When Ramesh and I started Authentic8, Remote Browser Isolation wasn’t a market category. And to be honest, simple virtualization of a web session to block malware wasn’t even our vision.
We started Authentic8 because we believed in three fundamental trends:
- more business-critical workflows would move to the web;
- more unmanaged devices would access web-based business-critical workflows, and
- the underlying web protocols and the browser application would remain insecure and unmanageable.
Rather than a "remote browser" for endpoint isolation, our vision was closer to a “browser as a service”. We believed that by embedding policies and IT controls directly into a user’s browser profile, and making it accessible from anywhere, we’d deliver a platform that transformed how organizations take advantage of the web. 10 patents and billions of sessions later, we’ve proven the point.
Our vision is about to get more mainstream. The fallout from COVID-19 has forced organizations of all sizes, sectors, and geography to enable remote work for their users. An internal memo from the CEO of Grant Thornton stated that WFH would be the default configuration for its employees, adding to prior announcements from tech giants like Google, Amazon, Cisco, and more.
And many are not prepared for the requirement. According to Federal News Network, only 415,000 federal employees (out of more than 2 million) were authorized to work remotely in 2019.
The IT response to this requirement will be telling. Some will increase investment in VPN solutions. But even if scaling VPN capacity or VPN split-tunneling weren’t costly and complicated, VPNs are still an incomplete solution for remote work.
While the connection may be secure, IT still needs to manage authorization of devices and users, control access to data, especially on unmanaged endpoints, and audit user activity to maintain governance and compliance.
Market research firms recognize that remote access means more than a secure connection and are building their technology and vendor landscape models around this thinking.
Forrester’s Zero Trust reports and Gartner’s Secure Access Service Edge framework acknowledge that the traditional enterprise perimeter is dead, and encourage customers to rethink their network strategy more holistically, bringing unmanaged devices, hotspots, web applications and more under the same management umbrella as on-premise solutions.
Their modeling of the changing environment is spot on, but our approach has been different. Instead of implementing a complex cocktail of solutions across endpoints, networks, and applications, we took a web-centric approach. We considered the problem from the center, not extending the individual IT components.
By delivering a cloud-based browser and by embedding controls directly in a user’s profile, the device, network or location become irrelevant. An authorized user can access appropriate resources through a centrally managed browser from anywhere, without a reduction in security, data controls, or governance. We joke that it’s an idea that’s obvious in hindsight. But it works.
Our business is built on Silo. We use cloud-based applications across all business functions, and those cloud apps are accessed only from within Silo. With Silo, we manage device, authentication, access and data policies centrally. Asserting positive control over the user’s browser profile means Authentic8 employees can work from anywhere, even on a borrowed computer, without undermining our security or compliance policies.
And it’s not just us. While the COVID-19 pandemic has driven a significant increase in inbound questions regarding work-from-home support, this suggests greater awareness of the more general risk of users accessing sensitive data from unmanaged devices and/or untrusted networks.
Our savvy customers have been using Silo in this way for years. We have customers across regulated industries supporting remote call center operations, a government agency that has authorized Silo for open source research from home, consulting organizations that use Silo to tunnel from client organizations securely back to HQ-based applications, and more.
Silo alleviates the pain IT is feeling with the dying perimeter. And Silo does it without burdening IT with additional infrastructure, users with additional steps, or management with more acronyms to understand.
As I said, making the browser the point of security and control is obvious in hindsight.