The Enterprise Browser Blog

No items found.

No results found

How Omada Health Keeps Patient Data Safer at Half the Cost

How Omada Health Keeps Patient Data Safer at Half the Cost

Jess Cook
June 5, 2024

How can a digital healthcare company better serve the people who rely on its services, all while keeping their health data safer than ever – just by changing its browser? 

Omada Health, a virtual care program specializing in chronic disease prevention and management, has more than 1,900 customers worldwide including health plans, health systems, and employers ranging in size from small businesses to Fortune 500s. On a recent episode of CXOTalk, Omada Health CISO Bill Dougherty shared with host Michael Krigsman how the company uses the Island Enterprise Browser to simplify their IT landscape, reduce costs, and make life easier for end users – all while protecting their highly sensitive, HIPAA-covered data.

Here are three ways Omada Health uses Island Enterprise Browser for improved productivity and security. 

1. Unifying under a single browser to reduce IT tickets and gain back time

“Before we adopted an enterprise browser, we were managing three to five different browsers on Macs and three to five different browsers on PCs,” said Dougherty. All those browsers were difficult to patch and keep consistent.

By deploying an enterprise browser as the primary browser, Omada Health has minimized those browser-related tickets and issues, significantly decreasing demands on their IT support team. As a result, Omada’s IT team is empowered to tackle higher-level challenges.

“It's less software for me to patch and worry about on a daily basis,” said Dougherty. “And I now have enterprise control of our browser extensions, so we have less risk of malicious third-party extensions coming in because no extension can be installed that we don't review and approve.” 

2. Consolidating tools for lower costs and better experience

The Island Enterprise Browser is simplifying Omada Health's IT landscape by consolidating multiple tools into one. 

“We had an observability tool that we didn't like,” explained Dougherty. “It wasn't doing the job, and it was very expensive.”

In contrast, the Island Enterprise Browser costs half of what Omada Health was paying for their observability tool – and “Island works way better,” said Dougherty. In addition, Omada Health’s engineers gained a performance boost on their endpoints because they were running one less agent. 

As a bonus, said Dougherty, the Island Enterprise Browser includes a built-in password manager rolled out to 100% of their end users — something only about 5% of users had access to before — all at no additional cost.

"Ultimately, I get the entire stack of Island for half of what I was paying for a standalone observability tool."

This consolidation also resulted in a seamless user experience. “From the end user's perspective, they wake up in the morning, they log into their laptop, and then they log into Island,” explained Dougherty. “When they log into Island, that logs them into our IDP. Then they can just start using our SaaS applications.”

“When we do go out and look at new solutions, one of the things we're looking at is what holes does it plug. The other is what else can it replace. And the third is what's the impact on the end user,” said Dougherty. “It just happened that the confluence of our discussions with Island is we were able to tick all three boxes.”

3. Simplifying the complexities of securing healthcare data 

Omada Health provides its users with a series of smartphone apps as well as connected devices like scales, glucometers, and blood pressure devices — all delivered over the internet. That’s a significant amount of sensitive health data — all of which Omada Health must protect with the strongest possible security measures. 

Further complicating matters are all the vendors Omada Health partners with, including hundreds of coaches and specialists who provide users a personalized experience to help them manage their diseases. Every single one of those partners presents a third-party risk that Omada Health must manage.

“You've got three things that are in tension with each other. I want to get more secure for less money with better user experience. Not an easy task.”

“If our members don't trust that we are good stewards of their data, and our customers don't trust that we're good stewards of their data, they won't do business with us,” said Dougherty. “And bad security becomes a blocker to people getting a good health outcome.”

The Island Enterprise Browser gives Omada Health better control and security over browser use, as well as integrates seamlessly with their identity provider (IDP). This way, Omada Health can seamlessly enforce policies across all partners and users, ensuring security without compromising user experience.

“Simplifying that user experience and baking the security controls into the toolset, it just helps everybody,” said Dougherty.

To learn all the ways Omada Health is using the Island Enterprise Browser to optimize its platform for employees and users alike, catch the full episode here.

Related story:

How Hendrick Motorsports Governs the Last Mile with Island, the Enterprise Browser

How Hendrick Motorsports Governs the Last Mile with Island

How Hendrick Motorsports Governs the Last Mile with Island

Jess Cook
May 20, 2024

How does a browser help a 14-time NASCAR Cup Series champion team gain an even greater edge over their competition?

On a recent episode of CXOTalk, Hendrick Motorsports Director of IT Matt Cochran shared how his team uses the Island Enterprise Browser to turbocharge their productivity, security, and data analytics — both in the office and on the track.

Matt explains that the last mile controls Island provides have been instrumental in boosting the agility, security, and efficiency required by this elite racing team, which depends on rapid and secure access to large volumes of real-time data.

Here are some highlights from his discussion with CXOTalk host, Michael Krigsman:

Streamlined user experience equals higher productivity

Hendrick Motorsports’ user base is vast and diverse – comprising upwards of 300 servers and 3,000 machines used by mechanical engineers, finance professionals, pilots, marketers, and beyond. 

With the Island Enterprise Browser, Hendrick Motorsports’ users are more productive out of the box – whether they are working from a racetrack or an airplane hangar, a company laptop or a BYO device. They enjoy the same seamless user experience, no matter the location.

Island has also boosted productivity by allowing Hendrick’s IT department to say "yes" more often when a user asks for access to a particular resource or application. Island allows Hendrick to securely provide their diverse user base with the tools and data they need, when they need it, without having to open additional ports on their firewall. 

Accessible data boosts collaboration 

To meet the needs of its wide range of departments, Hendrick Motorsports has had to custom-build a number of software systems. Integration of these systems to enable collaboration around the data they hold can be a challenge.

The Island Enterprise Browser has improved this collaboration among Hendrick’s various departments by simplifying access to these proprietary systems and data – requiring no additional user training and adding no extra administrative burden.

And in a high-stakes racing environment, this seamless access couldn’t be more important. From engineers to mechanics, Hendrick’s team members can now execute on the extensive and critical data they collect more efficiently than ever before.

Security can be strong and seamless

Lastly, the Island Enterprise Browser has helped to fortify Hendrick Motorsports’ cybersecurity posture – without diminishing the user experience. 

Island’s last-mile controls ensure that while end users have an experience consistent with other modern browsers, the IT department can exert granular control over what data users can view, present, copy, or print — which is especially crucial during races, given the close proximity of their competition.

In addition, Island has provided Hendrick Motorsports with zero-trust environment controls, phishing protection, watermarking for data leak prevention, and more, all within the browser. 

To learn all the ways the Island Enterprise Browser helps Hendrick Motorsports govern the last mile and win, don’t miss the full episode.

Related story:

→ How Omada Health Keeps Patient Data Safer at Half the Cost with Island

Island's Commitment to the Environment

Island's Commitment to the Environment

Jennifer Park
April 22, 2024

Island has been fortunate in so many respects, especially at this early stage of our life as a company. To us, that good fortune isn’t just a positive outcome of our past efforts, but a responsibility for the future. To take some of that success, and turn it outwards by improving the communities and the world around us. 

In that light, we’ve made certain commitments regarding our carbon footprint.

We’re still a small organization, so our impact at this stage may not be gigantic. But we feel every step in the right direction is an important one. It’s a way for us to use whatever resources we have to better the world around us — no matter how big or small.

Our first initiative was to commit to making our products carbon neutral. To do that, we partner with a carbon offset provider as well as contribute to key emission-reduction projects. And we’re proud to be able to say that this is our third consecutive year we’ve successfully offset our carbon emissions.

Here are the initiatives we participate in to make these offsets possible:

  • A Bearadise, Alaska: This project ensures the survival of old growth forests that will reduce about 1.5 million tonnes of carbon in 30 years, providing a safe home for area animals and clean air for Earth.
  • Walk in the Woods, Montana: To restore carbon stocks in the Thompson River Basin area, this project defers commercial timber harvest activities and implements improved forest management practices that enhance growth of a natural mix of trees.
  • The Giving Trees, Kenya and Uganda: This project helps small communities plant trees to create a nature-based carbon removal system that helps train leaders and pull families out of poverty.

But it goes further than internal initiatives and our product itself. Island also offsets the heavy footprint coming from the hardware and compute-intensive products and services we displace for our customers, such as desktop virtualization and traffic backhauling technologies. It's a difference that amounts to something quite significant. This is good for Island, good for businesses everywhere, and great for society as a whole. 

This small but significant step is exciting — but it’s just the starting point. From here, we’ll actively seek other ways we can make things better for the people and the world around us.

How to Choose an Enterprise Browser

How to Choose an Enterprise Browser

Learn more about choosing the best enterprise browser for your organization. This article dives into features, top vendors, and what to consider when researching.
April 15, 2024

Forward-thinking IT and security leaders realize that the most commonly used application in their organizations — the browser — has become a bottleneck to their modernization efforts. Until recently, the only available choices were consumer-grade browsers that require layers of additional security tools to resemble an enterprise application. With the advent of the enterprise browser, though, there is a superior choice. But how does one properly evaluate the options on the market to select the right one? 

The choice of which enterprise browser to deploy is a multivariate decision. Choosing the right enterprise browser requires evaluating its security, productivity, manageability, and efficiency features to ensure that it meets your enterprise's needs on all these dimensions. 

In this article, we explore the benefits of enterprise browsers, what types of organizations they make sense for, what to look for when evaluating enterprise browser vendors, and what questions to ask the vendors to help you make the right choice. 

What are the benefits of an enterprise browser?

Enterprise browsers provide many benefits that enable companies and their employees to work more efficiently and securely. These benefits can be described with four broad categories: access, performance, security & privacy, and productivity & efficiency.

Access: Enterprise browsers offer a familiar interface that provides quick access to a company’s work applications and resources. Features such as single sign-on make the login process frictionless, and provides access to SaaS, web, and non-web applications without requiring the user to switch between multiple windows. Using an enterprise browser streamlines onboarding for new staff and makes it easy to introduce new applications for existing users. This benefit extends to contractors, partners, and third parties — an enterprise browser enables them to simply log in and work using their existing hardware while giving the organization complete control over access, data security, and visibility.

Performance: Enterprise browsers are fast and responsive because they are optimized for enterprise applications, rather than for advertising like a consumer browser. One such optimization is the blocking of ads and trackers. These represent up to 20% of web requests, but they’re completely unnecessary in the workplace context. Enterprise browsers also eliminate performance delays caused by the extra layers of abstraction required by other approaches like desktop virtualization and remote browser isolation solutions. For remote or hybrid workers, an enterprise browser can eliminate the need for extra network routing and eliminate another source of latency. In most cases, an enterprise browser delivers a performance experience that exceeds the more common consumer browsers.  

Security and Privacy: Enterprise browsers enable consistent security policies to be enforced company-wide by integrating Identity Provider (IdP) verification and supporting multi-factor authentication (MFA) to verify user identity, checking device posture to confirm that the device meets security standards, and examining network and geolocation data to check the source of the request. These elements are evaluated with every access request to implement and enforce robust security policies across all browser activity. Enterprise browsers also distinguish between personal and work-related browsing to ensure privacy, and build dynamic data protections directly into the browser to prevent data loss without disrupting workflows. 

Productivity and Efficiency: Enterprise browsers are optimized for the workplace and designed to enable greater productivity and efficiency. Beyond the performance enhancements under the hood, they also integrate tools to speed up common workflows, such as a smart clipboard manager, an AI assistant, a password manager, and a PDF editor. They also offer powerful workflow automations for users who carry out repetitive tasks, which greatly enhances their productivity. Since these automations are built into the browser, automations can be used anywhere, and don’t rely on proprietary APIs or application-specific support.

What companies benefit most from an enterprise browser?

While an enterprise browser offers a wide range of benefits, they may not be right for every organization. Assessing whether your organization can truly realize the benefits of an enterprise browser before investing in one is essential. To determine whether your organization can benefit from deploying one, there are several factors to consider when evaluating its suitability for your organization. 

This list of questions will help guide your decision on whether your organization should deploy an enterprise browser. Answering yes to more than one of these means that your organization will likely benefit from one. 


  • Does your organization regularly handle sensitive data? 
  • Is the industry you operate within subject to stringent regulatory requirements that may require advanced security and compliance features?

Application Compatibility

  • Do you use a mix of both legacy and modern SaaS applications? (This situation needs tools that guarantee compatibility and seamless operation across different platforms.)

Centralized Management: 

  • Do you have to support numerous devices and types of users, including employees, contractors, vendors, and partners? 
  • Does your organization want to simplify deployment, configuration, and maintenance while enforcing consistent security and usage policies through centralized management?

Performance and Efficiency: 

  • Do you have application workflows that could be automated or optimized to increase productivity? 

User Experience: 

Digital Transformation: 

  • Is digital transformation a differentiator for your business?

What to look for when evaluating enterprise browsers

As a relatively new product category, there are a variety of products from a range of vendors that use the term enterprise browser. Not all enterprise browsers are equal in their capabilities, so it’s important to step back and consider the role this technology plays in your organization. To add lasting value to your organization, an enterprise browser must address three key areas: 

Security: Cybersecurity is often the initial driver for an enterprise browser implementation, and for good reason. Shifting your primary security controls to the browser is an opportunity to reduce complexity and tool fatigue while gaining dexterity and precision. The browser serves as the frontend for many enterprise workflows, so it’s a natural opportunity to improve security and protect from both external and internal threats. However, while security capabilities are an essential requirement for an enterprise browser, they are not sufficient alone. Some vendors focus primarily — or  exclusively — on security capabilities and leave the following two areas unaddressed. 

Business Operations: Many IT and security tools are invisible to the business. For example, a properly configured firewall, while essential for operations, goes completely unnoticed by all but the IT teams responsible for it. An enterprise browser should be the opposite. Its visibility to the business is essential in order to fulfill its potential. Lines of business should see the enterprise browser as an enabling technology that helps them introduce new services and applications quickly and safely, and gracefully support every type of user. 

User Convenience & Productivity: This final area of concern is critical and holds tremendous opportunity. A well designed enterprise browser should offer real value to the end users who interact with it every day. This should include capabilities to improve performance and minimize distractions, all within a familiar interface. User communication should provide actionable information about policies along with guidance on how to request exceptions. The best enterprise browsers will offer built-in productivity tools to optimize and automate common workflows. 

When selecting an enterprise browser, look for a breadth of capabilities that can fulfill the diverse needs of security, business operations, and user productivity. Be on the lookout for products that emphasize only one of these areas at the expense of the others. While this may appeal to the buyer or administrator, such a product will not be successful in the long run.  

Questions to ask any enterprise browser vendor

There are a handful of questions that you should ask every enterprise browser vendor you’re considering. The responses to these questions will help you choose your vendor more objectively. The following is a list of questions and key considerations to remember when evaluating the vendors’ responses.

Question: How many customers do you have of a size and industry similar to my organization?
Key considerations:
Many small vendors offer some version of an enterprise browser, and while the feature list may meet some or most of your technical requirements, other factors will impact the success of your deployment. Larger organizations usually need support for various devices, so cross-device compatibility should be one of the first things you ask about. Be sure to also ask about 24/7 customer support and global scalability, which are critical as your organization grows internationally. 

