a start-up company named Island<\/a>.\u00a0<\/p>\nThe Chromium-based browser offers a variety of\u00a0granular security capabilities for controlling what users can access online. Admins can fully control last-mile actions, from advanced security demands to more basic data exfiltration protections such as copy, paste, download, upload, screenshots, and other activities that might expose critical data.<\/p>\n
Bob Schuetter, CISO at Delaware-based Ashland, purchased 4,000 seats for the Island browser, though he has only been piloting it over the last six months with about 100 employees who downloaded it to their PCs. For Schuetter, the biggest benefits of browser-based security include controlling the data entry point and ease of use. His hope is to eventually consolidate security around the browser if it pans out.<\/p>\n
Bob Schuetter, CISO of Ashland Specialty Chemicals<\/p>\n
The following\u00a0are excerpts from an interview with Schuetter:\u00a0<\/p>\n
What prompted you to pilot the Island browser? <\/strong>“We\u00a0got out of having a datacenter about five years ago. All of a sudden, your strategy as a much smaller company is lots of SaaS…, where you\u2019re no longer doing a lot of internal development; you\u2019re buying stuff as fast as the company can consume it. I think that\u2019s the biggest piece. So, everything we used to do as security was kind of force the applications to work the way we wanted them to. We changed networking, we changed how the network flows, we tried to get everything coming into us so we can get visibility \u2014 break encryption.<\/p>\n“So…SaaS providers, they get point to point encryption, which is great for them, but terrible for us. They get security, but we can\u2019t see anything.<\/p>\n
“And, this was finally the opportunity to get security at the front. We\u2019ve always tried to connect people to applications. We\u2019ve changed how we\u2019ve done it and kept on changing it. But this is the first opportunity we have to allow that true anytime-to-anywhere, any device, any platform. I don\u2019t have to have an agent on that desktop.
“You\u2019re on my network. I can control the browser.”<\/p>\n
Are there tools you\u2019d like to see added to the Island browser? <\/strong>“There is still a lot of opportunity. It has started out as a good governance, a good data-privacy tool \u2014 so, kind of all those core base pieces. What we\u2019re pushing for is how can I really fully integrate this. We\u2019re a big detection group. We\u2019d like to see advanced threat [detection]. We\u2019d like to see how these things are happening. We\u2019d like to get to the point within our detection platform where we get the little movie of exactly what the user did; so, no guessing what the user did.<\/p>\n“And that\u2019s exciting. I think [Island] has everywhere to go with it.”<\/p>\n
What other network edge security technologies did you have before Island? <\/strong>“We have one of everything, like most people. So we\u2019ve got a good CASB, we\u2019ve got a good secure edge, we\u2019ve got SASE and all that fun stuff and big things. But that whole process works by traffic shaping \u2014 by changing the flow of the natural application and forcing it into one place we want it, unencrypted and uninspected, and then do DLP [data loss prevention] and whatever else, and then let it go its own way.<\/p>\n“I like this one because it\u2019s not intrusive; it\u2019s built in. I don\u2019t have to keep changing how the application works in order to get visibility.<\/p>\n
“So, because you\u2019re embedding security into the entry point \u2014 into how the user interacts with the application \u2014 I don\u2019t have to worry about trying to grab it as it\u2019s already going out. That\u2019s kind of what a CASB is; it\u2019s a network-based solution. Someone already did something, and now you\u2019re trying to catch it through the network to stop it from happening. This way I can see it up front.”<\/p>\n
What have been some of the other key advantages of an enterprise-specific browser?<\/strong>\u00a0“As you look at SaaS applications, like Salesforce or Workday, it was really hard to stop people from logging in from the outside with their own PCs. That\u2019s part of the benefit of SaaS. As we\u2019re getting what we\u2019re calling sanctioned apps or approved apps, we\u2019ll start to say, ‘You know what? Salesforce, Workday, Office \u2014 you can only get to those through this browser now.’ So, we\u2019ll enforce people who are interacting with your SaaS through this browser.<\/p>\n“That\u2019s the idea of the rollout \u2014 just put it out there. You can start by using it as just a regular browser, and then we start to enforce individual SaaS applications that are more sensitive and keep on growing that. Eventually, we\u2019ll get to the point where there\u2019s no need to have any other browsers.<\/p>\n
