Zero Trust in Practice

Tad Johnson

Zero Trust in Practice

The zero trust security model builds on decades of hard-learned lessons. The era of a secure network perimeter is long past, so we should never implicitly trust a connection based on its network location alone. With the ubiquity of federated identity providers, we can positively identify the identity behind every request. We can evaluate the posture of the device a request originates from to protect to further protect against stolen credentials being misused. And with modern networking technologies, we can start from zero and build up these layers of trust before allowing the network connection, then continuously re-evaluate trust with every request.

As a security philosophy, zero trust offers a path to resolving many categories of vulnerabilities. Credential theft is much less effective when we require multiple factors for authentication and evaluate the device posture before granting access. Internet-based attacks can’t succeed if there is no routable path between a private app and the outside network. Even if malware is already resident on a device, lateral movement to infect other devices is made exponentially more difficult.

Making it Real

Bringing zero trust out of the realm of theory and putting it into practice means investing in security tools. An identity provider, some network infrastructure, and typically some combination of endpoint agents. Curiously, there’s one application at the center of almost every zero trust workflow that’s been ignored by most security vendors: the web browser.

When an enterprise invests in security tooling to put zero trust in practice, it doesn’t make sense to leave a basic consumer-oriented web browser at the center. Island built The Enterprise Browser to change that.

The Enterprise Browser is the on-ramp for a practical zero trust security implementation. It integrates with identity providers for user authentication and identification of all web activity. It continuously evaluates device security posture, without requiring any additional agents. It can make secure connections to private apps and resources over any network, while keeping those private apps completely dark to unauthorized access. It can apply last-mile controls to protect data from inappropriate use or accidental leakage – something that is virtually impossible for a legacy network-based security tool to achieve. And all web activity within the browser can be logged and shared with a SIEM or analytics platform to gain unmatched visibility and inform security governance and incident response.

And because all of this is built around a Chromium-based web browser, the end-user experience is frictionless and familiar. There are no extra agents to deploy, no training to teach users how to connect. Simply by introducing a new web browser, you can take a practical step at leveling up your security practice and embracing the zero trust paradigm.

The Human Element

A collaborative partnership with end-users is key to any successful security strategy.

At baseline, any new security tool or technique shouldn’t burden users or disrupt their general productivity. Thankfully, modern security practices are generally transparent to users or follow familiar patterns that become second nature. Clear communication with users in the form of status indicators, notifications, or error messages (with instructions on what to do next) goes a long way in ensuring lasting success.

The Enterprise Browser offers a unique approach to end-user engagement. The browser itself is tuned to be fast and a tailored enterprise app chooser makes every app and resource immediately available. There are no added burdens for end-user adoption, and no extra steps that could hinder user productivity. User messaging can be customized to match corporate brand voice, and users get clear and immediate feedback when they encounter a security policy. It’s tempting to overlook user experience or take it for granted when designing a security strategy. The Enterprise Browser makes it easy for end-users to adopt it as their default browser, and it gives Security teams the tools they need to clearly communicate their security policies.

Changing One Thing  

The concepts and technologies that form a zero trust security model are not a secret, nor are they proprietary to any one security vendor. Today’s challenge is largely one of optimization and operations – how do we implement a security strategy that decreases risk without disrupting end-users or business operations?

This challenge is what motivated creating The Enterprise Browser. It’s a unique approach, where the web browser itself plays an active role in the security strategy. Sometimes changing one thing changes everything.

Tad Johnson
Product Marketing Manager

Tad Johnson is the product marketing manager at Island and joined in 2022. He previously led product marketing and product management groups at Jamf, building the leading Apple Enterprise Management platform.

You might also like