Question: Does the enterprise browser offer integrated zero-trust network access (ZTNA)?
Key considerations:
The term “zero-trust” is used to describe a wide range of technical capabilities. When exploring an enterprise browser, it’s essential to understand if zero-trust principles are applied throughout their technology stack and extend to the ‘last mile of zero trust.’ Some vendors require you to purchase additional products or integrate with other technologies to deliver ZTNA.

Question: Is the enterprise browser available on mobile devices?
Key considerations:
Mobile availability is a must in contemporary business environments; hence, the enterprise browser must support mobile devices. Some vendors may not support mobile applications for iOS and Android or offer a significantly reduced feature set for mobile. Be sure to check that full mobile support is available.

Question: Does the user experience help enable productivity?
Key considerations:
Many vendors orient their products exclusively around security requirements and treat the user experience as a secondary priority. However, user experience and satisfaction are critical in driving productivity. Ask about the speed of the browser’s performance and features or functions built into the browser to help speed up workflows and make work more efficient. 

Question: Do you offer both a standalone enterprise browser and browser extension to manage and secure the consumer browsers in my environment?
Key considerations:
Finding a vendor that supports both enterprise browsers as a standalone application and a browser extension is key, as it provides organizations with the ability to have the backend management controls they require, and flexibility in the deployment method.

The best option for a modern enterprise browser

Island, the Enterprise Browser, provides organizations with the core requirements every enterprise stakeholder  needs — from CIOs, CISOs, IT and lines-of-business, users, and everyone in between. Rooted in the philosophy that the enterprise browser should take a holistic approach and benefit everyone in the organization, Island provides a comprehensive set of features and benefits that enhance the work experience for all.

Efficiency and Cost Savings: By deploying Island, some of the security tools, endpoint agents, and IT solutions previously needed to secure and enable the enterprise will be negated by Island’s core functionality. These built-in features lower the cost and effort involved in licensing, deploying, maintaining, and supporting the infrastructure for additional solutions.

Application Provisioning: Every user in your organization gets a personalized workspace with all the applications that they should have access to, whether they’re SaaS, web applications, or non-web apps. We support the latter via Secure Shell (SSH) or Remote Desktop Protocol (RDP), removing the need for desktop installation. This makes the onboarding process more efficient and improves the user experience.

Analytics and Data: Island provides analytics on application usage and performance. This data, combined with workflow insights, helps organizations optimize application spending, identify and remediate performance issues, and inform IT strategy to maximize business value.

Remote Access: Island supports the burgeoning trend for remote work by removing the need for traditional VPN or virtual desktop infrastructure (VDI) solutions. Secure remote access for employees or contractors outside the corporate office is built into Island, empowering employees to access their applications from anywhere, using any device they want. 

Data Protection: Island builds dynamic data protections into the browser, which enables you to create policies that prevent data leakage. With Island, you can protect sensitive data from being improperly downloaded or uploaded before it leaves or enters the browser and set your policies to govern the exact scenarios in which screenshots, copy/paste, saving, or printing can be executed. This granular level of control allows data to move freely between work applications while preventing it from being leaked elsewhere.

Safe Browsing and Password Protections: Island helps stop phishing attacks before credentials are compromised and blocks access to unsafe or inappropriate sites. It also prevents password exfiltration or interception through local malware like keyloggers and builds in an integrated password manager that’s optimized for enterprise use. Island also supports privileged access management (PAM) workflows—users can authenticate with credentials assigned to them without ever having to see a password.

Zero Trust Security: Organizations can easily implement a zero trust security framework across a wide range of deployment scenarios. Island’s zero trust security framework is integrated into the browser, emphasizing user identity verification, device compliance, and least-privilege access to resources, thereby mitigating a broad range of cybersecurity threats. 

Productivity and Automations: Island has built-in ad blocking to remove distractions and speed up browsing and it includes tools that help users to be more productive. These include an AI assistant, a password manager,  a smart clipboard manager, and a PDF editor. Users who carry out repetitive tasks can simplify these tasks using Island’s workflow automation feature. Best part of it all? These automations are built into the browser and can be leveraged across any application.

True enterprise browsers deliver multifaceted ROI. Settle for nothing less.

Enterprise browsers come in various guises. The majority are focused on security, and while security is a critical feature, the contemporary needs of the enterprise extend far beyond that. Modern organizations have to realize the most from their investments in tools and people, and the leading enterprise browser solutions generate an ROI that impacts more than one dimension.

An example? Read about how Hendricks Motorsports enhances productivity, security, and data analytics, while ensuring seamless and secure access for their diverse team with the Island Enterprise Browser.

Enterprise Browser Alternatives: Browser Extensions and RBI

Enterprise Browser Alternatives: Browser Extensions and RBI

Learn more about the enterprise browser and its alternatives, including browser extensions and remote browser isolation.
April 10, 2024

While the browser is the most commonly used enterprise application today, it was never built with the needs of large businesses and organizations in mind.  As new SaaS- and remote-first work patterns evolved, and the demand for a browser that had enterprise-grade security and management features grew, new solutions emerged to meet these needs. These solutions took three different approaches to the problem: browser extensions, remote browser isolation (RBI), and the enterprise browser. 

The first two are refinements or enhancements to the common consumer browser. The latter approach,the enterprise browser, takes a clean slate approach to the challenge. It incorporates centralized management tools, secure access controls, productivity features, and device ubiquity into its core design. The user experience is almost indistinguishable from that of a consumer browser, and in fact, is speedier, since it is optimized for productivity. The enterprise browser has many advantages over its competitors, and new use cases are constantly being uncovered and capitalized upon. 

This article explores the alternatives to the modern enterprise browser, which include browser extensions and remote browser isolation (RBI). We’ll examine the compromises they make in their quest to serve the needs of a modern enterprise workforce and dive into reasons why the enterprise browser remains work’s natural next step. 

Alternative #1: Browser Extensions

A number of vendors offer browser extensions that can be deployed to a consumer browser to add enterprise security and management capabilities. While they are commonly marketed as enterprise browsers, there are major distinctions between a mere browser extension that offers enterprise-like features, and a full-fledged enterprise browser that was designed from the ground up to meet the exacting demands of enterprise use. 

What Browser Extensions Offer

Browser extensions provide their customers with a few notable positives. They are straightforward to deploy and integrate into the end users’ existing browsers. They are relatively low cost, since they don’t require a lot of development effort to create and expensive infrastructure to maintain. For the end user, the experience of using the browser is the same, as the browser itself has not fundamentally changed.

Limitations of Browser Extensions

Browser extensions are limited in what they can do because they are constrained by the extension framework, as defined by consumer browsers like Chrome, Safari, or Firefox. For example, an extension can’t modify core browser storage to protect cookies, cache, or saved passwords. An additional shortcoming of extensions is the risk that their features and functionality may be negatively impacted by changes to the frameworks, such as Chrome’s deprecation of Manifest V2.  

Another inherent weakness of extensions is that they need to be deployed and managed through a separate device management platform, like a mobile device management (MDM) or unified endpoint management (UEM) tool. Without MDM/UEM, there’s no way to ensure that users add the extension to their browser. For this reason, they are generally not recommended for unmanaged deployments such as in a bring-your-own-device (BYOD), third-party contractor, or business process outsourcing (BPO) scenario.    

While their primary goal is to help secure the browser, extensions only offer a limited number of security protection features. They cannot protect against local attack vectors like malware on a device that hijacks cookies, cache, keystrokes, or passwords. Extensions are also limited in their ability to interact with the underlying operating system (OS), which means they are unable to provide full zero-trust security with deep device and network inspection. Browser extensions also cannot support mobile devices, so an environment with a mix of desktop and mobile devices will require multiple solutions, which creates complexity and adds cost.

Alternative #2: Remote Browser Isolation

Remote browser isolation (RBI) is exclusively focused on providing security features to browsers, and as the name suggests, it works by hosting a browser environment on a remote host where web pages are rendered and then streamed back to the user as a video. 

What Remote Browser Isolation Offers

RBI lives up to its moniker by providing full isolation between browser-related activities and the user’s computer. Since only a video stream of the webpage is delivered to the user’s computer, the actual web content and the endpoint device are fully isolated from each other. This means that any malware or malicious web content never has a chance to make it to the endpoint device, and remains contained in the remote environment. Because the local endpoint is protected, RBI can be very useful in use cases such as threat research, where malware encounters are expected. 

Limitations of Remote Browser Isolation

The tradeoff with RBI is a compromised user experience due to the latency that accompanies the extra layer of remote browser rendering. Rendering issues and web application compatibility issues are also more common. To counteract these issues, many RBI solutions selectively choose only some web destinations to send to the remote environment. The choices are based on web classification and risk scoring. The problem with this approach is that it hinges on that classification; any time malicious content is falsely classified as safe, it defeats the purpose of RBI. Once this error is made, it allows the malicious content to bypass RBI for all users within the environment, expanding the potential attack surface significantly.

In addition to the user experience deficits, RBI’s underlying approach incurs substantial infrastructure and bandwidth costs to host and stream the remote browser environment, which results in a poor return on investment for its adopters. RBI is well suited for niche use cases like threat research, but it rarely makes sense for broad deployment. 

Why Modern Enterprise Browsers Best the Alternatives

The number one reason enterprise browsers are better than the alternatives is that they were conceived and designed to fulfill the myriad demands of enterprise organizations, instead of merely focusing on a narrow use case. Island, the Enterprise Browser, provides organizations with the core requirements everyone in the organization needs – from CIOs to CISOs, IT, lines of business, users, and everyone in between. Island provides:

Efficiency and Cost Savings

By using Island, companies no longer need some of the security tools, endpoint agents, and IT solutions that they previously used to secure and enable their business, as they are all embedded within the browser. This lowers the cost and complexity associated with licensing, deploying, maintaining, and supporting the infrastructure required to support them. 

Application Provisioning

With Island, users can access all the applications they’re entitled to, whether software-as-a-service (SaaS), web applications, or even non-web applications, via Secure Shell (SSH) or Remote Desktop Protocol (RDP). Through application virtualization platforms, users can connect to traditional “thick” applications without requiring a desktop installation. This enables new apps to be introduced easily — all new users have to do is log in and get to work.

Analytics and Data

Island provides analytics on application usage, performance, and workflow insights. These can be used to optimize application spending, identify and remediate performance issues, and inform IT strategy to maximize business value. Analytics across every application interaction are available on each org's Island admin console, unlike alternative solutions that require application-side integrations or additional agents on the endpoint.

Remote Access

Island enables remote access for a hybrid workforce and supports employees outside the corporate office, contractors, and vendors who may need access to the company’s data and systems. Organizations can use Island to reduce the need for virtual desktop infrastructure (VDI) or traditional VPN, and to support personal devices as part of a bring-your-own-device (BYOD) initiative.

Data Protection

Island features dynamic data protections, replacing the “blunt instrument” approaches of legacy data protection solutions. This feature enables you to build policies that prevent data leakage without disrupting organizational workflows. Island’s data loss prevention (DLP) controls protect sensitive data from being improperly downloaded or uploaded before it leaves or enters the browser. Administrators can implement custom policies that govern the exact context within which copy/paste, screenshots, printing, or saving can be executed. This allows data to move freely between work applications while ensuring it doesn’t go where it shouldn’t. 

Safe Browsing

Powerful security tools that protect browser activity from web-borne threats are built into Island. Malware is detected and blocked so they can’t reach the endpoint, while phishing attacks are stopped before credential compromise occurs. Access to unsafe or inappropriate sites is blocked, key browser components are isolated, and local browser data stores are protected to neutralize sophisticated attack vectors. Island also helps security teams respond to incidents and resolve investigations quickly by providing robust event data for browser activities. 

Zero Trust Security

Through its integration with identity providers (IdP), Island can be used to implement a zero-trust security framework across a wide range of deployment scenarios. User identity is verified with multi-factor authentication, device posture is checked to verify the device meets security standards, and network and geolocation are examined to see where the request is coming from. Each of these elements is evaluated with every access request, making it easy to implement and enforce robust zero-trust security policies across all browser activity.

Password Protections

Island has several key advantages over consumer browsers when it comes to password protection, management, and governance. It includes its own enterprise-optimized password manager and protects its users from phishing attacks, password exfiltration, or password interception through local malware like keyloggers. It can also be used to implement privileged access management (PAM) workflows where users can authenticate with credentials assigned to them without ever needing to see the password. This is handy when several employees need access to a shared company account or to protect particularly sensitive applications.


Island is designed with workplace optimizations at its core. It has built-in ad blocking to remove distractions and speed up browsing, and integrates tools that simplify common workflows. A smart clipboard manager, an AI assistant, a password manager, and a PDF editor are all built into Island. It also integrates with enterprise cloud storage to streamline downloads and uploads. All of this is included natively in Island, and deployed and configured by the IT team, without the hassle of managing a collection of browser extensions or adding external productivity tools.


Island delivers a hefty productivity boost by supporting powerful workflow automations. Smart automations speed up repetitive tasks, such as customer success teams responding to client requests or managing ticketing systems. Since these automations are native to the enterprise browser, they can be applied anywhere — regardless of whether the underlying application supports them.

Island, the Enterprise Browser, offers broader and deeper enterprise features than the alternatives we’ve explored. See how these features are helping us to reshape the modern workplace.

End User Experience as Security Differentiator

End User Experience as Security Differentiator

Tad Johnson
April 5, 2024

It should come as no surprise that the browser is a favored target for malicious actors, using an ever-evolving suite of sophisticated attacks. With billions of users around the world, consumer browsers are a rich target for malware or exploit developers. That’s also the reason that security leaders are focused on securing the browser itself and treating it like an enterprise application.  

In light of the growing importance of the browser in the enterprise, Forrester recently published a report, “Leading Practices To Secure The Anywhere-Work Browser” that you can read here. The report covers the rapidly evolving browser security landscape, reviewing several emerging threats along with three approaches to improve browser security. The report does a good job of outlining the current state of browser security and makes a strong case to take action. One of the recommendations is to use an enterprise browser (such as Island, the Enterprise Browser). While this report accurately describes the security benefits of an enterprise browser, there’s another angle that deserves attention: improving the end-user experience. 

Balancing Security and User Experience 

In the cybersecurity domain, it’s an unfortunate reality that security and user convenience are often at odds. For example, consider a common login flow: an authentication scheme that uses a complex password and biometric MFA challenge on a separate device is indisputably more secure than a simple password alone. It’s also less convenient. Introducing too much user friction is a drag on productivity, and it can introduce new security risks. Security measures that degrade user convenience create security fatigue and increase the risk that users ignore security warnings entirely. 

This is precisely why it makes sense to implement an enterprise browser in the workplace. Consumer browsers require add-on security measures with added extensions, endpoint agents, or network traffic inspection. In the best case, these are neutral to user convenience; in practice they almost always diminish the overall user experience. 

By contrast, an enterprise browser brings security controls inside the browser and improves user convenience. Returning to the complex authentication example, an enterprise browser can detect the configuration of the device it's running on, what network it’s connected to, and the geographic location. This information enables a complete zero trust authentication scheme without burdening the user with repeated MFA prompts.