Is it relatively easy to roll out and administer? <\/strong>“So far, it is. That\u2019s why I laughed when they first pitched it to me: You\u2019re going to try to sell me a browser? Browsers are ubiquitous now. Because it\u2019s Chromium and based on the same experience you\u2019re used to, users aren\u2019t pushing back on it at all. It\u2019s been an easy transition for the user base. We had it rolled out within a week or two.<\/p>\n“I think the only questions everyone in the company is dealing with right now is who owns this stuff because we\u2019re converging so much of the network and firewalls. We\u2019re converging now a browser and security \u2014 a browser and data loss prevention. I think the bigger question that will be in people\u2019s minds is, who owns this now? Is it a security tool? Is it a productivity tool? Otherwise, there’s no push back on it. It looks and feels just like Edge or Chrome.”<\/p>\n
What features would you consider the most advantageous for your organization?\u00a0<\/strong>“I think the big use case right now is the ability to go further down in my third-party risk side. We had a number of new SaaS providers pop up. They don\u2019t do logging; they don\u2019t show you the logs or give you the logs \u2014 all these other things. So, getting all that information up front, right from the source, really evens things out. I can say \u2018Yes\u2019 [to new business projects] a lot faster than I could before. So, [it’s] allowing the business to go fast and not having to wait on security to architect things, and put governance in place, and put DLP in place, and get the data flows right. If you guys are OK using the browser, I\u2019ll turn on those features. Let\u2019s go.<\/p>\n“So, speed is one of the selling points for us.”<\/p>\n
How did you roll it out?\u00a0<\/strong>“We\u2019re still rolling out the step-by-step enforcement piece.\u00a0That\u2019s the good news about it. You don\u2019t need to go all in all at once. You can choose pockets and groups and roll it out as you get more comfortable.”<\/p>\nWhat do you mean by “step-by-step” enforcement? <\/strong>“Think about a traditional CASB, or a traditional proxy, or a traditional firewall; you\u2019re having to bring your entire environment over all at once. So, it\u2019s a big cutover day. We have these big cutover events: ‘OK, we\u2019re about to turn it on, and we\u2019re about to start shaping all your network traffic through this thing\u2026 we hope it works.’<\/p>\n“[Now], we can just put this browser on your desktop and you\u2019re kind of there. ‘Try it out. Use it. Get used to it and let us know if there\u2019s anything blatantly missing.\u00a0Now try Salesforce though this. Can you use Salesforce or Workday through it? You good? Awesome. Now, I\u2019m going to enforce it so you can only use this.’<\/p>\n
“So, it\u2019s not that big, ‘OK, guys. This weekend is the big cutover event.’ You get to try this browser out and ease your company and the users into it.”<\/p>\n
What\u2019s the next step, rolling it out to more users? <\/strong>“That\u2019s the immediate component \u2014 bringing on more and more sanctioned or approved applications. So, the good news is you get good visibility into the types of cloud services you have, which ones you want to control, which ones you don\u2019t want to. Which ones have sensitive information, and which ones don\u2019t.<\/p>\n“I think the larger step is the use-case scenarios. So, can you start thinking about bring your own devices [BYOD]? You can start thinking about other scenarios about how to give contractors access. Here\u2019s a browser, download it, you can use your web authentication to get access into it almost like a guest VPN. Those use cases are the next bigger swings.”<\/p>\n
Are you keeping in place your other network security measures for now? <\/strong>“For now, yeah. That\u2019s the benefit of this. It doesn\u2019t step on anything. So, I don\u2019t have to pull anything out if I don\u2019t want to. But certainly, we have a number of redundant controls now. We\u2019re going to have to take a look at them and see what other value there are in those existing tools as opposed to what value Island can bring natively. The opportunity is there, it seems like a natural progression.”<\/p>\nhttp:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"![](\"https:\/\/images.idgesg.net\/images\/article\/2019\/11\/cso_browser_security_by_thinkstock_497418668_1200x800-100817200-large.3x2.jpg?auto=webp&quality=85,70\"\/)
<\/p>\n
Credit to Author: Lucas Mearian| Date: Fri, 04 Feb 2022 03:00:00 -0800<\/strong><\/p>\n\n