A start-up has emerged from stealth mode to announce what it describes as one of the world’s first enterprise-specific browsers, capable of governing how users interact with all SaaS and web applications.
The new Island web browser is based on the widely used Chromium open-source platform. Launched by a company with the same name, Island offers users a familiar online experience while governing what sites they can visit, the data they can view, and what files they can download or upload. Restrictions can be dialed up or down and can be specific to a user’s role in an organization.
For example, a user could be surfing the web with the standard Chrome, Edge, or Safari browsers, but if they try to access a site that’s off-limits based on the Island settings, they’d be blocked and told to use their secure browser. The Island browser can even stop an employee from taking screenshots of sensitive data, depending on the settings IT admins choose to implement.
“We’ve given infinite last-mile control to the enterprise,” said Mike Fey, co-founder of Island and the former president and COO at Symantec and general manager and CTO of McAfee. “As we’ve seen our critical data and applications move to SaaS-based apps and web apps, the role the browser can play could become critical. Right now, the browser plays no role. It just displays.”
The Island browser has a number of granular capabilities for controlling what users can access online. Admins can fully control last-mile actions, from advanced security demands to more basic data exfiltration protections such as copy, paste, download, upload, screenshots, and other activities that might expose critical data.
The browser works with both Windows and macOS; mobile versions (for iOS and Android) as well as for Linux are forthcoming, the company said.
Bob Schuetter, CISO at Ashland Specialty Chemicals, a global specialty materials and chemical supply company with about 4,200 employees, said Ashland began piloting Island’s browser about six months ago. The Delaware-based firm purchased 4,000 seats, though just 100 employees have so far downloaded Island.
Like most large organizations, Ashland has a variety of security tools in place. The company uses Cloud Access Security Brokers (CASB) and Secure Access Service Edge (SASE) technology to secure web gateways; in other words, it can monitor and restrict how users access the web and cloud services like an Internet firewall.
Over the past few years, however, Ashland downsized operations, eliminated its data center, and turned to SaaS applications such as Salesforce and Workday. For Schuetter, the biggest benefit of browser-based security is controlling the data entry point.
“We changed networking,” he said. “We changed how the network flows. We tried to get everything coming into us so we can get visibility [by] breaking encryption. SaaS providers get point-to-point encryption, which is great for them, but it’s terrible for us. They get security, but we can’t see anything.
“…We were constantly having to break things or constantly having to bolt things on to get security around it,” Schuetter continued. “And, this [browser] was finally the opportunity to get security at the front. So, instead of having to keep on adding things on, I can just select what I want.”
Another benefit to using a secure enterprise browser, Scheuetter said, is it’s relatively simple to roll out — and pushback from users has been virtually nonexistent.
“We can just put this browser on your desktop and you’re kind of there. Try it out. Use it. Get used to it and let us know if there’s anything blatantly missing,” he said. “Now, try Salesforce though this. Can you use Salesforce or Workday through it? You good? Awesome! Now, I’m going to enforce it, so you can only use this browser.”
Fey founded Island in August 2020 with Dan Amiga, an Israel-based inventor of web isolation technology; since that time, the two entrepreneurs have put together a team of about 100 employees. The company has so far garnered nearly $100 million in early-stage funding from some of the industry’s biggest investment firms, including Insight Partners, Sequoia Capital, Cyberstarts, and Stripes.
Headquartered in Dallas with a 75-person engineering team in Israel, Island’s software is one of only two enterprise-specific browsers — the other being TalonWork’s Talon browser, according to Peter Firstbrook, a research vice president for Gartner Research.
Talon also touts its granularity of security controls, including being able to work across “all SaaS services, protecting corporate data across all services, devices, locations and workers (i.e., external employees accessing corporate assets).”
Israel-based Talon Cyber Security announced what it called the market’s first-of-its-kind enterprise browser last October. The Israeli company claims its TalonWork corporate browser can be deployed across an organization in less than an hour with minimum complexity, cost, and no additional hardware. As with the Island browser, the TalonWork browser is also based on Chromium.
Clearly, though, the market for enterprise specific browsers is nascent and it remains to be seen if it will gain significant traction.
“Island’s pretty unique,” Firstbrook said. “Obviously, the Chrome browser has enterprise management capabilities, but it doesn’t have it to the same degree these guys do, where you can stop people from cutting and pasting from certain web pages, or prevent them from entering certain types of information, or downloading information.”