Productivity and User Value 

The other aspect of end-user experience that is essential for any successful enterprise application deployment is productivity. Every time a new application is introduced in the workplace, the natural question from users is, “how does this help me get my work done?”. Some examples from the recent past are Slack and Zoom: both applications make their utility plain to see and deliver value immediately. So too must an enterprise browser if it’s going to be embraced by users.

An enterprise browser should make it easier for users to find and access applications. It should include productivity tools like an AI assistant and smart clipboard manager. When a user encounters one of the security controls (like preventing a download with sensitive information) the enterprise browser should provide context about what happened, why, and where to find more information. Put together, an enterprise browser should provide a more convenient, more productive workspace for users. 

The Enterprise Browser Difference 

Securing the browser is a critical objective for any organization that relies on SaaS or web applications for business functions. Forrester’s research “Leading Practices To Secure The Anywhere-Work Browser” outlines why this is important and shares three approaches to securing the browser. The additional consideration of end-user experience and productivity is what distinguishes an enterprise browser from the alternative solutions. 

Hear from customers about how Island, the Enterprise Browser, improves security while improving the end-user experience.

Forrester Report, End User Experience as Security Differentiator
Secure Browser vs. Enterprise Browser

Secure Browser vs. Enterprise Browser

March 25, 2024

Navigating the Browser Landscape 

Most web browsers are targeted at the average consumer, whose needs revolve around activities such as reading email, browsing the web, online shopping, watching videos, and engaging on social media. As enterprise and productivity software evolved and more work was performed in the browser, the same consumer-grade browsers were used in the workplace. IT teams bolted on layers of security and administrative tools to accommodate the use of consumer-grade browsers in an enterprise context.  

Today, the browser is the starting point for most enterprise workflows. This shift in work patterns gave birth to a new type of browser — one focused on the needs of the workplace. 

This innovation in workplace browsers arrived in two phases: 

  • Secure browsers such as RBI or Bromium are focused on solving the security challenges associated with consumer-grade browsers. While security is essential for enterprise applications, in practice these secure browsers often force a tradeoff by diminishing the end-user experience. It’s no surprise that secure browsers have failed to gain widespread adoption. 
  • Enterprise browsers approach the challenge more broadly and incorporate enterprise-grade security, business workflow integrations, and end-user productivity requirements into their design. This approach delivers widespread value to CISOs, CIOs, and the business leaders they work with. At the same time, end users benefit from productivity enhancements and streamlined access, so there’s no tradeoff required. 

The browser is where most work gets done today, and a corresponding shift has to occur in the tool that supports this work. It is time to treat the browser as an enterprise application, and to expect it to meet the demands of the enterprise use case.

Enterprise and Secure Browsers Share Some Basic Similarities

At their core, both secure browsers and enterprise browsers come with out-of-the-box security and privacy functionalities. However, the approach to security and enterprise capabilities expected of each and how these requirements are manifested differ significantly. Secure browsers include features geared toward protecting against external threats like malware or session hijacking. Enterprise browsers build upon this external security focus while adding advanced access controls and data protection to safeguard applications, data, and users against both external and internal risks. 

The differences become more apparent when we examine the philosophy that underpins their designs. While secure browsers took a few steps towards strengthening security in the browser, they did so to the exclusion of other requirements. Enterprise browsers embrace a secure-by-design philosophy to meet these needs by adopting a more comprehensive view of what the browser can and should do to meet the demands of businesses.

Enterprise Browsers Are Designed for Businesses

Enterprise browsers are designed for organizational use within businesses and institutions. They serve as the foundation for many critical workflows, so they require features and functions that go beyond a typical secure browser — and far beyond a consumer browser. These include centralized management of applications and access, sophisticated security and compliance features, productivity enhancements, business workflow integrations and automations, and an elevated user experience. 

Enterprise Features

Access controls and data security are key capabilities for an enterprise browser, and illustrate how the solution offers more than a secure browser. When an enterprise browser is integrated with the organization’s identity management system, it becomes the workspace for enterprise application access. Leading enterprise browsers can go beyond web applications with SSH, RDP, or virtualized application workflows. Data protections are streamlined with consistent policies applied across all workflows with an enterprise browser. 

Another key feature of enterprise browsers is their ability to seamlessly integrate with SaaS applications, allowing organizations to embed policies that enforce their data protection preferences within those applications. Take Salesforce as an example: the browser can restrict the download of sensitive customer data or limit access to certain Salesforce features based on the user's role and security clearance. And with browser enforcement mechanisms, users can only access Salesforce through their organization’s preferred enterprise browser. 

Enterprise browsers also prioritize user experience in the context of the workplace. They incorporate password managers, workflow automation, and support single sign-on with modern MFA through identity providers such as Okta, allowing users to securely access all their applications quickly with zero friction. 

Key Differences: Secure Browsers vs. Enterprise Browsers

Consider two essential areas of difference between a secure browser and the more advanced enterprise browser: security dexterity and user experience. 

Security Dexterity

Secure browsers often take a “blunt instrument” approach to security and data protections, which can disrupt work and drive up complexity. For example, a secure browser that blocks all copy & paste functions will succeed at stopping data leakage but fail the usability test. 

Enterprise browsers provide security features that are tailored to business needs, as well as strict control over privacy settings and data management. They build data protections into the browser itself, enabling organizations to build policies to govern all data movement in and out of the browser. With context-based policies to govern the ability to download or upload data, take screenshots, print, and copy and paste content within the browser, enterprise browsers help prevent data loss without disrupting user workflows. 

To secure and simplify access, enterprise browsers integrate with enterprise identity and access management systems that support multi-factor authentication (MFA) and single sign-on (SSO). They also enable organizations to monitor and analyze security incidents and maintain regulatory compliance while preserving user privacy by providing features that allow context-aware logging and auditing of browser activity. The browsers feed signals into endpoint security and SIEM solutions through integrations to extend their utility.

User Experience

Secure browsers are designed and built to satisfy cybersecurity requirements. Few cybersecurity tools can promise improvements to the user experience, and secure browsers are no different. For some organizations, this tradeoff is acceptable. 

Enterprise browsers start with a secure-by-design foundation and introduce user experience enhancements that boost productivity. This may start with a browser home screen that offers all the applications required, tailored to the specific user, their role, and their location. Policies are personalized to the organization, offering contextual feedback and education for the user. And a great enterprise browser will offer built-in productivity tools like a password manager, AI assistant, and clipboard manager to streamline common workflows. All this translates into an optimized workspace for each user that offers security protections and productivity benefits. 

Island, the Enterprise Browser: Security and Productivity by Design

Island is the leading enterprise browser. It incorporates all the features described above and includes additional security, user experience, and productivity features to differentiate it further from secure browsers and consumer-grade browsers. 

Baked into the core of the Island browser is the concept of zero-trust security, which focuses on user identity, device posture, and least-privilege resource access to reduce risk across numerous categories of cybersecurity threats. 

While the Island browser is security and feature-rich, the user experience is where it truly shines. The browser is optimized for speed and responsiveness for enterprise applications. It minimizes unnecessary network requests by blocking ads and trackers, and eliminates the performance delays and disruptions caused by added layers of abstraction between the user and their work as with desktop virtualization and remote browser isolation.

To unleash productivity, Island builds a smart clipboard manager, an AI assistant, a password manager, and a PDF editor into the browser. It also integrates with enterprise cloud storage to streamline downloads and uploads, and provides IT teams with the option of deploying and configuring extensions and productivity tools inside the browser itself. Collectively, these features reduce delays and boost user output.

Learn More About Enterprise Browsers

Discover key capabilities, compare alternatives, explore use cases, and read what industry experts are saying about enterprise browsers. 

Get the Enterprise Browser Buyers Guide

Your Next Password Manager is… a Browser?

Your Next Password Manager is… a Browser?

Jason Trunk
March 21, 2024

The need for robust password management in business environments has never been higher. 

For one, despite our best efforts to ramp up cybersecurity education, most employees still don’t practice good password hygiene. At the same time, bad actors are using increasingly sophisticated methods — phishing powered by AI, for one — to breach enterprise accounts. 

Against this backdrop, single sign-on (SSO) and password managers like 1Password, LastPass, Dashlane, and Keeper have grown in popularity. 

SSO is essential, but there are gaps

Now a mature technology, single sign-on is an essential first step for improving security. Whether with a saved password or a biometric, SSO gets users into many applications securely, with a single click.

However, SSO rarely covers 100% of the applications in the enterprise environment. Some apps are simply too old to link up to SSO, or they're managed by a third-party supplier or website external to the business. (Take airline employees for example, who, in order to access the manuals needed to operate and repair their planes, have to log into apps managed by airplane manufacturers.)

All these non-SSO apps? They need to be managed by the employee themselves, with their own user IDs and passwords. 

Password managers fill the gaps, but they still fall short

The natural evolution to solving conventional password security issues not covered by SSO is the password manager. When implemented correctly, a password manager offers the convenience of SSO by automatically retrieving the password for each login. 

However, there are limitations to traditional password manager solutions, not to mention potential security vulnerabilities. Password managers that offer cloud syncing add third-party security risk — and there have been no shortage of headlines around this manner of data breach. 

Another shortcoming relates to the use of consumer browsers with password manager extensions. Imagine a scenario where the password manager pulls a password from the vault and auto-fills it into the website — as it’s meant to do. However, the browser then turns around and asks, “Do you want to save that password in the browser?” If the user clicks “yes,” now that password is exposed in the browser’s (far less secure) password store. 

That scenario grows far worse when using a consumer browser with personal profile syncing. Any password saved is now available across all of their devices — including those outside of enterprise visibility.

Even if you deploy a password manager that offers world-class security, it can still run on insecure browsers and not-up-to-date operating systems, each of which can be breached putting sensitive data at stake.

The password manager “bake-off:” a competition with no winners

While they have their drawbacks, password managers are a modern cybersecurity necessity. But evaluating traditional password management solutions against each other can become a serious pain.

Case in point: a CIO recently reported to me that he and his team had just spent nine months in a “password manager bake-off.”

Why? Because password managers have become ubiquitous. Each of them have virtually identical features, benefits, and weaknesses. There is no standout winner. And, as a result, IT teams waste precious time hemming and hawing over how to choose between largely interchangeable solutions. 

But here’s the good news: CIOs no longer need to choose a password manager. The next evolution in password security isn’t a stand-alone password manager. It’s the enterprise browser: a browser with all the security features, deep visibility, and hyper-granular policy controls the enterprise needs, built-in — including sophisticated, enterprise-grade password management.

The enterprise browser: work’s natural next step

Here is how the enterprise browser tackles all the challenges password managers do, and much, much more: 

  • Policy-driven password management; keep things secure with precision.
  • Password generation based on your company’s policies.
  • Secure storage and handling of all passwords, based on individual security requirements of what accounts and apps those passwords are associated with. 
  • Real-time device posture assessment and response. Can detect a change in device posture in real time, right in the middle of a session. That’s something extensions just can’t do.
  • No need to perform additional SSO, SCIM, or SIEM integrations because it’s simply a module built into the enterprise browser.
  • Not bound to the UX and technical limitations of traditional extensions. This opens many doors in the way of both security and user experience.
  • Protection against various cyber threats, such as man-in-the-middle and phishing attacks, through the secure-by-design browsing environment.
  • Chromium-based browser offers a seamless, secure, and user-friendly experience.
  • Zero knowledge architecture means only the user and their organization can access passwords stored in their vault. 

We’re no longer having a conversation about features; the enterprise browser delivers password management in an entirely new, built-in way.

No more “password manager bake-offs.” The enterprise browser is the clear choice.

If you’re in the middle of evaluating enterprise password managers, it’s time to throw out your spreadsheets and your pro/con lists. 

The enterprise browser doesn’t just do everything password managers can do; it also packages these capabilities in an entirely new way — one that is seamless and error-proof to the user, and configured for the enterprise. It vastly simplifies enterprise-wide adoption of password best practices while creating new protections around their use within corporate applications. And it eliminates password abuse, helps ensure organizational custody of corporate passwords, and embraces passwordless user authentication flows.

Even more importantly, it creates a tightly controlled, full-visibility, zero-trust environment that goes far beyond password management — achieving true security, without the cost and burden of bolt-on solutions. 

In short, the enterprise browser is easy for users, and secure for enterprises.

Now, that’s a clear winner.

See how Island’s Enterprise Browser solves the password management problem in a way nothing else can.

Download our Guide to Thwarting Password Attacks

Remote Work Security Best Practices

Remote Work Security Best Practices

The shift to remote work has dramatically expanded the enterprise attack surface. Discover today's best practices to secure your distributed workforce and your company's data.
March 11, 2024

We've seen a seismic shift in where and how work gets done. Remote and hybrid arrangements have become the norm, offering benefits like increased flexibility, productivity, and access to talent. But this transition has also opened up new avenues for cyber threats, catching many organizations off guard.

Many companies today have at least some staff working outside of traditional office confines. According to Forbes’ Remote Work Statistics And Trends In 2024 as of 2023, 12.7% of full-time employees work remotely, plus 28.2% work in a hybrid model. Additionally, around 16% of companies already function entirely remotely, without the need for physical office space. These organizations are at the forefront of the remote work trend, proving its practicality and leading the way for future adoption.

While employees enjoy the freedom to work from anywhere, security teams are grappling with an attack surface that has exploded in size and complexity practically overnight. Outdated perimeter defenses are no match for an environment where personal devices, home networks, and cloud apps intermingle with corporate assets.

In this article, we look at the unique security challenges associated with remote work and share best practices for keeping data and systems safe without sacrificing user experience. You’ll learn the key threats to watch out for and the critical controls needed to protect your distributed workforce. Plus, we’ll explore how innovative solutions like enterprise browsers are redefining security for the modern workplace.

Remote work security threats 

Remote work opens the door to a range of cyber threats that can compromise sensitive data and systems. Some of the most pressing threats include:

Physical access threats: Unattended devices in public spaces or home offices can be vulnerable to unauthorized access.

Phishing, vishing, smishing: Social engineering attacks that manipulate users into revealing sensitive information or installing malware have surged. Phishing uses email, vishing exploits phone calls and voicemail, while smishing relies on SMS text messages. Remote workers may be more vulnerable because much of their work already takes place over the phone and text messaging. 

Social engineering: Techniques like pretexting, baiting, and quid pro quo that are used to trick users into breaking security protocols. Remote workers may be more susceptible without the security umbrella of the enterprise network present in an office environment.

Ransomware: Malicious software that encrypts a victim's files and demands payment to restore access. The use of personal devices and networks for work increases the risk of ransomware infections. 

Malware, spyware, viruses: Malicious software designed to infiltrate and damage systems or steal data. Remote work blurs the lines between personal and corporate devices, making it easier for malware to spread.

Wireless hijacking: Attackers exploit vulnerabilities in Wi-Fi networks to intercept data transmissions, especially on public or poorly secured home networks.

Eavesdropping: The act of secretly listening to private conversations, potentially revealing confidential information. Poorly configured remote meeting software can enable eavesdropping.

Traffic manipulation: Modifying unencrypted data in transit to commit fraud or steal information. The use of unsecured public networks places remote traffic at greater risk.

