As the threat of ransomware and other cyberattacks continues to grow, cybersecurity should be top of mind for every organization, regardless of industry. The 2022 Gartner Board of Directors Survey revealed that an overwhelming majority—88%—of board members classified cybersecurity as a business risk. There’s no longer any doubt that malware in all its diverse forms poses expensive and existential risks to companies, educational institutions, government agencies and not-for-profit organizations alike.
Among IT teams, one security technology that’s gaining traction to combat these risks is browser isolation (also known as web isolation). Browser isolation came about in response to one of the most obvious and exploitable vectors for a cyberattack: web browsing. Any end user who visits a compromised website is potentially exposed to malicious downloads, harmful scripts or phishing attacks. If successful, these can result in sensitive data being leaked or even entire IT systems falling prey to outside control.
Browser isolation works by creating a self-contained “airtight” browsing session that prevents malware and other malicious content from accessing anything outside of those confines. Unlike antivirus solutions, which attempt to identify and quarantine malware after it’s already been saved to the computer, browser isolation stems from a preemptive Zero Trust approach that assumes all web content is untrusted and therefore high risk—even if it happens to come from a supposedly trusted or verified source.
Because of its practicality and effectiveness, browser isolation is now regarded as a best practice when it comes to hardening web security and establishing a secure web gateway.
Types of browser isolation
All browser isolation strategies follow the same basic logic. Like its name suggests, browser isolation technology moves all of a user’s browsing activity to an isolated environment that is somehow separated from the endpoint device. That leaves malware with no way to escape the sandbox environment. This way, the user and system data is never actually exposed to the web content.
Currently, browser isolation solutions come in three different varieties:
- With client-side browser isolation, the web content from the user’s browser is still saved locally on their device as it is with conventional (non-isolated) web browsing activity. However, real-time virtualization or sandboxing functionality is employed to keep the web-related data contained.
- Remote browser isolation (RBI) makes use of cloud security principles. When an end user accesses a web page, the web content is actually loaded (along with any JavaScript code) on a remote server hosted in the cloud. Whatever web traffic is generated during browser sessions is kept separate from the user’s device as well as the internal networks.
- On-premise browser isolation works in the same way as RBI, with the main difference being that the server is managed in-house by the organization and is not hosted in the cloud.
Regardless of their methodology, browser isolation solutions invariably delete all of the associated data when the user’s web browsing session ends. Any malicious content or downloads get deleted along with it.
Why implement web isolation?
The overall benefits that browser isolation brings to web security are pretty self-evident.
- Potentially harmful downloads are eliminated from the user’s device.
- Attack surface is reduced because malware is kept sandboxed.
- The device-level “air gaps” created by browser isolation also increase network security.
- The user experience remains the same because web browsing interaction remains unchanged.
- Any modern web browser can be configured to work with browser isolation.
- Unknown vulnerabilities like zero-day exploits pose less of a risk.
The larger takeaway is that browser isolation is a simple security service that is effective at mitigating frontline cyber threats and therefore helps to prevent the debilitating data loss that can result from them.
Beyond web browsing: Enhancing zero trust
As security measures go, browser isolation makes both economic and technological sense. But it’s not enough to implement browser isolation technology alone and call it a day. For a true Zero Trust initiative, you have to make sure that all your solutions are working toward the same goal.
Cameyo’s Virtual App Delivery (VAD) platform was developed from the ground up to meet two key criteria. Number one, it had to enable seamless end user productivity by giving people a secure cloud desktop to access all of their apps from any location and any device. And number two, it had to support organizations in their adoption of Zero Trust security principles. As a result, it achieves both by design with a Zero Trust security model built into the foundation of it’s platform.
Cameyo succeeds here because it delivers Microsoft Windows applications to endpoint devices via an HTTPS-encrypted browser session in any HTML5 browser. That makes it incredibly easy for end users to access their full-featured desktop applications from any device. It also leaves attackers with very few options. Here are the Zero Trust security principles utilized in Cameyo’s platform:
- Segmentation: Since the Windows software isn’t actually running on the local endpoint device, Cameyo’s VAD platform limits potential on-device vulnerabilities. Furthermore, Cameyo actively segments the browser session from customer networks and data so any malicious code can’t spread.
- Device access control: In line with Zero Trust principles, Cameyo assumes every device is untrusted and potentially compromised. Full isolation exists between user-level devices and organizational network/data—without sacrificing ease of use.
- Non-persistent data: Just like browser isolation wipes web content after a web browsing session, Cameyo wipes all customer user data from the server every time the user logs off.
- Least privilege: Cameyo encrypts all of its web traffic and delivers it via a secure HTML5 browser. Not only does this support segmentation, it also eliminates the need for VPNs.
- Identity & access management: Thanks to its rich integration with popular single sign-on (SSO) providers, Cameyo fully supports modern authentication mechanisms. And if you have Multi-Factor Authentication (MFA) set up with your SSO, it also applies to Cameyo.
Of course, running Windows applications in a secure browser session also has advantages like lower costs and reduced complexity. That’s why Cameyo’s secure cloud desktops shrink your organization’s attack surface while also shrinking TCO at the same time.
For proof, check out our case study on Sweden’s Klarahill. They deployed Cameyo to support a Zero Trust security model and cut remote desktop costs by 85% in the process. “With Cameyo you get this very powerful solution, with very low complexity and cost, all while getting greater security than you’ll find in other solutions. Complexity is the antithesis of security. The more complexity a solution has, like the many components of virtual desktop solutions, the more potential security issues you will have. Cameyo is built on a Zero Trust security model, and it also strips away all of the complexity that could result in security issues down the line,” said Adam Nerell, Head of IT for Klarahill.
We offer a free, no-strings trial of Cameyo so you can evaluate it in your organization’s environment alongside any browser isolation technology you might already be using. Our engineers are also happy to walk you through the functionality of our VAD platform as well as its cybersecurity features. Just request a demo and we’ll set something up.