Island Enterprise Browser: Intelligent security built into the browsing session

In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between consumer browsers and the Island Enterprise Browser, how it protects organizations’ data, and how it uses contextual information to provide users with a safe browsing experience.

How does the Island Enterprise Browser create intelligent boundaries across users, devices, networks, and locations?

At its core, Island differs from consumer browsers in that it is contextually aware of the environment being engaged. This allows Island to be mindful of context on several fronts:

• Identity – Island is tied into an organization’s single-sign-on provider (such as Okta, AzureAD, Ping, etc.) and thus, is aware of who the user is, their group memberships, and even their application entitlements.
• Device – Island has device awareness via built-in posture assessment, which gives the browser an understanding of the device it is running on. This helps identify whether it is being leveraged on a corporate asset, a third-party/contractor/BPO device, or is a BYOD scenario.
• Geolocation – Island is location-aware and can determine the physical location of where it is running. This can be helpful, particularly when data privacy or sovereignty concerns exist.
• Network – Island can identify when it is running on a specified network environment or not, which can help ensure a particular policy approach when on the corporate network versus when not.
• Application – Island understands the various applications a user is engaging with to determine organizational applications versus personal applications.
• Tenancy – Island can distinguish between a personal tenant of a given application versus a corporate tenant of an application. This helps ensure that policy can be applied differently to personal versus work-related usage, and most notably, enables safe personal use of applications without the risk of organizational data loss.

By leveraging such contextual information, Island’s unique Last Mile Controls allow policy application based on the situational need within the organization. Further, Island’s intelligent Application Boundaries can be applied so that organizational data stays safely within the custody of the organization’s applications and tenants, while simultaneously allowing personal usage without the risk of corporate data leaking into personal applications.

What are some benefits of setting hyper-granular app and data usage policies with the Island Enterprise Browser?

It is essential to begin with the fact that Island policies are straightforward to configure. By the nature of the Application Boundary concept mentioned above, there is usually little need to focus on the painful granular efforts of traditional data protection approaches. Leveraging such facilities will ensure that organizational data remains within the corporate application footprint, allowing data to move freely when desired across that footprint, but can prevent the spillage of corporate data into undesirable places. Doing so requires no complicated regex, dictionary creation, or data discovery as it is application-based. This allows the organization to simplify its approach to data protection.

That being said, Island provides built-in DLP and “out of the box” integrations to common DLP providers where granular needs may be required for very tactical policy needs. This allows Island to be very granular where required but not get mired in excessive and painful manageability efforts.

What types of browser activity can be logged, and how does this enhance overall security?

Island has very flexible logging and audit features. Because the browser is a natural termination point for SSL traffic, Island does not have to leverage complex break-and-inspect mechanics required by countless security tools to gain visibility and control. The result is that Island has unimpeded, very natural visibility over application usage. Most importantly, the ability to have dexterity in audit logging delivers complete privacy for the user at the proper times, anonymized but audited logging at other times, and even deep audit over any application engagement at other times.

Island built-in contextual awareness lets administrators dynamically adjust the audit depth based on the situation. Island can capture any application engagement for deep audit needs, even down to screenshots, mouse clicks, and keystrokes within privileged application areas. The nature of the audit logging living at the application’s presentation layer (or the Last Mile) presents an entirely different dimension of audit data to the organization. When Island’s audit data is fed into existing SOC or user analytics environments, it complements existing data.

What are some of the critical security tools embedded into the browser, and how do they contribute to making zero trust native to a work environment?

As mentioned previously, Island is contextually aware, which is critical in establishing native zero-trust capabilities within the work environment. Using its contextual information, Island can decide which applications are made available to the user, the permissiveness (least privilege) within an application, how data should be protected, and the applicability of security features to give the user a safe browsing experience. Core to the Island Enterprise Browser are capabilities such as:

• Island’s unique Last Mile Controls assert specific actions at the presentation layer of the applications ensuring a new dimension of controls that work across any internal or SaaS-based application.
• Application Boundaries establish very natural lines of separation between work applications (and tenants) and personal usage
• Data Loss Prevention allows inspection of any application content, data entry, or content within files for sensitive organizational information
• Island Private Access empowers the organization to provide built-in seamless access to internal applications without needing a VPN or other client-side traffic steering mechanism outside the browser. This supports web-based usage, SSH access, and even upcoming RDP access.
• Enterprise Password Manager facilitates the usage and protection of passwords natively in the browser for a seamless and safe experience.
• Web Protection keeps the user safe from dangerous areas of the Internet with built-in categorization, malware inspection, and anti-phishing capabilities.
• Island’s unique Self-Protection ensures the browser always operates safely, even on a device the organization doesn’t control. This capability protects the browser’s memory, processes and files, encrypts the cookies and cache uniquely, prevents man-in-the-middle attacks, defeats keystroke loggers, and prevents malicious code injection with just-in-time compiler and API attack surface reduction.
• Last Mile Audit provides a highly flexible facility for audit logging of critical applications at the correct times and proper depths based on situational context.
• Full device support across the spectrum of standard devices and OSs within the work environment.

These capabilities, in addition to many others, deliver a highly valuable platform for organizations pursuing zero-trust initiatives, while giving users the familiar experience of the browser they know and love.

How does the transparency feature work, particularly in informing users of active policies?

Island provides numerous facilities to communicate to the users the state of the policy, controls, audit, and privacy levels being applied against the contextual situation they are engaging. Island ensures the ability of the organization to use its own needed levels of transparency based on situational needs.

How does the self-patching feature ensure continuous security without manual interventions?

Island’s update process, from an end-user standpoint, feels very much like the browser they are using today. However, behind the scenes are a series of capabilities that give the organization great dexterity in applying updates given contextual needs.

Most often, the browser’s policies are automatically applied without manual organizational interventions. However, for regulated and other rigid environments, patching approaches can be used, which govern who gets updates when based on need/requirement. This can be very useful in places such as retail operations, where seasonal holiday updates are often frowned upon to reduce the potential of operational impacts.

Finally, could you explain how the IE mode keeps legacy apps functional without needing a separate browser?

Business continuity is critical within any organization, making key application availability a must. Island has built-in support for legacy applications via built-in Internet Explorer mode, which ensures that even as application age, legacy applications will continue to function.

By leveraging built-in mechanics within the browser for legacy needs, Island will correctly render even older applications. Further, Island provides enterprise-grade support for the browsing experience, ensuring a team of experts is always ready to keep applications functioning as the organization requires.