Keep your dirty internet off my clean systems!
(How cloud-hosted browsing can complement enterprise endpoint and network security strategies)
Browsing the internet directly from your endpoint device is inherently risky.
Phishing and ransomware are modern cyber-plagues. Control over social media use, content filtering, and management of arbitrary links perpetually frustrates IT leadership. Apps that require too much access threaten our daily privacy and data security; one false move in the browser and it’s “game over” for security.
Why do browsers, inherently, present such excessive risk? The modern browser is the epitome of excessive access. With direct connections to the internet at large, local and networked file systems, peripherals, credentials, and roots of trust, the lowly browser is an aggregation point for endpoint access. Worse yet, plugins, extensions, and frameworks expand the browser’s reach and exposure across applications, but are required for functionality. Every link can, potentially, conceal malicious payloads that you don’t want traversing your enterprise networks and endpoints. And with a majority of applications and usage moving to web and cloud, browser security concerns are only going to grow.
To contain and manage threats to the browser, as well as browser-based apps, enterprises have many options. Hardening local browsers and running multiple local browser instances strengthen browser security, but both options still run applications and process data locally on the endpoint. Publishing browsers through application or desktop virtualization in an enterprise datacenter abstracts the apps and data from the endpoint, but still allows undesired traffic to enter enterprise networks from the internet. We’d like to expand on the benefits of another option: the cloud-hosted browser.
What if we made the browser a cloud-hosted service?
By hosting browsers as a service, non-strategic apps and data that you want to keep off enterprise endpoints and networks can remain in the cloud. Virtualization of the browser-as-a-service enhances security, privacy, and performance by sending just the pixels to the cloud endpoint — not application code and data.
Key use cases for a cloud-hosted browser service include:
- Allowing personal browsing and social media on company systems and network while maintaining privacy
- Adhering to strict compliance or regulatory standards by isolating web browsing activity from sensitive corporate information.
- Controlling and containing the use of cloud-based email and arbitrary links across devices, locations and situations
- Isolating the use of plugins such as Flash and PDF to a remote browser
Browsers are the most published applications in XenApp, as they benefit most from being virtualized and the majority of Citrix XenApp administrators will be familiar with the inherent benefits of publishing browsers. Control over the ability to cut/copy/paste/save/print is enabled per-application and between applications. Browser-based applications can be configured for isolation and app-specific security, restricting configurations and external communication to least-privilege. Integrations with Citrix NetScaler Unified Gateway and Secure Web Gateway technologies enable the use of multifactor authentication, endpoint inspection, contextual access policies, IP reputation and content policies. These capabilities and technologies enable the workforce to be productive across multiple devices, locations and situations, with specifically prescribed security and privacy measures enforced for their protection.
Cloud-hosted browsers operate as one-time-use, disposable browsing sessions to thwart malware and protect privacy. Offered as a complete Citrix Cloud service, Secure Browser Standard Service requires no investment in infrastructure and is managed and updated by Citrix, freeing up the administrator from the tedious work of trying to keep the browser(s) and browser plug-ins patched and up-to date with the latest patches. Available in three different geographical locations, the cloud-hosted service allows administrators to select the location closest to the users for the best user experience.
Secure Browser Standard Service leverages these capabilities and benefits while requiring zero configuration on the endpoint. The remote browser instantiates via Citrix Receiver for HTML5, providing on-demand access with no client to install or app to download. Existing XenApp and XenDesktop customers can easily integrate the remote secure browser into their on-premises StoreFront, making the cloud-based remote browser just another published application. This delivers an even more seamless user experience and effortless user adaption.
As you evolve your enterprise’s cloud endpoint strategy, consider where cloud-hosted browsers as a service bring unique security, privacy and performance benefits.