Island announced an enterprise-grade set of Data Loss Prevention (DLP) capabilities for all popular interactive AI-type applications including ChatGPT, Bard and others, within its Enterprise Browser. These features are available in multiple deployment modes to accommodate various interaction types; integrated into the browser itself, managing AI extensions; and as a standalone desktop application, delivering the industry’s broadest set of protections for this rapidly growing category of productivity products.
“Generative AI products have taken the world by storm, but CIOs and CISOs are rightfully concerned over the inherent risks involved, including leakage of intellectual property and private customer data, copyright violations, plagiarism and a host of other concerns. But if history has taught the security industry anything, it’s that fighting the tide of wildly popular applications is like trying to hold back the ocean with a screen door,” said Dan Amiga, Island CTO and Co-founder. “The Island Enterprise Browser with the DLP capabilities we introduced today gives customers an ideal way to enable these tools, while reducing risk and empowering the business and workforce.”
“Generative AI tools have the potential to drive major productivity gains in essentially every organization and in almost any job function imaginable, but like all transformational technologies, there are potential risks to consider before diving in headfirst,” said Ed Amoroso, Founder and CEO of TAG Cyber and former Global CISO for AT&T. “The challenge facing CIOs and CISOs is balancing productivity and risk reduction. The Island Enterprise Browser is an ideal starting point, delivering visibility and controls that allow leaders to discover and strike that right balance in their organizations.”
Island, the Enterprise Browser, is an ideal platform to allow enterprises to safely use generative AI tools without compromising on data security or leakage. Island offers several key capabilities to benefit IT, Security, and end-users directly.
Application visibility provides a full accounting of all web applications and extensions used throughout the organization, giving IT and security teams the ability to audit every interaction with AI tools to analyze user-generated prompts. All analytics data collected by Island can be shared with SIEM or data aggregation platforms.
Graceful redirect gives customers the ability to redirect users to company-preferred or authorized AI tools, and prevent the use of unsafe alternatives. If a user attempts to use an unwanted AI application or install an unsanctioned AI browser extension, Island can block access and redirect to the sanctioned platform, including the native built-in Island AI Assistant.
End-user awareness and education improves AI literacy and education through dynamic in-browser messaging. If a user attempts to paste sensitive data they will see a clear explanation why the action was prevented and where they can learn more about company data policies. When a user navigates to an AI tool like ChatGPT, they will see a reminder about their organization’s privacy, security and acceptable-use policies for generative AI tools.
AI-generated code scanning can help organizations govern AI-generated code. Generative AI tools will often generate code snippets that are functional but include serious flaws that should never make their way into a production environment. Island can scan code blocks and provide immediate feedback when a user attempts to copy code. This approach balances the benefit to developers of getting code suggestions from AI, while helping monitor and limit uncritical acceptance and introduction of AI-generated code into a production codebase.
Application boundaries provide an intuitive way to keep sensitive data within certain applications, and prevent the corporate tenant of those applications from being moved or shared to untrusted destinations. As an example, customer support staff can move customer records freely between the corporate tenants of Salesforce.com, Slack, and Microsoft365, but they can’t be pasted into the ChatGPT prompt window. This same boundary can be applied to browser extensions, which can be automatically disabled when accessing critical applications.
Contextual DLP controls offer further granularity to prevent certain types of data, like credit card or social security numbers, from being shared with an AI tool — regardless of where they originated. If these data types are detected, the user sees a clear message explaining why their action was blocked and a reminder about using sensitive data with AI tools. This control mechanism allows for use of AI tools while preventing sensitive data from being added to a prompt. Island offers a built-in DLP engine and can integrate with external providers to leverage existing rules and classifications.
Flexible deployment options for AI tools optimizes the user experience. With Island, AI web applications can be deployed as browser extensions, added as a link to the homepage, or brought out of the browser and deployed as a standalone app on the desktop. Regardless of which deployment method users prefer, all the data controls, governance, and auditing visibility are the same. And for users who are new to generative AI tools, Island offers the ideal onramp with a built-in AI Assistant that’s immediately available in a side panel within the browser. Across all deployment modes, Island provides unmatched visibility, audit logging, and metrics to refine policies and measure efficacy.
The Island Enterprise Browser
The Island Enterprise Browser is the desktop of the future, enabling organizations to protect users and data and embed productivity features at the very point where they interact with SaaS and internal web applications.
Using the Island Enterprise Browser, security teams fully control the last mile, from basic protections such as copy, paste, download, upload, and screenshot capture, to more advanced security demands such as data redaction, watermarking and multi-factor authentication insertion. This opens up unprecedented opportunities across a growing number of enterprise use cases, including securing critical SaaS and internal web applications from data leakage, safe access for contractors and BYOD workers, and full governance over privileged user accounts.
It also delivers a native user experience for the hybrid worker in contrast to costly and poor-performing virtual desktop infrastructure (VDI), while supporting built-in safe browsing, web filtering, web isolation, exploit prevention, and Zero Trust network access at much lower cost. Automation of repetitive tasks, customized workflows and frictionless adoption also help organizations realize significant increases in productivity and user experience.