The consequences of these threats can be severe, including data breaches, financial losses, reputational damage, operational disruption, and regulatory penalties. Mitigating these risks requires a multi-layered approach to security.

Best security practices for remote work teams

So, what can you do? Securing a remote workforce demands a combination of technical controls, user education, and robust policies. Key best practices include:

Train staff on security practices

Human error remains a leading cause of security breaches. Educating employees about potential threats and best practices is crucial. Key topics you should cover include:

  • Recognizing and avoiding phishing, smishing, and vishing attempts 
  • Identifying signs of social engineering like unusual requests or pressure tactics
  • Awareness of ransomware and malware infection vectors
  • Password hygiene and the importance of strong, unique passwords
  • Safe use of generative AI tools, to prevent inadvertent sharing of sensitive data

Codify your company’s expectations in clear, accessible security policies. Provide guidance on securing home networks, keeping software updated, using secure passwords, and separating work and personal devices where possible.

Provide security tools  

Equip employees with the tools they need to work securely. Core solutions include:

Password managers to create and store strong, unique passwords. Explore the growing role of enterprise browsers as password management solutions.

Multi-factor authentication to prevent unauthorized access, even if passwords are compromised. Implement MFA broadly, not just for a subset of apps.  

Zero trust access models that continually verify trust, rather than assuming it based on network location or prior access. Educate staff on why zero trust is important in a perimeter-less world. 

Endpoint protection to detect and block threats on user devices. Consider solutions that work seamlessly off-network and don't hamper performance.

Protect devices

With the rise of bring-your-own-device (BYOD) models, organizations have less direct control over endpoints. Mitigate risks with device management and security policies:

  • Monitor device health and compliance with security tools to maintain visibility 
  • Enforce disk encryption, VPN usage, software update policies, and other baseline security settings 
  • Consider strategies for keeping  work data and apps separate from personal usage

Protect information and applications 

Adopting a granular, zero trust approach to data protection and access control is critical in a remote work environment. Here are some key best practices:

  • Implement role-based, least-privilege access policies to ensure users only have access to the resources they need to do their jobs. This limits exposure in the event of a compromise.
  • Require multi-factor authentication (MFA), especially for administrators and sensitive resources. MFA adds an extra layer of protection, even if a password is compromised.
  • Deploy data loss prevention (DLP) solutions to restrict the exfiltration of sensitive information. DLP tools can monitor and block unauthorized attempts to copy, send, or upload confidential data.
  • Shift from on-device storage to the cloud to reduce data sprawl. Cloud storage provides a central, secure repository for company data, making it easier to manage access and prevent data loss from lost or stolen devices.

The role of enterprise browsers in remote work security

A core element of a modern security stack for remote work is an enterprise browser. Unlike traditional browsers, enterprise browsers are purpose-built for organizations' security and manageability needs.

Enterprise browsers extend granular security policies and data protections to the browser, a critical gap in most security stacks. They enable device security posture checks, site access control, data loss prevention, and detailed logging. By building security into the browser, enterprise browsers deliver capabilities that point solutions like VPNs or cloud access brokers struggle to address.

Some key remote work security use cases for enterprise browsers:

  • Enforcing least-privilege access and data security policies for SaaS and internal web apps 
  • Enabling secure access to enterprise resources for unmanaged devices, without the need for full-device VPN
  • Protecting sensitive corporate data from compromise on personal devices by isolating the browser 
  • Gaining visibility into compliance issues and identifying anomalous user behavior through detailed audit logs

Streamline your security stack with an enterprise browser

Equipping employees with the right tools is essential for secure remote work. However, the traditional approach of stitching together point solutions can lead to complexity, user friction, and gaps in protection. 

Enter Island, the Enterprise Browser — a new class of tool that consolidates critical security functions into a single, user-friendly platform. By building key capabilities like password management, multi-factor authentication, and zero trust access directly into the browser, enterprise browsers like Island offer a more integrated and streamlined approach to remote work security.

Island eliminates the need for a system-level endpoint agent on a personal device, making BYOD a win-win for users and IT alike. By enforcing security and management policies directly in the browser, Island keeps all critical web apps and data secure without requiring intrusive software on the user's device. Last-mile controls built into the browser prevent data leakage, keeping business and personal data separate. This approach respects user privacy while still giving security teams the ability to manage risk. 

Let’s not forget that it's important to ensure the responsible use of generative AI tools like ChatGPT in the workplace. Island empowers organizations to harness the productivity benefits of generative AI with its built-in AI assistant, powered by ChatGPT. The advantage Island’s AI assistant offers is that you’re limiting OpenAI’s access to your intellectual property. Island also mitigates data leakage risks with capabilities like detailed logging of user interactions with AI tools, built-in data loss prevention to prevent the sharing of sensitive information, real-time user coaching, AI output inspection, and granular access control.

As you evaluate your remote work security stack, consider how an enterprise browser like Island can help you consolidate tools, improve protection, and deliver a better user experience. Our experts would be happy to discuss how Island can support your organization's unique needs. Contact us today to learn more.

Demystifying Virtual Desktop Pricing

Demystifying Virtual Desktop Pricing

March 2, 2024

If you’ve recently received your VDI renewal bill, you know firsthand that costs are on the rise. Anecdotally, reports of renewal bills doubling year over year are not uncommon. As IT budgets tighten under the pressure of these sharply rising costs, many IT leaders find themselves navigating the tricky waters of financial constraints while needing to invest in innovation.

The good news is that there is a modern alternative to virtual desktop solutions — one that can radically reduce your reliance on VDI and its associated costs. To understand how this new enterprise technology can ease the pain of being stuck in expensive VDI cycles, we first need to dig into the two most common virtual desktop pricing models.

What is desktop virtualization?

Desktop virtualization is a technology that hosts a virtual computing environment remotely, allowing remote access over the network. A virtual desktop behaves like a traditional endpoint, providing users access to applications and other resources. Virtual desktops are primarily used to centralize management and access controls of the desktop environments within an organization. They allow for detailed control over application provisioning, access controls, and security settings. 

Virtual desktop pricing options

The most notable virtual desktop providers include Citrix, VMware, Amazon AWS, and Microsoft Azure. Their pricing models vary based on factors such as the number of users, the intensity of computing resources required, and where the solution is hosted.

Self-Hosted Virtualization 

Many organizations choose to host the virtualization infrastructure in their own data centers. In this model, the costs of server infrastructure, hosting, and maintenance are the responsibility of the customer. The virtualization vendor licenses their solution, typically based on total number of users or number of server units. 

The advantage of self hosted virtualization is complete control over the environment and network resources. The costs are generally fixed and predictable for the duration of the contract. 

The downside to this approach is the significant capital costs required to build and host the virtualization infrastructure, plus ongoing maintenance. For organizations with fluctuating usage demands, or rapid growth of users, efficiently scaling the virtualization environment can be a challenge. And, as mentioned above, this model is still susceptible to unexpected pricing increases by virtualization vendors. 

Cloud-Hosted Virtualization 

A newer model for virtualization is cloud hosted or desktop as a service (DaaS). Similar to other cloud subscription models, this is typically offered with a variable cost structure, based on actual usage. All the infrastructure and hosting costs are carried by the vendor, making this a capital-light option. 

This model is ideal for businesses that experience fluctuating needs or for organizations with rapid user growth. With dynamic pricing, organizations can scale their resource usage up or down based on business demands. This can be a positive, as the organization doesn’t have to pay for idle infrastructure, but it requires careful monitoring and planning for the variable subscription charges.  

Under this model, diligent and continuous monitoring of usage is crucial to understanding the cost implications of the services being run. Virtual desktop costs can vary significantly with changes in resource consumption. So optimizing the virtual desktop configurations based on usage is key to budgeting accurately and avoiding unexpected expenses. 

Virtual Desktop Pricing Options at a Glance
Self-Hosted Cloud-Hosted
Cost structure Fixed Dynamic, Pay-as-you-go
Pricing based on Number of users or server units, plus the cost of hosting and maintaining infrastructure Actual usage of virtual desktops, with variable costs based on configuration and resource usage
Best for businesses that Prefer full end-to-end control and have predictable usage trends Have fluctuating usage needs or rapid user growth

Virtual desktop alternatives

A modern alternative to traditional virtual desktops is an enterprise browser. These specialized browsers are designed specifically for enterprise work. They secure and simplify access to cloud applications and internal resources, providing a lightweight and often more cost-effective solution compared to full virtual desktop infrastructures.

What is an enterprise browser?

An enterprise browser is a specialized web browser designed for the unique needs of businesses, with built-in security, policy management, productivity tools, and integration capabilities.

Unlike consumer browsers, which require additional layers of tech for security and IT policies, enterprise browsers provide tools for IT departments to control and secure everything that flows through the browser — no extra layers required. 

Virtual desktop vs. enterprise browser

An enterprise browser is not a virtual desktop, but the way they’re used is often very similar. Now that most applications are accessed through a browser, an enterprise browser offers a more direct platform for managing access and security. 

A virtual desktop replicates a full computing environment on a remote server, allowing users to access an entire operating system and its applications from any device. However, this can often result in a clunky user experience characterized by slower response times and reduced graphical performance, especially over low-bandwidth connections. 

An enterprise browser is specifically designed to securely access web applications and other resources within a corporate framework, without the overhead of managing a complete desktop environment. This delivers a smooth, familiar user experience that enhances productivity with minimal disruption. And because it’s a browser, there is nearly zero learning curve for end-users.

Organizations might choose an enterprise browser over a virtual desktop for its simplicity, cost-effectiveness, inherent security, and superior user experience. The enterprise browser is ideal for companies that heavily use web apps and SaaS, have a largely remote workforce, employ a BYOD strategy, and/or work extensively with third-party contractors.


The pricing models for enterprise browsers and virtual desktops reflect their differing scopes and technological demands. 

Enterprise browsers tend to be more cost-effective due to their simplified infrastructure needs and focused functionality. They are designed to optimize and secure web access without the overhead associated with virtualization infrastructure. 

Pricing for enterprise browsers usually involves subscription-based models that can be scaled according to the number of users the feature set required. This approach reduces upfront costs and aligns ongoing expenses more directly with actual usage, making enterprise browsers an economically advantageous option for organizations that rely heavily on web-based and SaaS applications.

Whether you’re currently self-hosting VDI or subscribing to cloud hosted virtual desktops, an enterprise browser can significantly reduce the costs associated with virtual desktops.

For fixed VDI plans, cost reduction is slower but larger because fixed costs associated with VDI, such as hardware, software licenses, and maintenance, can be substantial, and an enterprise browser streamlines operations by reducing or eliminating these overhead expenses. By consolidating and centralizing browser management and security, organizations can defer or avoid costly upgrades and expansions of their VDI infrastructure​​.

A smaller but more immediate cost reduction is seen with cloud hosted VDI plans because dynamic plans are typically usage-based, where costs fluctuate based on actual consumption. An enterprise browser reduces the need for extensive virtual desktop environments by directly managing and securing web applications. This efficiency reduces the number of resources consumed, leading to immediate cost savings with usage-based virtualization pricing.

The Island approach to enterprise browsers

Island's enterprise browser offers a compelling alternative to virtual desktops by providing robust, built-in protections against common web threats, advanced data control capabilities, and streamlined management tools that are easy for IT teams to deploy and maintain. 

No backhauling traffic. No servers to maintain. No frustrated end users. At a fraction of the cost. All built into a Chromium-based browser end users can deploy and use with zero training. Island simplifies administration and delivers a smoother, faster, and more secure user experience, tailored to meet the demanding needs of modern enterprises.

Further reading

Revolutionize the way you secure and enable work with an enterprise browser. 

Discover its benefits, key features, and real-world applications.

Best Alternatives to VDI

Best Alternatives to VDI

February 29, 2024

Virtual Desktop Infrastructure (VDI) is a technology that hosts virtualized desktop environments on a centralized server and delivers them to end-users over a network. This setup, which has been prominent in the IT industry for more than 20 years, allows for centralized management, improved access controls, and use of virtualized desktops from various devices regardless of geographic location.

However, two forces are pushing IT leaders to look beyond VDI and consider alternative technologies: one is the rise of SaaS and web applications, where virtualization has little or no benefit. The second is a steadily rising cost of operations for VDI, making alternatives more desirable. These modern options offer more scalable, flexible, and cost-effective alternatives to traditional VDI, addressing its limitations in performance and complexity.

Let’s explore the pros and cons of VDI, as well as its major alternatives: DaaS, virtualized applications, and enterprise browsers.

The advantages of a Virtual Desktop Infrastructure (VDI)

VDI's rise to prominence over the last two decades can be largely attributed to its ability to provide a consistent and secure desktop experience across any device, facilitated by centralized infrastructure. VDI enables organizations to streamline IT management, enhance access controls to applications and data, and offer remote flexibility – an especially valuable feature for a distributed workforce.

With centralized application and desktop management, VDI allows IT departments to provision and patch the OS and applications quickly, ensuring all users have the tools they need without the logistical challenges of managing endpoint installations directly. As a secondary advantage, VDI keeps user and application data within the organization’s controlled environment, reducing the risk of data breaches that can occur when data is stored on local devices.

The limitations of VDI

VDI, while beneficial in several use cases, also has numerous shortcomings:

  • Significant upfront investment. Implementing VDI requires a substantial investment in infrastructure, including servers, storage systems, virtualization software, and network infrastructure.
  • Operational Complexity. VDI deployments can be complex and require teams with specialized knowledge and expertise. IT administrators need to have a deep understanding of virtualization technology, networking, and storage. Training and help desk resources increase the overall complexity of IT operations.
  • Less-than-optimal user experience. Users experience login delays, performance differences, and compatibility issues with peripherals like webcams, microphones, or printers. Added to the inherent latency of sending data over the network, these issues can negatively impact user productivity.

While VDI has its advantages in certain situations, today’s alternatives to VDI may offer more flexible and efficient solutions. And because 80–90% of applications are web-based in most organizations today, that means those organizations are posed to cut their reliance on — and the associated costs of — VDI by as much as 80% or more

Let’s consider the alternatives.

Alternative #1 Desktop-as-a-Service (DaaS)

Like VDI, Desktop-as-a-Service (DaaS) enables organizations to deliver virtualized desktops and applications to end users. However, DaaS is different from VDI because it is a cloud offering where hosting and much of the management is handled by a third party.

What DaaS offers

Ease of deployment, scalability and dynamic pricing makes DaaS a viable option for organizations looking to move on from VDI.

The advantages of DaaS compared to VDI include:

  • Ease of deployment. Given that DaaS solutions are managed in the cloud by third-party providers, organizations eliminate the need to invest in and manage complex infrastructure, reducing the time, effort, and cost required to run these resources.
  • Scalability. DaaS enables organizations to easily add or remove virtual desktops without the constraints of physical hardware, especially as businesses have fluctuating user demands and ever-changing workloads that may require scaling, or de-scaling, of resources. 
  • Cost. Organizations can usually expect a usage-based pricing model, so costs will fluctuate up and down depending on the number of users and their workflows. Unlike VDI, there’s no baseline cost to maintain the infrastructure, as this is handled by the DaaS provider. 

