Identity, Endpoint, and Network Security Walk into a Bar

With a macrotrend/backdrop of platformization and convergence, the industry is exploring places where identity security, endpoint security, and network security naturally meet. This intersection is the browser.

The Browser: The Intersection of Identity, Endpoint, and Network Security

Why?

  • If we expect identity security, it must be tied to users, their permissions, authorization, and authentication.
  • If we expect endpoint security, it must be running on the endpoint or able to secure the endpoint itself.
  • If we expect network security, it must manage most (if not all) ingress and egress traffic.

The browser meets all of these requirements. It runs on the user’s endpoint, its whole purpose is to make and receive web requests, and as it’s only used by human agents, it intrinsically uses identity elements.

Secure enterprise browsing solutions can considerably improve security posture while also simplifying the technology stack. Injecting security functions in the most used application means that end users do not experience additional friction introduced by other security products. This is an appealing proposition, so we expect that the adoption of enterprise browsers will very likely increase considerably over the next few years.

So, what does it mean? As they can enforce security policies for users accessing web resources, secure enterprise browsing solutions can replace clunkier secure access solutions (those that require routing traffic through proxies or inserting more appliances) such as virtual private networks, secure web gateways, virtual desktop infrastructure, remote browser isolation, and cloud access security brokers.

What it doesn’t mean is that you can replace your EDR, your firewalls, or identity security solutions. On the contrary, secure enterprise browsing solutions work best in conjunction with these. For example, the solutions can inherit identity and access management user attributes and security policies, while integrations with EDR solutions can help for OS-level controls.

The Browser’s Bidirectional Magic

Users are both something to protect and to be protected from. With the browser controlling both ingress and egress traffic, it can secure multiple types of interactions, namely:

  • Protecting end users from malicious web resources and phishing attacks.
  • Protecting enterprises from negligent users.
  • Protecting enterprises from malicious insiders.
  • Protecting enterprises from compromised accounts.

I am not aware of any other type of solution on the market that can deliver all of the above with a single product. A secure browsing solution can fill many gaps in an organization’s security architecture, for both small and large organizations.

The market is still in the early stages, so the most responsible way of deploying these solutions is as an add-on to your current security stack. As these solutions mature and prove their efficacy in the real world, they can support a mandate to replace other security solutions that are either inadequate or obsolete.

Next Steps

To learn more, take a look at GigaOm’s secure enterprise browsing solutions Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, sign up here.