Fey said development of his company’s browser technology began three years ago — before Talon’s — but that he and Amiga chose to stay in stealth mode longer. Island’s software was released and became generally available in September; it has since been deployed in several Fortune 500 organizations, according to the company. Island, however, has mainly focused on midsized customers with about 2,000 employees or smaller, Fey said. As is the case with many start-ups, Island is still developing its pricing model, so it’s not yet prepared to unveil the cost of its software.
“We’ve been at this a while now. We’ve had so many customer engagements at this point, we’re very blessed. Now we have a body of work to look at,” Fey said. “We’ve been told by some friends and advisors we might not be charging enough, but I’m less concerned about first-deal sizes as I am about making sure we have impact.”
Enterprise uses for the browser include securing critical SaaS and internal web apps from data leakage, safe access for contractors and BYOD workers, and full governance over privileged user accounts. It can also reduce VDI dependency while also supporting built-in safe browsing, web filtering, web isolation, exploit prevention, smart network routing, and Zero Trust access.
Malware scanning is integrated to help protect against ransomware or zero-day exploits at the point of entry.
“Firewalls identify and block security risks inside the browser itself, so they know exactly what threats to keep away from your network or endpoint,” Island wrote in a white paper about the browser. “And analytics platforms finally have a comprehensive view of everything happening inside the organization, enabling you to gain more accurate insight and make more sound decisions.”
With hybrid workplaces now allowing a majority of employees to work remotely, other technologies for securing web access have been on the rise, such as secure edge gateways that focus on protecting corporate network and traffic in and out of them.
For example, CASB and SASE technology use secure web gateways; in other words, they monitor and restrict how users access the web and cloud services like an internet firewall.
However, CASB products, such as McAfee’s Mvision Cloud and Microsoft’s Zscaler, are more heavy-handed in their oversight of user activity, browsing, and cloud access. Similar to a secure LAN, CASB technology can safeguard cloud data by deploying software on a network device in a data center or as part of a software-as-a-service product. CASB enables network visibility and threat detection for an organization’s cloud applications. SASE combines SD-WAN with a complete network security stack that’s typically deployed through a cloud-native virtual appliance.
CASB solutions are also expensive.
“Zscaler has some pretty big inherent cost components,” Firstbrook said. “You have to pay for bandwidth in and bandwidth out. And, they’re proxying all the traffic, so then you pay for the bandwidth back to the proxy and bandwidth back out to the customer. So, Zscaler is one of biggest bandwidth consumers in the world.”
CASB products depend on hundreds of geographical enforcement around the globe, so vendors have to charge for their datacenter footprint.
By contrast, Island’s browser is downloaded much like Zoom, which takes seconds or minutes depending on the system, Fey said. “So, from a cost perspective, it’s inherently less expensive. All I have to do is distribute the browser, and I’m using cycles from the PCs,” he said.
Another problem with CASBs is they literally act as a filter for all web traffic and out of a organization. But if an employee, contractor, or consultant is using their personal PC, they’re not likely to want the company to place an agent on their system.
“If I’m a contractor, I don’t want the company to see everywhere I’m going on the internet and everything I’m doing,” Firstbrook said. “So, it’s a little more intrusive, whereas this browser will only kick in when you’re going to a specific website your company is concerned about.
“…It’s a lot less intrusive for a consultant or a contractor or even an employee who’s using their own home PC to get access to corporate resources than a CASB or secure service edge,” Firstbrook added.
For example, Fey said his company’s browser is currently being used by physician practices, allowing a doctor to work at five different hospitals but have seperate profiles enabling discrete access and control privileges for each facility’s systems.
“Our web browser allows you to move in and out of separate profiles,” Fey said. “So, you can have important information across all five hospitals, but you’re able to keep those profiles separate and ensure you never take ownership of any sensitive patient data.”
The only question now, Firstbrook said, is whether Google or Microsoft could simply implement the same functionality on their own web browsers. That’s a distinct possibility, especially if uptake is brisk.
“Microsoft has no network security technology at all,” Firstbrook said. “They have no firewalls, no network detection response, no proxies. They really have a very limited set of technologies. This would be a way for them to deliver the things you’re looking for from a network technology without actually getting into the network side of things.”
So competition for Island (and Talon) could come from the big browser developers themselves. The only thing stopping them would be the time and effort they’d need to put into developing the same tools the start-ups already have. That means acquisitions could also be on the horizon.
“I definitely think both Microsoft and Google would be interested in this technology if customers think it’s relevant to them,” Firstbrook said.
Copyright © 2022 IDG Communications, Inc.