These benefits have made DaaS an attractive option in recent years for businesses looking to leverage the flexibility of virtual desktops without the complexities and capital expenditures associated with self-hosted VDI. According to recent research from Forrester, “This growth and interest is most often due to its promise of reducing complexity and offering better availability. Despite the VDI market’s slowing growth, more environments will transition to a DaaS or cloud-hosted VDI environment.”1 

The limitations of DaaS

DaaS also has several limitations that organizations need to consider:

  • Limited customization: While DaaS offers a degree of customization, it may not meet the specific needs of businesses that require highly specialized configurations or software environments, unlike VDI where the control over the desktop environment is more granular.
  • Data sovereignty and compliance issues: Depending on the location of the DaaS provider’s data centers, there may be concerns about data sovereignty and compliance with local data protection regulations, which can be a significant issue for businesses in highly regulated industries.
  • Cost over time: While DaaS can reduce upfront costs, the consumption-based pricing model can lead to higher operational expenses over time. Additionally, cost optimization is a real concern. In the same Forrester research, the author observed that “One customer reported getting nonpersistent instances down to $4 per user per month compared with its previous average of $40 per user per month.”1 

DaaS is a valuable solution for many scenarios. But given the limitations of DaaS, what other alternatives exist? 

Alternative #2: Virtualized applications

Virtualized applications, sometimes called published applications, are a different approach to virtualization that drops the full desktop experience. When a user launches a virtualized application, just that application window is streamed from the virtualization service. This model is ideal for scenarios where users have a mix of locally-installed and virtualized applications. 

Similar to DaaS, virtualized applications give users access to applications on any device. 

What virtualized applications offer

Like DaaS, virtualized applications remove the need for VDI infrastructure, and enable administrators to deploy quickly and seamlessly, with the benefit of centralized administration.

Virtualized applications offer several advantages over traditional VDI, including:

  • Flexibility: Virtualized applications enable organizations to run legacy applications across different platforms and operating systems, thereby reducing compatibility issues and enhancing operational flexibility. This allows businesses to continue using their essential legacy software on modern systems without requiring extensive reengineering.
  • Scalability: Virtualized applications allow for easy scalability since additional instances can be deployed quickly from the centralized administration console. This scalability is crucial for businesses that experience fluctuating demands, as they can quickly adjust their application resources without significant investments or downtime.
  • Management and maintenance: With application virtualization, software updates, and maintenance can be centralized, simplifying the management process. IT departments can deploy patches and updates to one central location rather than individual desktops, ensuring consistency across the organization and reducing the administrative burden.

These advantages make application virtualization an appealing alternative to traditional VDI, offering increased flexibility, cost efficiency, and scalability while maintaining or enhancing security and management capabilities.

The limitations of virtualized applications

Virtualized applications also present several drawbacks:

  • Compatibility issues: Not all applications are suitable for virtualization. Some complex software, particularly those that are heavily dependent on hardware integration (like graphical or CAD software), may not perform well or could be incompatible with virtualization platforms, leading to functionality restrictions or performance degradation.
  • Administrative overhead: Although application virtualization can reduce some aspects of IT management, it can also add complexity. The need to manage virtual application deployments, along with maintaining locally installed OS and applications on the endpoint, can increase the administrative burden on IT staff.
  • Network dependency: Like other forms of virtualization, virtualized applications rely heavily on network connectivity. Poor connectivity or low bandwidth can lead to latency issues, impacting the user experience and productivity, particularly for data-intensive applications. 

Alternative #3: Enterprise browsers

Given the shortcomings that still exist within VDI, DaaS, and virtualized applications, let’s explore one more alternative: the enterprise browser.

An enterprise browser is a specialized web browser designed specifically for use within corporate environments to enhance security, manageability, and productivity across the organization. It operates as a typical browser does, but also integrates directly with enterprise management tools and policies, allowing IT departments to control browser configurations, manage application access, and enforce security policies. 

An enterprise browser supports secure, efficient web access for employees, while providing the necessary tools to monitor usage, block malicious websites, and ensure that corporate data remains protected during online activities.

And Gartner predicts that enterprise browsers will be the core platform for delivering workforce productivity and security by 2030.2

What enterprise browsers offer

An enterprise browser provides several advantages to VDI and its other alternatives listed above. As compared to VDI for SaaS or web application access, enterprise browsers reduce costs by up to 80% or more. It also enhances productivity and user experiences, and contains secure-by-design features.

Let’s explore all the advantages of enterprise browsers, when compared to all of the alternatives:

  • Reduce the cost and complexity of VDI infrastructure: Traditional VDI requires extensive server infrastructure and hosting costs, plus bandwidth, storage, and maintenance. By contrast, an enterprise browser shifts the workload to the endpoint's browser, with efficient cloud-based administration. 
  • Reduced licensing costs: Unlike VDI solutions that incur substantial costs for platform licensing and additional licenses for operating systems and endpoint agents, an enterprise browser can significantly cut down these expenses by reducing the need for VDI by 80-90%.
  • Enhanced security and workflow optimization: Enterprise browsers allow IT and security teams to enforce appropriate controls for application access and data protections, along with security protections for the environment. At the same time, enterprise browsers can optimize and automate common workflows to bring real productivity gains to users. 
  • Auditing: With enterprise browsers, IT and security departments can audit critical web application activity, providing detailed insights combined with user identity to ensure compliance and aid in incident resolution. 
  • Optimized user experience: Enterprise browsers eliminate the need for a virtualization layer to access applications, making performance fast and frictionless. The user experience is similar to other browsers like Google Chrome or Microsoft Edge, making it easy for users to switch.

The future of enterprise browsers: Island

Island, the Enterprise Browser, is designed to enhance corporate security and compliance while improving manageability and user experience. 

Here are key aspects of Island that set it apart from VDI and its alternatives:

  • Enhanced security: Island includes built-in security features that protect browser components by and implement advanced defensive measures against common threats, thereby enhancing the overall security posture of the organization.
  • Compliance and control: The browser enables strict enforcement of compliance policies directly through its interface, ensuring that all browsing activities adhere to corporate standards and regulatory requirements.
  • Seamless integration and management: Island facilitates easy integration into existing IT infrastructures, allowing for centralized management of browser policies, updates, and security protocols, which simplifies IT administration.
  • Reduced infrastructure and cost: By potentially displacing or replacing various tools such as VDI and DaaS, VPN and ZTNA, RBI, and password managers, Island reduces the cost and complexity associated with maintaining multiple security and access solutions.
  • Improved user experience: Island offers a clean, performance-first browsing experience with a familiar user interface. It includes built-in productivity tools such as an AI Assistant, Password Manager, and Clipboard Manager, which enhance efficiency and user satisfaction.
  • Lower licensing fees: The reduction in reliance on traditional VDI and associated platforms means significantly lower costs related to software licensing and operational expenditures.
  • Effective monitoring: IT and security teams benefit from advanced monitoring capabilities that provide detailed insights into web activity, paired with tools to ensure compliance and resolve incidents swiftly.

Island’s Enterprise Browser is ideal for organizations looking to secure and streamline their web and application access without the complexity and high costs typically associated with conventional virtual desktop infrastructure.

Further reading

Consider a modern VDI alternative that is redefining workplace efficiency.

See how to drastically reduce your VDI dependency with an enterprise browser

1: Forrester, The State of VDI, 2023, Will McKeon-White, 20 Oct. 2023
2: Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023 
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

How Today’s Top CIOs are Completing the Cloud Journey

How Today’s Top CIOs are Completing the Cloud Journey

Dennis Pike
February 26, 2024

As a CIO, you’ve likely embraced the savings, flexibility, scalability, and security of the cloud. Many organizations have benefited tremendously from this transformation, and Gartner® predicts that by 2028 the cloud will become a “business necessity.”1

But there’s a last step in the cloud transformation journey you may not have taken yet. While the vast majority of infrastructure has been upgraded and modernized to support this shift, you’re still missing a seamless access method to the workloads, apps, and data that moved to the cloud.

The enterprise browser is the tool CIOs never knew they were lacking — a relatively new innovation that represents a complete reimagining of a browser, with the needs of the enterprise baked in. It is the missing link to realizing the full potential of your cloud modernization efforts.

The missing link: the enterprise browser

The shift to the cloud makes the web browser a critical link in enterprise application workflows. And yet the browsers used for enterprise work are the exact same consumer browsers used by billions at home, none of which are designed with enterprise considerations. 

Consumer browsers lack the security features, deep visibility and hyper-granular policy controls enterprises need. Moreover, organizations have customized all aspects of the IT environment to ensure each employee has a tailored experience specific to their role and responsibilities. This is also lacking in our consumer browsers. These deficiencies have compelled business and security leaders to surround their browsers with various layers of tech to meet the needs of the enterprise — think VDI, VPN, agents, proxies, and more.

Island CEO, Michael Fey, and CXOTalk's Michael Krigsman discuss how the consumer browser has become a tech stack in and of itself.

The result is a frustrating tradeoff between security and driving innovation within the business. Take, for example, the push-pull of generative AI, where business leaders are chasing down uses for these novel capabilities to stay ahead of their competition while their risk-averse security teams are continually reeling them back in. “Shadow IT” emerged as a result of this clash of interests, cropping up when business teams decide to secretly sidestep security in order to forge ahead on their revenue-generating projects.

Even worse, you’ve probably noticed that these negotiations between lines of business and security often come at the expense of the end user. This is especially true with virtual desktop infrastructure (VDI): when each side finally compromises on a solution acceptable to their needs, the end user is left with a lag-laden VDI experience they would never choose for themselves

In contrast, the enterprise browser is designed from the ground up to serve the security, functionality, and user experience needs critical to today’s business environments — delivering advanced security measures, efficient data management and seamless integration with business processes, as well as elevating productivity and streamlining business operations. It is the modern keystone to enhancing and completing your cloud journey while ensuring a win-win-win between line of business, security, and end users.

The enterprise browser: the workspace of the future

The enterprise browser empowers you to safeguard users and data precisely where your users engage with SaaS and internal web applications — protecting operations such as printing, copy, paste, downloads, uploads, and extensions; more advanced security requirements such as data redaction, watermarking, and adding multi-factor authentication where not previously supported; as well as built-in safe browsing, web filtering, exploit prevention, and zero trust network access.

But its benefits go well beyond security. The enterprise browser also provides a familiar native user experience, distinguishing itself from costly and underperforming VDI solutions. Contractors, remote workers, and newly acquired companies just log in and get to work, without putting data at risk. No waiting for corporate devices to arrive, or bothering IT to set them up. All at a lower cost. Additionally, organizations benefit from customizations that allow the browser to be tailored to an employee’s role, and inline with the company’s brand and culture.

The enterprise browser is the modern keystone to enhancing and completing your cloud journey while ensuring a win-win-win between line of business, security, and end users.

And even though the enterprise browser is a relatively new approach, it is already seeing widespread adoption. In fact, Gartner predicts that by 2030 the enterprise browser will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.2

Realizing full cloud potential with the enterprise browser

With improved integration, customization, security, and more, the enterprise browser is the answer to harnessing the full potential of the cloud. Here are some ways the enterprise browser helps modernize your infrastructure.

Seamless integration

The enterprise browser may be the simplest application to introduce in your environment. It’s based on Chromium, so it’s fully compatible with all modern web and legacy applications. It can be deployed virtually anywhere, on both managed and unmanaged devices and all major OS platforms. And it offers pre-built integrations for identity providers, cloud storage, SIEM, and more to fit into your existing technology stack.

Improved UX and productivity 

Improvements to user experience and productivity are built into the enterprise browser. Users enjoy familiar onboarding and usage with the enterprise browser, because it offers the same UX as Chrome (or any other browser built on Chromium). It also offers productivity tools like a smart clipboard manager that are optimized for the workplace. 

Customization and control

The enterprise browser also allows you full customization and control over your browsing environment. And here, “control” is the opposite of restrictive: control within the enterprise browser actually expands rather than limits your users’ freedom. Dynamic safeguards open up new possibilities for accessing previously restricted applications, as well as using applications in different ways than before. Granting your users the freedom to be highly flexible and collaborative, while also being secure, is a boost to both morale and productivity.

Tailored security

The enterprise browser’s enhanced security is also tailored for each user and function. Users benefit from native self-protection and secure productivity tools, including the smart clipboard manager, GPT Assistant, and Password Manager. Security features also include increased visibility, secure browsing, data protection, and a zero-trust environment — all built-in and virtually invisible to the user. It’s as secure as it gets, without sacrificing one ounce of function.

Making the transition: enterprise browser implementations

Now that you’ve found this last, missing piece, how should you deploy it? Here are just a few of the game-changing use cases for the enterprise browser.

Contractor access

Contractors are a significant part of today’s workforce, including business process outsourcers, visiting physicians or nurses, franchisees and beyond. In many organizations, the contractor base is massive, presenting an equally sizable challenge to onboard them and provide secure access to sensitive apps and data. 

The enterprise browser solves this challenge, providing contractors simple, native access to your business’s network and applications, with full control and visibility for you. Contractors simply install a browser on any device, authenticate, and get instant access to what they need — and nothing else. Granular controls keep data from leaking, and all work activity is logged for easy auditing. 

Take, for instance, a growing telehealth company that has implemented Island’s Enterprise Browser. They had been adding contractor clinicians rapidly, spread out across the U.S. Initially, their options were to buy and ship laptops to clinicians or to provide Desktop-as-a-Service (DaaS) that clinicians could access from their personal computers Neither solution was perfect, in terms of cost, speed, or security. Island provides them a fast contractor onboarding experience, robust security and better visibility, all at a lower cost.

Remote work and BYOD

With today’s dispersed workforce, many organizations face a similar challenge with their own employees when considering BYOD or remote work. There are three main concerns:

1. Unmanaged devices connected to critical applications housing sensitive data
2. User skepticism around endpoint management agents added to their devices 
3. IT operational cost around all the security needed to secure virtual desktops

The enterprise browser solves all three. No more finicky, expensive DaaS, VDI or endpoint agent. Security and policies are built into the browser. Last-mile controls stop data leakage. Your users’ privacy is protected, and their Chromium-based experience is effortless. 

Another Island customer, Sonar, needed to connect their 7 million users and 500 employees, dispersed in offices and remote locations around the globe. “Deploying infrastructure and end-user technology for those people has definitely been a challenge,” says CIO Andrea Malagodi. And the prospect of implementing VDI, requiring onsite support and beefed-up IT, not to mention latency issues, gave him cold sweats.

Today, Sonar uses Island as its mandatory browser — and their days of shipping laptops or new software are long gone. Malagodi can implement new, tailored security rules across the enterprise in hours or even minutes, while Sonar’s employees retain the same user experience they enjoyed with Chrome. And when new challenges present themselves? Malagodi says, “The answer to most questions is, ‘We can do that through Island.’”

Critical SaaS applications

Migrating SaaS and corporate web apps to the cloud has tremendous benefits, but it also creates sometimes-unforeseen security vulnerabilities for the business due to a lack of data protection and governance inherent in the web and traditional browsers. Securing and delivering these apps is a massive headache for IT departments, who must constantly create new exceptions to give users what they require while keeping them secure.

