Sophos expands security stack to govern apps, data, and AI in hybrid work

Sophos has announced Sophos Workspace Protection, expanding its portfolio to help organizations secure hybrid work and govern the use of emerging technologies, including AI. Built around the Sophos Protected Browser, powered by Island, the solution enables organizations to protect applications, data, users, and guests wherever work takes place, while providing a unified approach to securing the modern workspace.

Rethinking security for hybrid work

Traditional approaches to securing hybrid work, including deploying multiple cloud-delivered SASE and SSE solutions, often require significant infrastructure, specialized expertise, and ongoing operational overhead to deploy and manage. These models can increase cost and complexity while still leaving gaps in visibility and control where modern work now happens.

Sophos Workspace Protection takes a different approach by securing the workspace directly, eliminating the need to backhaul traffic through centralized infrastructure. This reduces the operational burden and cost while enabling protections that follow users, applications, their internet usage, and their data wherever they work, providing organizations at all stages of security maturity with a simpler way to secure hybrid work without added complexity.

At the core of Sophos Workspace Protection is the Sophos Protected Browser, powered by Island and purpose-built to seamlessly integrate with the Sophos Central platform. With 85% of the modern workday now taking place in a web browser, the Sophos Protected Browser was developed to address security needs where modern work happens. It provides organizations with visibility and control at the workspace level, helping them protect sensitive data, manage application access, and enforce policy directly within the browser.

By embedding security controls into a familiar user experience, Sophos Workspace Protection enables organizations to secure work across corporate and remote environments without disrupting productivity.

“Security teams are increasingly impacted by complexity, especially as hybrid work, SaaS adoption, and AI tools continue to expand the workspace,” said Mike Jude, Research Director at IDC. “Sophos Workspace Protection reflects a pragmatic shift in the market—delivering core SASE and SSE outcomes through an integrated, endpoint‑ and browser‑centric approach that simplifies deployment, reduces operational overhead, and helps organizations govern application and AI use without adding another layer of infrastructure.”

Governing shadow IT and shadow AI

As emerging technologies, including generative AI, become part of everyday workflows, organizations are increasingly challenged to understand how these tools are being used and what data is being shared through them. Recent research shows that more than half of employees worldwide now use AI tools at work, often before formal policies or controls are established, increasing risks associated with shadow IT and shadow AI.

By providing visibility and control at the workspace level, Sophos Workspace Protection helps organizations assess risk, enforce policy, and govern the safe use of emerging technologies across the hybrid workforce.

What’s included in Sophos Workspace Protection

Sophos Workspace Protection is delivered as a flexible set of integrated components that organizations can deploy together or individually based on their security and operational requirements. The following components make up the Workspace Protection suite:

• Sophos protected browser: a Chromium-based secure enterprise browser, powered by Island, that provides controls over application usage, local data handling, and web filtering. It also integrates Sophos ZTNA for access to private web applications and supports SSH and RDP access for remote administration.
• Sophos ZTNA: a zero trust network access (ZTNA) component that provides secure, posture-based access to private applications by allowing only authorized users and compliant devices to connect while keeping applications hidden from the internet.
• Sophos DNS protection: a cloud-delivered DNS security service that organizations can deploy to individual Windows endpoints as part of Workspace Protection. It provides an additional layer of web and phishing protection by blocking malicious or unwanted domains.
• Email monitoring system: an email security add-on deployed alongside Google or Microsoft email services that monitors email traffic and provides additional detection of unwanted or malicious messages, including phishing.

Together, these components enable several key benefits and use cases for organizations securing modern, hybrid work environments.

“Sophos has long protected remote and hybrid workers with industry-leading endpoint and network security, but today’s work environments demand stronger governance of apps and data,” said Joe Levy, CEO of Sophos.

“Many SASE and SSE solutions add complexity and operational overhead while still leaving gaps in visibility and control. By combining Island’s enterprise browser technology with Sophos’ security capabilities and the Sophos Central platform, we are helping organizations govern AI use, protect critical data, and secure hybrid workforces with a solution that is easier to deploy and manage,” Levy continued.

“Hybrid work shouldn’t mean tradeoffs between security and productivity,” said Mike Fey, CEO of Island. “Island protects data, secures application access, and helps organizations safely embrace AI, all through the browser people already use. Integrating with the Sophos Central platform lets customers do that with less complexity and more confidence.”

Sophos Workspace Protection helps organizations secure distributed and hybrid workers, govern the use of emerging tools and services, including AI, and support fast, flexible access for contractors and partners. The solution also strengthens defenses against phishing, browser-based threats, and other attacks that target users in the modern workspace.