions based on either manager or admin, organizations can have a little more control over user roles to determine what they can and cannot do for each application.

However, today's standard consumer web browsers are designed to provide a seamless user experience that helps consumers monetize through advertising, tracking and search optimization, and for enterprise-level security. It was not designed to provide the access control required for business-to-business interactions as described above.

Business applications and SaaS platforms used by many businesses rely heavily on the browser, so businesses can be at enormous risk with consumer web browsers such as those listed above.

That's why it's important to rethink the role of browsers in the enterprise and implement a new approach to browser security: managing the "last mile."

Enterprise browsers can control how users handle information, especially cutting, copying, pasting, downloading, uploading, printing, and screenshots based on corporate policy.

Why Manage the “Last Mile” to Minimize Browser Risk

The last mile, so to speak, is a security concept that defines where employees, applications, and the data flowing through those applications meet within the critical last mile of the browser. This critical intersection occurs in the browser, but is often overlooked as security measures focus primarily on network and operating system controls.

So if the last mile really matters, why has it gone unaddressed for so long? The answer is simple. Major browsers like Chrome and Edge weren't built for the enterprise, so you can't control the last mile. In other words, companies have failed to adequately prevent application misuse and malicious activity occurring within the browser.

Currently, I had to take extreme measures to manage this situation, such as prohibiting the use of all personal Gmail accounts through proxy rules. However, this method limits the number of productive employees and creates inefficiencies. If you can control the last mile, for example, you can allow Gmail, but prohibit operations such as uploading files to personal Gmail and pasting data.

Learn more about how last mile control works

Consumer web browsers weren't built with a focus on enterprise security, including last-mile controls. As a result, data can be exfiltrated through the endpoint. In addition, screen captures, prints, downloads, copy and paste into personal applications, photos taken by users with their smartphones, and other data should not be considered, as the data on the screen is unencrypted and easily misused. part of the risk.

Enterprise browsers can manage these risks by incorporating centralized management consoles to enforce policies. This allows you to set policies governing actions such as downloading, saving, copying and pasting, and screenshots within critical applications and to undesirable destinations.

Context is one of the key aspects of last-mile control. For example, an organization's approach to prohibiting copy and paste is often quickly derailed. However, browsers designed to control such behavior can force copy-and-paste behaviors in major SaaS and internal web applications without the risk of data leaving the work environment. This is just one feature of the last mile control opened up by enterprise browsers. An enterprise browser with last-mile control provides an environment that allows employees to work in this natural way.

Can the Last Mile Browser be Efficiently Operated?

I hope you understand the concept of last mile control. On the other hand, will this last mile control be able to withstand actual operation? How do you manage assigning many different controls depending on the environment, situation and users involved?

Role-based access is already well established in today's organizations. An enterprise or last-mile focused browser just adds governance capabilities to previously out-of-reach areas. Since today's browsers are often a cybersecurity blind spot, the ROI can be very high.

A true enterprise browser also helps reduce resource usage. Consider one common scenario. A company has several in-house applications that are critical to its business, but they are outdated and insecure. Implementing new security controls and governance to solve this problem can often be cumbersome, costly and confusing. Implementing new security measures and governance to solve this problem can often be cumbersome, costly and confusing.

Rather, by addressing the last mile with browsers that offer effective controls, businesses can improve security more efficiently. A browser that offers the same UX as Chrome (or any other browser based on Chromium), but that allows you to manage and control user behavior and access through the creation of simple policies and rules is a long-awaited innovation.

Other functions

Browsers are in a unique position with respect to information flow. This privileged position makes them a powerful collaborative resource in the enterprise security architecture. Enterprise browsers can take advantage of this advantage in a number of ways.

First, enterprise browsers can coexist peacefully with existing browsers. You don't have to use an enterprise browser as your only browser. However, by enforcing usage whenever a user uses a critical application, usage can be migrated to enterprise browsers when needed.

Enterprise Browser Enforcement manages the use of all critical applications while giving users the flexibility to allow consumer browsers for personal or non-critical browsing. Another important aspect of an enterprise browser is connecting it to the existing infrastructure of the organizations that use it. Enterprise browsers can send data to third-party security solutions for inspection before downloading, uploading, or viewing data. This is simpler and more efficient than relying on expensive network-layer traffic redirection that requires complex decryption, such as web proxies.

Users feel comfortable because it looks and feels like a familiar browser, and organizations feel the same because they can work with familiar objects such as users and groups in the directory to build policies. This means you can manage the last mile while providing the same user experience as a consumer browser.

In addition, enterprise browsers can also audit user behavior in ways never before possible. If someone maliciously attempts to take your screen or copy data from critical application areas, your browser will monitor it. In the process, we create a complete audit trail of these actions, available with admin privileges, or ingested into an external SIEM security tool such as Splunk. Because these activities typically exist outside cybersecurity tools and protocols, they can offer unprecedented value and visibility.

Users can rest assured that it will look and feel like a familiar browser, and organizations will feel the same because it works with what they are familiar with.

Now is the time for a browser that is both productive and secure in the enterprise security ecosystem.

Less effort, more security

Especially now that flexibility and collaboration are paramount, you might wonder if adding more control in the browser realm is always a good thing. But in reality, adding a new level of control to the browser can reduce corporate constraints. New guardrails have been put in place to enable once-restricted consumer applications. It suddenly becomes possible to use new applications. You can limit yourself to what you really need.

Last-mile controls are not about shutting down activities or mitigating threats, but about allowing organizations and users to exercise maximum flexibility and collaboration while improving security. Organizations can improve security with less effort and boost morale by saying “yes” to things that were once forbidden.

Summary

Hybrid work, BYOD, increased use of virtual desktops, the need for contractors to access internal systems, increased adoption of SaaS platforms, and reliance on vendor security are compounding challenges facing most enterprises.

Such complex problems can be solved at the same time by dealing with them in the browser. By being able to manage the last mile, businesses can streamline security efforts, spend fewer resources, and significantly reduce cybersecurity risks at the intersection of people and data.

Now is the time to realize the balance between productivity and security. You need Island as a browser that can truly manage the last mile, acting as a collaborative resource in your enterprise security ecosystem.

Author: Brian Kenyon / Chief Strategy Officer, Island Technology

Brian Kenyon is one of Island's founding members and serves as Chief Strategy Officer, driving corporate strategy. He has also served as CSO at Symantec and Bluecoat Systems. He spent over 10 years in his technical career at McAfee, where he served as CTO and Chief Technical Strategist, and as Chief Architect at Foundstone.

Quote source

"Enterprise Browser Management – The Last Mile Challenge"

https://www.island.io/resource/enterprise-browser-management-the-last-mile-challenge

Inquiry/Document request

Macnica Island, Inc.

Weekdays: 9:00-17:00