Say a salesperson is logging in from a machine at their home to a critical SaaS app. If they are exporting, downloading or copying critical customer information from the screen, this presents a serious data protection risk.

Here again, the enterprise browser is the simple, elegant missing piece — a closed loop, preventing SaaS and critical web app information from leaking out to desktops, file systems, web conferences, external drives, camera phones and more. 

The browser can automatically check device posture during user logins to ensure trusted devices are being used to access critical SaaS apps. It can encrypt cookies to protect app sessions from intrusion, scan for malware, or create policies governing data storage and enhance privacy. It allows you to block certain actions, like screen printing. And so much more, all in a few clicks — freeing your IT, security, (and possibly legal?) departments from massive headaches.

Complete your cloud journey with the enterprise browser

Cloud infrastructure is the future of business technology. But this future presents new challenges around securing your business and the people who need access to it, all while preserving productivity and innovation.

The enterprise browser is the last step between you and the ideal work experience — one that is easy, productive, and secure. And it’s a strategic imperative to the success of your business.

When it comes to enterprise technology’s migration to the cloud, the future is already here. Will you be the CIO playing catch-up? Or will you take that next step?

1: Gartner Press Release, “Gartner Says Cloud Will Become a Business Necessity by 2028”, November 29, 2023. 

2: Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Enterprise Browser: Definition, Key Features, and Use Cases

Enterprise Browser: Definition, Key Features, and Use Cases

Revolutionize the way you secure and enable work with an enterprise browser. Discover what it is, its benefits, key features, and real-world applications.
February 14, 2024

The broad adoption of SaaS and web applications made the web browser a critical enterprise application. But many organizations still use consumer browsers that were never designed as enterprise applications. Recognizing this gap, the concept of an enterprise browser has emerged as a cornerstone of modern infrastructure strategy.

Let's dive into the world of enterprise browsers: what they are, where they fit into the IT ecosystem, and how they're reshaping the way businesses interact with SaaS and web applications.

What is an enterprise browser?

An enterprise browser is a web browser designed specifically to meet the unique needs of businesses, focusing on security, manageability, and integration with enterprise tools and workflows. 

Unlike consumer browsers that are optimized for general web browsing by individuals, enterprise browsers offer features tailored to workplace usage. This includes integration with enterprise identity systems, enhanced security measures, full administration controls, and optimization for enterprise applications.

Enterprise Browsers vs. Consumer Browsers

The web browsers most people use today like Google Chrome or Microsoft Edge were designed for the widest possible user community, and optimized for personal use. An enterprise browser was designed specifically for the workplace, and optimized to serve the enterprise needs of the organization. It does so by taking the core security, IT, and productivity capabilities that typically surround the browser, and naturally embedding them into the browser itself.

The result is a browser experience optimized for end users, coupled with an admin console optimized for IT and security teams.

At its core, an enterprise browser is built on the Chromium browser engine – the same technology that powers Chrome, Edge, Brave, and other popular consumer browsers. By using Chromium, an enterprise browser can deliver the smooth, familiar user experience users expect, while ensuring 100% compatibility with SaaS and web applications right out of the box.

Key Features of an Enterprise Browser

Enterprise browsers are designed to address the unique needs of modern enterprises by offering a suite of features that enhance security, productivity, and manageability. Here's how they deliver on these fronts with specific examples:

Application Access

Enterprise browsers provide secure and controlled access to both internal and external web applications, ensuring that users can reach necessary resources efficiently.

Consider a scenario where an organization uses a mix of cloud-based SaaS applications like Salesforce for CRM, Google Workspace for collaboration, and internally hosted web applications for HR and finance. An enterprise browser can offer seamless access to these resources by integrating with identity and access management (IAM) systems for single sign-on (SSO) capabilities. It can enforce granular access to applications and restrict certain pages or functions within an application to certain users. 

In addition to user identity, an enterprise browser considers the device status, network location, and geolocation to protect against unauthorized access. 

Data Protection

Protecting sensitive corporate data from leakage or unauthorized access is a core capability of enterprise browsers, achieved through granular control over data interactions within the browser.

Imagine a financial analyst working with sensitive customer data in a web-based reporting tool. The enterprise browser can prevent this data from being copied and pasted into unauthorized web applications or being downloaded to an unsecured device. Policies could be configured to allow data interaction within approved applications while redacting sensitive information or blocking downloads to ensure data doesn't leave the secure environment.

Visibility with Privacy

Enterprise browsers balance the need for organizational oversight with individual privacy, offering detailed insights into user behavior and application usage while respecting user privacy.

Take, for example, a healthcare provider needing to ensure compliance with health information privacy regulations such as HIPAA while still monitoring for unusual or unauthorized access to patient records through web applications. An enterprise browser can log access to sensitive applications, providing auditors with the information needed for compliance reviews without capturing personal browsing data of the staff, ensuring that personal use of the web remains private and secure.

User Productivity

Enhancing user productivity by streamlining access to tools and resources, offering a fast and responsive browsing experience, and integrating productivity-enhancing features.

Consider a contact center agent who interacts with customers through email and online chat. Leading enterprise browsers offer built-in productivity tools, such as an AI assistant and smart clipboard manager, that will help the contact center agent reply quickly and confidently to customer inquiries. 

Enterprise Browser Use Cases

Enterprise browsers address several critical use cases in modern enterprise IT environments by balancing the needs for security, manageability, and a positive user experience. 

Let's explore how they cater to specific scenarios:

Securing SaaS and Web Apps

Challenge: SaaS and web applications are central to business operations but can pose significant security risks when accessed with a consumer browser. 

Solution: An enterprise browser ensures secure access to these applications by embedding security policies directly into the browser. It can enforce content and context-aware policies, like restricting copy-paste actions, redirecting downloads to secure cloud storage, or redacting sensitive information displayed on-screen, thereby preventing data exfiltration or leakage.

Bring Your Own Device (BYOD)

Challenge: BYOD policies increase flexibility and reduce costs but introduce risks associated with mixing personal and corporate data, potential malware infections, and inconsistent security postures.

Solution: Enterprise browsers enable secure and controlled access to corporate resources from personal devices. They can ensure separation of work and personal data by restricting downloads onto a personal device and applying security policies tuned for BYOD. Outside the enterprise browser, the personal device stays personal so there’s no compromising user privacy. 

Contractor and Third-Party Access

Challenge: Contractors need access to corporate applications and resources. Providing access to an unmanaged device risks exposing sensitive information, and provisioning laptops or virtual desktops adds cost and complexity.  

Solution: With an enterprise browser, organizations can offer contractors controlled access to necessary applications and data, without provisioning new devices. Policies can be fine-tuned to limit access based on the contractor's role, location, or device, ensuring they have only the information necessary to complete their tasks. Data protections ensure that sensitive information never leaks outside the browser. 

Radically Reduce Virtual Desktop Infrastructure (VDI)

Challenge: VDI solutions provide centrally managed  access to corporate environments but are expensive, complex to manage, and often deliver a subpar user experience.

Solution: An enterprise browser can reduce the need for VDI by offering a secure, managed browser environment that connects users directly to corporate web applications and resources. This approach can augment VDI by providing direct access to SaaS and web apps, reducing the load on VDI infrastructure, and in some cases, replacing the need for VDI altogether.

Zero Trust Security

Challenge: Legacy security models based on device and network trust are no longer adequate for today's distributed work environment. Zero trust models, which assume no implicit trust and verify every access request, can be challenging to implement.

Solution: An enterprise browser supports zero trust security models by verifying the user, device, and application context for every access request. It can enforce access controls and security policies directly within the browser, ensuring that only authenticated and authorized users can access corporate resources.

In each of these use cases, the enterprise browser emerges as a pivotal tool that enables organizations to navigate the complexities of modern IT environments, ensuring security, flexibility, and a seamless user experience​​​​​​.

What are the benefits of an enterprise browser?

Enterprise organizations that use SaaS or web applications for essential business functions should use an enterprise browser. Consumer browsers were never designed for enterprise use, so organizations typically surround them with other tools and technologies to make them suitable for business. An enterprise browser offers a superior browser experience for IT, security, and employees alike.  

  • Built-in security and data protection. Enterprise browsers integrate advanced security measures to protect against phishing, malware, and adaptive threats, directly within the browser. These integrated protections safeguard enterprise applications and data, enabling dynamic data protection policies that prevent leakage and enhance security without disrupting workflows.
  • Control and governance. Administrators can implement granular, context-aware policies directly within the browser to manage access and user interactions based on role, device status, and location. This control allows for precise security measures, such as blocking risky downloads or restricting data transfer to untrusted sites, thereby enhancing organizational compliance and security.
  • Visibility and monitoring. Enterprise browsers provide detailed logging of web activities, offering insights into user interactions while maintaining privacy for personal browsing. This monitoring creates a thorough audit trail that aids in compliance, forensic investigations, and proactive threat detection, balancing security with user privacy.
  • Integration with enterprise tools. These browsers seamlessly integrate with corporate infrastructure like identity management systems and SIEM, ensuring a cohesive and secure IT environment. Such integration reduces compatibility issues and streamlines IT operations, fostering a secure and efficient work environment.
  • Reduced infrastructure. By centralizing control and enhancing security, enterprise browsers reduce the need for multiple security solutions and simplify IT management. The reduction in disparate systems not only lowers costs but also decreases complexity, making IT management more straightforward and cost-effective.
  • Better user experience. Enterprise browsers are based on familiar technology and integrate with enterprise tools, providing optimized performance and minimal training requirements. This leads to a user-friendly environment that enhances productivity and reduces the friction typically associated with adopting new technology.
  • Enterprise branding and messaging. Organizations can customize their enterprise browsers to reflect branding and streamline access to frequently used applications. Customization enhances user engagement and ensures a consistent corporate identity across tools, improving user familiarity and corporate coherence.
  • Password protection. Enterprise browsers enhance password security through integrated management and protection features that safeguard against phishing and malware. The built-in password management and privileged access management (PAM) capabilities enhance security for shared accounts, facilitating secure and efficient access management.

The Island Enterprise Browser

Island is the leading enterprise browser, offering complete control, visibility, and governance over web-based activities within the corporate environment. The following capabilities not available in a consumer browser and go beyond the scope of other enterprise browsers:

  • Deep integration of security and productivity features. Island seamlessly blends security features with productivity tools within the browser itself, rather than relying on external plugins or services. This includes advanced data protection mechanisms, secure access controls, and user activity monitoring, all designed to function without disrupting the user experience.
  • Granular control over web activities. Organizations can enforce policies to block access to harmful or risky web destinations or display a warning to users. Within an application, policies govern what actions are allowed based on the context of the user, their device, and the application itself. These controls can mask or modify what’s displayed on the page, as well as how data moves between or outside of applications. 
  • Built-in zero trust security. Island is engineered with a zero-trust architecture at its core, ensuring that no user or device is trusted by default, regardless of their network location. This approach is reflected in features that verify the identity and security posture of each user and device before granting access to web applications and data.
  • User privacy considerations. While offering comprehensive visibility into user activities for security and compliance purposes, Island also respects user privacy. Policies are context aware to differentiate between corporate and personal browsing sessions, applying the right level of visibility for each activity. Users can see how their current session is monitored and protected with dynamic status indicators in the browser window. 
  • Simplified IT infrastructure. By integrating a wide array of security and management features directly into the browser, Island reduces the need for additional security solutions, such as remote browser isolation (RBI), virtual private networks (VPN), and complex DLP systems. This consolidation also reduces costs and the administrative burden associated with managing multiple security tools.

The Enterprise Browser: A New Foundation of Modern Infrastructure

The unique challenges of modern enterprises — ranging from securing sensitive data and applications to enabling a flexible and productive workforce — demand a solution that goes beyond the capabilities of traditional consumer browsers.

The enterprise browser emerges not just as a tool, but as a foundational element of a modern IT ecosystem. By offering built-in security features, granular control and governance, and a user experience designed for productivity, enterprise browsers like Island address the critical needs of today's businesses.

Further reading

With an enterprise browser, IT leaders now have the opportunity to build a tech stack that’s considerably leaner and much more effective.

See why BYOD is your best starting point for testing and roll out.

Enterprise Browser: FAQ

Do I need to test all my applications for compatibility?

All leading enterprise browsers are based on the Chromium rendering engine, the same as Chrome, Edge, Brave, and other browsers. This means that any application that works with Chrome or Edge will work with an enterprise browser, and the page rendering is identical.

Can I use an enterprise browser with legacy applications that require Internet Explorer?

Some enterprise browsers offer an IE Legacy Mode that swaps out the Chromium rendering engine to use the IE engine that's still bundled with the Windows OS. Be sure to ask your enterprise browser vendor if they offer this capability.

Does an enterprise browser introduce any performance penalties?

An enterprise browser offers the same performance as a consumer browser for all web applications and web browsing. In many situations, you'll actually see a performance improvement over consumer browsers if the enterprise browser offers ad and tracker blocking. Be sure to ask your enterprise browser vendor if they offer this capability.

How does an enterprise browser compare to VDI/DaaS streamed through a browser?

Virtual desktops are often used to fill a similar role as an enterprise browser. There are some significant differences between the two technologies to consider: VDI requires substantial infrastructure investments in terms of servers, networking, and virtualization software.

Even when cloud hosted, the service cost reflects the large infrastructure requirement. VDI also puts a burden on users, with session interruptions, visual artifacts, or delays in application performance, creating a real tax on user productivity. For most organizations, shifting SaaS and web workloads out of VDI and into an enterprise browser will deliver significant cost savings and a dramatically better user experience.

Can an enterprise browser work within my security service edge (SSE) environment?

An enterprise browser can happily coexist within an SSE environment, and this is not uncommon today. Or, an enterprise browser can be used as an alternative to SSE. Moving the enforcement layer from the network to the browser offers several advantages. An enterprise browser offers complete flexibility in deployment. They can be used on managed or unmanaged devices and don't require routing and inspecting network traffic.

This flexibility applies to applications as well: an enterprise browser does its management and inspection in the browser, so there's no requirement for application-specific API integration.

Do I need a VPN to use an enterprise browser?

An enterprise browser will use whatever network connection is available on the endpoint. It can use a VPN, ZTNA, or proxy connection from another vendor without conflict. Some enterprise browser vendors offer integrated ZTNA that's built-in to the browser to streamline access to internal or private applications. Be sure to ask your enterprise browser vendor if they offer this capability.

Can I use an enterprise browser on an unmanaged or personal (BYOD) device?

Yes. All the management capabilities of an enterprise browser are delivered directly through the browser so it can be deployed on any device, whether it's managed or unmanaged. This also offers flexibility in deployment where the enterprise browser is managed by one organization and the device is managed by another-for example, clients working with a BPO.

Can I use an enterprise browser on a mobile device?

Yes. Several enterprise browser vendors offer both desktop and mobile versions. Be sure to ask your enterprise browser vendor if they offer this capability.

Does an enterprise browser record all user web activity? What about user privacy?

Activity logging and auditing is an important capability for an enterprise browser, but it is configured in a way to balance the needs of the organization and the user's privacy. An enterprise browser supports flexible logging controls that record activity within critical application workflows while anonymizing (or ignoring) strictly personal web destinations. Some enterprise browsers also offer a user-facing indicator that will show the user whether their activity is being monitored. Be sure to ask your enterprise browser vendor if they offer this capability.

How to Reduce VDI Cost

How to Reduce VDI Cost

Bradon Rogers
January 23, 2024

Virtual Desktop Infrastructure (VDI) explained

A virtual desktop is a user interface that allows people to interact with a virtualized environment, where the desktop operating system and applications are hosted on a remote server rather than on the local machine. This setup enables users to access their desktop and applications from any device with internet connectivity.

Virtual Desktop Infrastructure, or VDI, refers to the technology used to create and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. This infrastructure supports multiple virtual desktops which can be tailored to individual users while being managed centrally by IT administrators.

How VDI Works

VDI operates by running desktop operating systems and applications within virtual machines (VMs) on a centralized server. When a user logs in, the VDI system assigns a virtual desktop from the pool of VMs, connecting them through a thin client or a web browser. The user interacts with this virtual desktop as if running on their local machine, though all processing and data storage happen on the server.

Why businesses use VDI

VDI gained traction as a technology that provided end users a streamed, self-contained computing environment, regardless of their device, delivered from a centralized data center. This approach gained popularity with IT and security teams, as it offered centralized management and access controls for a distributed workforce

Given the different needs between IT and security teams, it was the “least common denominator” they could agree upon. IT teams could put applications in the hands of their users, while cybersecurity could feel comfortable keeping data in the organization’s control. 

The onset of remote work made the strategy much more widespread, given that many organizations already had VDI infrastructure and experience. To many, it was the only imaginable avenue to empower the needs of the organization. The resulting downside? Most organizations are often upside down in their VDI investment (given that the costs are exceptional) and it seems there is ubiquitous disdain for the experience across practitioners and users. 

The downside of VDI

In most organizations, we see 80–90% of the applications being used are web-based external or internal applications. The remaining 10–20% are a combination of command line or thick application needs. Sure, VDI may be valuable for certain situational needs. But if an organization can reduce its dependency — and subsequent cost — of VDI by 80% or more, it seems foolish not to consider. Even if the reduction is, say, only 50%, that can be a huge win for the organization.

Most importantly, to allow such a small footprint of resources to negatively impact the user experience for everyone needing application access is simply unnecessary. This is particularly true given not all users use or need VDI in the same ways, so even targeted reductions or eliminations can be very valuable. In the eyes of most practitioners who live with this frustration every day, a transformational change is needed.

That’s not to say that desktop virtualization could or should go away tomorrow. However, it is clear that organizations and users are hungry for avenues that help them reduce their dependency upon such application delivery experiences. 

The enterprise browser: a modern way to reduce VDI

The inherent challenges with desktop virtualization stem from the very thing that made it appealing in the first place: a safe way to give audiences access to critical applications they need. At the time, there were IT and security benefits to moving the computing layer to the cloud or on-premise servers. 

But end users paid the cost with unavoidable latency and performance penalties. The solution to this dilemma is to shift as much compute back to the endpoint as possible, and restore a natural end user experience, all while delivering applications safely to the appropriate audiences. 

Today, we have an alternative to desktop virtualization that does just that. Enterprise Browsers present a more user-friendly, lightweight option while still meeting the needs of most enterprises. 

  • Secure application access. If the primary requirement is to provide employees with a secure and controlled environment for accessing web-based applications (internal or external), command line needs, or remote desktop needs, an enterprise browser is a fitting choice.
  • Endpoint security enhancement. Organizations looking to enhance endpoint security by protecting users, applications, and devices from potential threats can benefit from an enterprise browser.
  • BYOD policies. In environments where employees use personal devices for work, an enterprise browser can offer an application delivery experience without the invasiveness of other technologies. They can even provide a perfect level of privacy, allowing the user to continue using their browser of choice for personal and non-critical work needs. Most importantly, it can ensure protection for the organization’s key applications and data at the time of engagement.
  • Compliance requirements. Industries with strict regulatory requirements, such as finance and healthcare, can deploy enterprise browsers to secure application access and comply with industry regulations. The audit perspective from the physical position of the browser at the presentation layer is exceptionally rich and highly unique.
  • Resource-constrained environments. In situations where deploying virtual desktops might be resource-intensive, using an enterprise browser on existing devices can be a more practical solution.
  • Single client experience. In situations where you may still require VDI for a specific application need, the Enterprise Browser can be the singular client for web application access and for rendering VDI needs over HTML5 within the browser. Given that all major VDI players support this today, it can be your single natural interface to all applications.

How to mitigate and eliminate VDI expenses with an enterprise browser 

By delivering and securing applications directly through the browser, an enterprise browser significantly reduces the infrastructure complexity and costs associated with traditional VDI deployments.


Traditional VDI requires robust server infrastructure to host desktop images and applications. Plus, to manage the connections and maintain availability and performance, VDI solutions often require sophisticated load balancers. And in persistent VDI environments, the storage costs can be immense. These influences, while critical, add to the complexity and cost of VDI. An enterprise browser shifts the workload to the last mile within the browser, reducing the need for virtualization infrastructure.

Maintenance and administration

Maintaining VDI can be costly due to the need for extensive infrastructure maintenance and VDI  administration — including patch management, hardware upgrades, and support for end-user issues. An enterprise browser eliminates maintenance costs associated with traditional VDI systems because it requires no additional hardware. It also lowers administrative costs by centralizing controls within the browser, reducing the need for multiple security tools and streamlining policy management.

Licensing costs

VDI solutions and their backend systems can have substantial licensing fees. This includes the VDI platform and any extra licenses for the operating systems and apps used in VDI sessions. And these subscription costs only continue to grow. An enterprise browser can reduce the need for VDI by 80-90%, saving money on licensing costs.

Endpoint controls and management

Ensuring secure and compliant endpoint interactions within a VDI session often necessitates additional endpoint controls and management solutions. These solutions require their own licenses, infrastructure, and administrative overhead. By reducing the number of virtual desktops in your environment, you will directly reduce the number of agents and management tools deployed to those virtual desktops.  

The Island approach to enterprise browsers

Island's enterprise browser offers a compelling alternative to virtual desktops by providing robust, built-in protections against common web threats, advanced data control capabilities, and streamlined management tools that are easy for IT teams to deploy and maintain. 

No backhauling traffic. No servers to maintain. No frustrated end users. At a fraction of the cost. All built into a Chromium-based browser end users can deploy and use with zero training. Island simplifies administration and delivers a smoother, faster, and more secure user experience, tailored to meet the demanding needs of modern enterprises.

The right choice for you

Ultimately, the right solution is the one that allows you and your IT team to work smarter, not harder. Whether you want to empower a third-party business process outsourcer to function as your call center, significantly simplify your contractor onboarding process, or enable a fully secure BYOD program, the Enterprise Browser can help you reduce your dependency on VDI while fully balancing security and productivity with a vastly better user experience.

Further reading

Revolutionize the way you secure and enable work with an enterprise browser. 
Discover its benefits, key features, and real-world applications.

Collapsing the Tech Stack

Collapsing the Tech Stack

Jason Trunk
January 17, 2024

The complexity of enterprise tech stacks has surged significantly within the past decade. This partially stems from the growing need to manage and secure an expanding array of devices and applications. 

The idea of collapsing the tech stack — streamlining and simplifying the tools and platforms your organization uses — is not just a trend; it's a strategic imperative. Progressive CIOs and IT leaders are dramatically condensing their tech stack with a single tool: the Enterprise Browser. This approach can significantly enhance security, boost productivity, improve the end-user experience, and reduce recurring costs. 

But how do you start this journey, and what are the critical considerations? Before we dive into this, it’s important to understand how we got here in the first place.

The current state of enterprise tech stacks

At the heart of any enterprise lies its data —  the core element that drives decisions and operations, and the thing this entire tech stack is here to protect. Traditionally, layers upon layers of technology have been added to govern and deliver this vital data. But each added layer, while enabling security and accessibility, also contributes to a ballooning complexity that negatively affects user experience and hampers operational efficiency. 

Historically, such a multi-layered approach was deemed necessary for engineering a robust tech stack — and was the best possible approach given technologies available at the time. But with an Enterprise Browser, IT leaders now have the opportunity to build a tech stack that’s considerably leaner and much more effective.

Understanding the “Why” behind collapsing the tech stack

There are three business-critical reasons IT leaders should prioritize slimming the stack:

1. Protecting what matters: your apps and data. Complex tech stacks can create security blind spots. With numerous software solutions, each with its own security protocols and potential vulnerabilities, managing the risks associated with multiple attack vectors becomes daunting. By collapsing your tech stack, you reduce the number of potential entry points for cyber threats, reduce the overall attack surface, and simplify management.

2. Improving UX & boosting productivity — for IT and users alike. Each new tool in your stack demands time for onboarding, training, maintenance, and endless updating and patching. Further, these tools often do not interoperate well together, so time is spent troubleshooting the compatibility of the stack, wasting valuable IT resources. A streamlined stack means your IT workforce spends less time troubleshooting unnecessary agents and more time on productive work. General work is improved as well with end users no longer waiting for multiple agents to be installed, updated, and ready to impede their daily work.

3. Reducing significant IT spend. As costs grow every year — and new solutions render traditional ones obsolete — it’s important to look for opportunities to prune and optimize. For example, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) are high-cost tools with diminishing value in a SaaS-first world. All the various  agent-based technologies deployed at the endpoint represent an opportunity for simplification and cost reduction. If we consider DLP agents, CASB agents, EDR/XDR agents, SASE/ZTNA network routing agents, etc., the notion of collapsing the stack to a single solution is extremely compelling.

Start with BYO and self-service IT

Bring-your-own (BYO) environments and self-service IT are, by definition, the least standardized segments of the tech stack. They involve a variety of devices and platforms, each with its own security and compatibility issues. This diversity, while offering flexibility and convenience, can also be the starting point for inefficiency and security vulnerabilities

A critical component in the quest to condense the enterprise tech stack is the adoption of an Enterprise Browser, which is built specifically to meet the complex IT needs of modern businesses. By integrating robust security, productivity, and accessibility features directly within the browser, these solutions alleviate the need for multiple technology layers. This integration ensures secure and streamlined access to business-critical enterprise applications and data, regardless of the device used. And by leveraging the browser — a familiar technology to every user — as the delivery vehicle for access and security, the BYO enablement process is dramatically simplified.

An Enterprise Browser also offers enhanced last-mile control over user activities and data flow, enabling enterprises to enforce policies consistently across all user endpoints. This shift towards a singular, centralized point for both access and security within the browser itself significantly simplifies the tech stack, making it more manageable and efficient, while bolstering the overall security posture of the organization.

Streamlining your BYO stack by implementing an Enterprise Browser can quickly help you prove the business impact of a leaner architecture. Even if you still have a few thick or legacy apps in play, those can be delivered within the Enterprise Browser, neatly in their own tab, with full security controls and audit capabilities. This massively reduces the infrastructure, carbon footprint, and cost required to host and deliver an always-on VDI-based desktop experience.


Identifying redundant applications and services, and recognizing software that may not be compatible across all devices, can help reduce your number of managed devices — and the need to prep and ship those devices.

An Enterprise Browser simplifies all of this down to the nth degree. End users simply install the browser and get to work.


Zero-trust is the security framework of choice for modern businesses, especially when it comes to BYO. Traditionally, this required adding endpoint agents, web portals, and VPNs to your stack to compensate for the consumer browser’s lack of security.

Security is embedded within the natural workflows of an Enterprise Browser, so end users can access and interact with applications and documents while sensitive data is protected. IT teams can define device security requirements (like disk encryption or OS patching) and require that BYOD devices meet these requirements before accessing enterprise applications.

Cost and time efficiency

Slimming your BYO tech stack with an Enterprise Browser significantly cuts down on a number of IT challenges with serious business impact:

  • Licensing costs
  • Help desk calls
  • Time to onboard new employees and contractors
  • Downtime lost to struggling with troubleshooting complex systems

Improved end user experience

With fewer layers of security and delivery to contend with, users no longer have to wade through multiple logins or wait for network-layer security checks. User frustration and IT ticket submissions are reduced as well.

Read the recent research from Gartner®️ that predicts:

“By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.”

➔ Read the full report

Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Evaluating the stack: what stays, what goes

The transition to a leaner BYOD stack requires a thorough evaluation of the existing tech stack. Here are some important things to consider as you embark on this process.

Assess the need for each layer

Start by evaluating the tools and platforms in use. Are there redundant applications serving similar purposes? Are there tools with very few active users? Consolidation can often lead to significant cost savings and efficiency gains.

Gather feedback on user experience and productivity

Your end users can offer invaluable insights on this front. Are they frustrated with a certain tool? Are key parts of their job getting slowed down because of a certain security requirement? Gather feedback to understand what works, what doesn’t, and where users face the most challenges. 

Prioritize security

Evaluate each tool in your BYOD stack from a security perspective. How do they comply with your security policies? Are there gaps that need addressing, or tools that pose more risk than benefit? Are there other more secure alternatives that could displace or replace the current ones?

Focus on mobile integration

In a BYOD program, it's vital to evaluate how Mobile Device Management (MDM) and related securities can be streamlined or replaced. Look for solutions that offer a more integrated approach to securing mobile access to enterprise resources.

Perform a cost-benefit analysis

Review the costs associated with each component of your BYOD stack, including licenses, hardware, and maintenance. For each tool, weigh the costs against the benefits it provides. This goes beyond just the financial aspect to include factors like time savings, user satisfaction, and contribution to overall goals.

Embracing consolidation one step at a time

Collapsing your tech stack is more than a one-time project; it’s an ongoing process of adaptation and refinement. It requires a forward-thinking mindset, an understanding of your organizational goals, and a willingness to embrace change for better efficiency, security, and user experience.

Remember, the goal is not just to reduce the number of tools but to create an environment where technology empowers rather than hinders. With a thoughtful approach to collapsing your tech stack, you can build a more agile, secure, and productive organization.

Frost & Sullivan Names Island the Market Leader

Frost & Sullivan Names Island the Market Leader

Tad Johnson
December 22, 2023

This independent third-party recognition comes at an important moment in the growth of the Enterprise Browser market. In a little over three years, Island went from the idea of the Enterprise Browser to a $1.5 billion company with over 2 million browsers sold. Island's pioneering innovation helped usher in this new market category with more than a dozen vendors offering some version of an Enterprise Browser. Clearly, this demonstrates a previously unmet need within the enterprise technology landscape. To better understand the Enterprise Browser and why Island is the evident Frost Radar leader, let's zoom out and track how we got here.


The Frost Radar primarily focused on the security dimension of the Enterprise Browser. In their research, they define zero-trust browser security (ZTBS) as follows:

“A zero-trust browser security (ZTBS) solution package offers data loss protection (DLP), sandboxing, and malware scanning capabilities to prevent phishing attacks and inadvertent or intentional data leakage.” 

Creating a secure enterprise workspace is a primary motivation for CISOs adopting the Enterprise Browser. The web browser holds a unique position in the context of cybersecurity: it's most often the first link in a cybersecurity attack. As noted in the Frost Radar, "browsers provide the initial foothold for cyber adversaries. As the frequency and complexity of web-based attacks grow, the need to secure the browser attack surface increases." Until now, enterprises addressed browser security by adding tools and technologies adjacent to the browser — secure web gateways, endpoint agents, virtualization layers, etc. With Island's innovation of the Enterprise Browser, the ever-important security layer moves to where it's needed most: within the browser itself.

Business Enablement

Good cybersecurity is essential for any enterprise business, but it's only part of a CIO's responsibility. The larger challenge facing every CIO is how to best enable the business with technology. Over the past two decades, enterprise technology went through a massive realignment as traditional software moved to SaaS and data moved to the cloud. This mega-trend ushered in significant improvements in IT efficiency and capabilities. Today, we are in the beginning stage of another mega-trend with the commercialization of general purpose artificial intelligence. The future is yet unwritten, but it's reasonable to assume that AI presents another monumental technological shift, arguably larger than SaaS. 

CIOs are tasked with simultaneously managing the operational needs of the business while preparing for the next wave of technology change. Here, the Enterprise Browser serves as a key enabling technology. In both of the mega-trends mentioned above, the browser sits at the intersection between users, applications, and data. With most — or for some businesses, all — applications moving to SaaS and cloud platforms, the Enterprise Browser is the ideal layer in the tech stack to manage access, user enablement, and enterprise visibility. As organizations embrace AI, most of these workflows will similarly flow through the browser.

As Frost observed in the Radar,

“The [Enterprise Browser] platform also enables real-time last-mile controls at the presentation layer because policy computation and enforcement happen locally rather than on the cloud.” 

Shifting from a general purpose consumer browser to the Enterprise Browser gives CIOs the point of leverage to optimize and enable the workflows and applications that drive the business.

Productivity & User Experience

Selecting the right tools and technologies is crucial for successful business operations. But that’s only part of it. The employees and other users of those systems require a workspace that promotes productivity and delivers a good user experience. As outlined above, that workspace is increasingly delivered through a browser. Because most enterprises were previously relying on a general purpose browser designed for consumers, they were forced to surround it with a range of access and security solutions that hindered the user experience. The Enterprise Browser offers a new approach where the workspace is optimized for security and productivity.

In their research, Frost identified:

“Legacy VDI, VPN, and DaaS tools do not adequately support new forms of remote and hybrid work connectivity and end up delivering inefficient workflows and unintuitive user interfaces. Such challenges promote the adoption of modern and user-friendly ZTBS solutions.”

It's rare for a solution that addresses the security objectives of a CISO, and the business objectives of a CIO, to simultaneously deliver end-user productivity benefits and real user experience improvements. But it's precisely this distinction that sets Island, the Enterprise Browser, apart and enables our rapid adoption and growth. Island is honored to be recognized by Frost & Sullivan as the clear leader in zero trust browser security. More importantly, Island is proud to deliver the Enterprise Browser as the ideal workspace that improves security, business enablement, and user productivity for millions of people every day.

Read the full report.

Island is now available in the AWS & Azure Marketplace

Island is now available in the AWS & Azure Marketplace

Bradon Rogers
November 8, 2023

Island is very proud to offer our customers the ability to transact business with Island through both the AWS Marketplace and the Microsoft Azure Marketplace. The benefits to customers of this streamlined way of adding innovations and solutions to their environment is well known, so we won’t tread that beaten path. But there are other important dynamics about this well-established trend that are worth highlighting.

The cloud infrastructure market, led by Amazon Web Services and Microsoft Azure Cloud Services, grew rapidly over the past decade. This growth is clearly a benefit to Amazon and Microsoft, but it also imparts a more broadly-shared advantage to the wide range of companies who build services on top of these cloud platforms and the enterprises that leverage these services to run their businesses more efficiently. 

We should also recognize a second-order global benefit as well: shifting compute resources to these highly-scalable, highly-optimized cloud providers drives better energy efficiency compared to businesses operating their own smaller data centers at lower utilization; this drives both significant operational efficiencies that impact bottom line results, and also favorably impact the carbon footprints of individual companies and the entire data-driven economy. Island is both a consumer of these cloud services — both AWS and Azure services are used to deliver the backend services that make the Enterprise Browser platform so powerful — and an enabling technology for enterprises embracing the everything-as-a-service future. 

This shift to IaaS and SaaS is not exactly new; AWS launched over 20 years ago and Azure is nearing its 15th birthday. Yet the Enterprise Browser category is new, emerging just last year. The natural question is, “why didn’t anyone build an Enterprise Browser before?” 

It’s a question we hear every day from customers when they see the Enterprise Browser. The first big factor in answering “why now” is the unimpeachable success of the Chromium open source project: it has unified and normalized web standards and left the difficulties with browser compatibility in the past (as the remaining legacy applications built for Internet Explorer ride off into the sunset). Island, along with Chrome, Edge, and dozens of other browsers, are built using Chromium. So building a critical, widely deployed product on top of Chromium gave the Island Enterprise Browser a massive head start in enterprise-readiness that most emerging product categories don’t or can’t enjoy.

The second factor points back to the top: the undeniable success of software-as-a-service and the infrastructure-as-a-service models that make it all possible. The era of SaaS makes the browser the single most-used application for most of the workforce in every enterprise on the planet. Now that enterprises are running their business-critical operations through SaaS applications, it’s no surprise that CIOs are taking a second look at the enterprise capabilities of their browsers. The best way to improve productivity, secure sensitive data, and protect applications and users is to improve the workspace where work actually takes place: the browser. Now that the applications and data are distributed across the cloud, the Enterprise Browser plays an essential role in centralizing access controls, security, and data protection. 

The most recent Gartner Hype CycleTM for XaaS observed, “As organizations rethink allowing access to SaaS apps via any browser, from any device, this technology can offer a more secure way to reach these apps. This technology allows organizations to simplify both the standard IT “stack” and its deployment to end users for remote access. This is particularly important as hybrid working remains a day-to-day reality for most organizations.”1

Island uses AWS and Azure services to deliver the management and intelligence layers that distinguish the Enterprise Browser. By using these cloud platforms, customers benefit from a scalable, highly performant, and globally distributed solution. Customers with existing relationships with these cloud providers can also buy Island directly through their respective marketplaces, simplifying the procurement process. Island benefits from leveraging the world-class services these providers offer — increasing the pace of innovation and allowing R&D to focus on building customer value rather than building core infrastructure components. 

The rise of everything-as-a-service creates significant new opportunities for the enterprise. Driving efficiency and productivity is good for the bottom line, but more importantly it’s good for the humans behind the keyboards whose daily work is more focused on creativity and innovation and less on the routine tasks that can be solved through automation. Generative AI — delivered through the Island AI assistant and powered by Azure OpenAI Services — holds the potential to unlock transformative change across countless job functions. By making the building blocks of innovation available through IaaS platforms, and providing safe, secure access through the Enterprise Browser, the future of work is bright.  

1 Source: Gartner, Hype Cycle for Xaas, Jason Donham, Philip Dawson, Chris Silva, Stuart Downes, et al., 20 July 2023. Gartner and Hype CycleTM are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Here's why Canapi is thrilled to announce its investment in Island.

Here's why Canapi is thrilled to announce its investment in Island.

Canapi Ventures
October 23, 2023

Perhaps the most enduring side effect of the COVID-19 pandemic has been a widespread shift in ways of working. The 2022 McKinsey American Opportunity Survey suggests that even post-pandemic, nearly 60% of employees have the option to work remotely at least one day a week, and 35% are given a fully remote option. The “flexible work” trend is likely here to stay for the foreseeable future, in fact, over the next five years, nearly half of the workforce is projected to be fully or partially remote.

In parallel, web malware and ransomware – both browser-based attack vectors – are considered the most significant security threats for organizations. Companies increasingly depend upon web-based applications, including SaaS apps as well as “private” apps, to run their businesses, with today’s organization using 130 apps on average.  As companies and employees leverage browsers as their primary tool for business applications, the need to secure the browser grows more stringent by the day. Currently, this security stack includes a hodge-podge of add-on solutions, including identity and access management tools, data loss protection tools, secure web gateways, and Zero Trust edge work. 

The rise of remote work, coupled with the growing use of cloud-based and delivered applications, has created a challenge for the modern CISO, who must consider securing multiple networks, devices, and applications using dozens, if not hundreds, of cybersecurity tools. By using a patchwork of solutions, CISOs today attempt to manage and provision individuals, applications, and devices, all of which depend on the same core solution – the browser – to complete a task. As a result, we believe that the enterprise browser, which offers a unified solution capable of meeting a range of enterprise cybersecurity and infrastructure requirements, is a critical component of the future of work.

This is why we are thrilled to announce our investment in Island, a category-defining enterprise browser that addresses key security needs via a single solution. Rather than bolting on a range of tools and features to existing consumer-oriented browsers, Island has instead built a commercial-grade browser using the same open-source Chromium code base that underlies popular browsers such as Google Chrome and Microsoft Edge. With Island, enterprises can secure network and web access, improve data security, offer end point protection, ensure messaging and mobile security, solve for identity and authentication, improve enterprise productivity, and solve for risk and compliance controls.

Solving critical pain points for the financial services sector

While Island can be – and indeed is – leveraged by companies across industries, we are particularly excited by Island’s ability to help banks and financial institutions (including members of the Canapi Alliance) not only improve security posture, but also employee efficiency and productivity. As a highly regulated industry, financial services have often had to accept trade-offs between security and usability; Island, however, allows these two concepts to co-exist.

For example, contractors, consultants, and remote/hybrid workers at financial institutions today often require clunky VPNs and/or VDIs to access proprietary systems. Using the Island browser, however, users can instead access regulated systems and databases through an Island tab, creating a far more seamless, cost-effective process without sacrificing controls.

Moreover, with Island, banks can allow employees to bring their own device (BYOD) rather than relying on company devices (i.e., laptops, tablets, phones). Rather than purchasing and outfitting company hardware with specific controls, banks can instead send employees a link to Island, and only provision access to company applications through Island, resulting in significant cost savings.

Island can also aid with data loss prevention by preventing copy-pasting, screenshotting, saving, printing, and downloading of data hosted in web-based applications; this can include PII, MNPI, and other sensitive information frequently accessed by bank employees. Moreover, the Island Enterprise Browser can connect to internal, private applications and serve as a single-entry point to critical apps, solving additional DLP and IAM pain points.

Additionally, we are seeing banks leverage Island to (i) provision collaboration tools including Zoom or Slack, which were previously inaccessible due to security concerns, (ii) grant access for third parties during an M&A event, (iii) enable access to generative AI platforms via Island’s AI Assistant, which monitors and blocks sensitive information leakage, and (iv) modernize retail footprints by using the browser in branch locations rather than relying on legacy VDI tools.

The use cases for the Island Enterprise Browser are endless. While many enterprises start with one or two use cases, they often quickly find new ways to leverage the platform, improving productivity and security along the way.

A category-defining company

While just in its second year since emerging from stealth in 2022, Island has achieved considerable success as a category-creator, with over 2 million browsers sold across leading Fortune 500 enterprises.

Building a security product that is Fortune 500-ready from day one takes considerable talent, time, and resources. The team that CEO and co-founder Mike Fey has re-assembled from his decades in the security space further drives our excitement and conviction in Island. Mike has had an extensive career in enterprise cyber security, having previously served as the CTO of McAfee and most recently, as the President/COO of Symantec. Island’s CTO and co-founder Dan Amiga was previously the founder and CTO of FireGlass, where he invented the concept of remote browser isolation (RBI), the precursor to the enterprise browser.

We look forward to partnering with Mike, Dan, and the rest of the Island team as they bring forth the future of work and are honored to be part of their journey.

Island recognized as a 2023 Customers’ Choice for Security Service Edge

Island recognized as a 2023 Customers’ Choice for Security Service Edge

Bradon Rogers
October 16, 2023

We at Island are excited to be named a Customers’ Choice for September 2023 Gartner® Peer Insights™ for Security Service Edge1. This distinction is a recognition of vendors in this market based on feedback and ratings from 84 verified end users of Island who shared their opinions as of July 31, 2023. 

You may be wondering why Island is listed in the Security Service Edge category. As an emerging market category, Enterprise Browsers are not yet featured as a distinct category within Gartner Peer Insights™. While the architecture of the Enterprise Browser is significantly different from the traditional SSE vendors, the outcomes overlap. Gartner defines the category as: 

“SSE secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where that application is hosted. It also provides enhanced security, and visibility for the software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) environments accessed by the end users.”2 

Hear in the Voice of the Customer what our reviewers had to say: 

“Island is a shockingly mature security product with a feature set that hits the center of the mark. Prior to my initial hands-on experience, I compiled a list of security features that I presumed were either absent or difficult to implement. Not only did the browser include all of these features, but the Island team addressed each one unprompted. It speaks to two exceptional strengths of the Island browser: the maturity of the feature set and a keen awareness of what security controls Enterprises care about most."

– Security Engineer in the Finance industry. Read the full review

“I describe the Island Enterprise Browser as a super-hardened browser that is centrally managed by your organization and can be used to replace your VPN and other security systems, helping achieve zero trust for remote access. The Island sales team has been very responsive to our many questions and exceptionally generous with their time during the proof of concept process. The Island browser is a clever, elegant technology that security practitioners should look into.”

– Director of Cybersecurity in the Services industry. Read the full review

“The Island browser is great for the enterprise business. Island has a lot of built-in privacy features, like the ability to block third-party cookies and tracking scripts. The Island browser can be optimized for productivity along with data protection and security safeguards, like malware prevention. Features such as tab management, bookmarking, and copy & paste protection all integrated with productivity tools is perfect for the on-prem and remote work force.”

– Manager, IT Security and Risk Management in the Insurance industry. Read the full review

“Island has been incredibly helpful with setup, configuration, implementation and then support of this product. I have dealt with many products and deployment teams over the past 25 years. They have been hands down one of the best, most professional and knowledgeable teams I have worked with. Their knowledge is not just limited to their product. They do not disappoint.”  

– Information Security Engineer in the Manufacturing industry. Read the full review. 

We believe this distinction is a particularly significant milestone for everyone at Island for two reasons: First, because it comes directly from customers — the most important voices in guiding our work. Second, we were recognized in the very first year we participated in the Gartner Peer Insights community. We believe this reflects the incredible growth and customer interest in improving their security and productivity outcomes through adoption of the Enterprise Browser. Island pioneered the enterprise browser market and continues to lead, helping customers deliver on their digital transformation initiatives. 

Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. Reviews are organized by products in markets that are defined by Gartner Research in Magic Quadrant and Market Guide documents. Vendors placed in the upper-right quadrant of the “Voice of the Customer” quadrants are recognized with the Gartner Peer Insights Customers’ Choice distinction, denoted with a Customers’ Choice badge. The recognized vendors meet or exceed both the market average Overall Experience and the market average User Interest and Adoption. 

Read more reviews for Island here. To learn more about the Customers’ Choice distinction, and the methodology for selection, read the Gartner Peer Insights Voice of the Customer Methodology here.  

To all of our customers who submitted reviews, thank you! If you have an Island story to share, we encourage you to join the Gartner Peer Insights crowd and weigh in

1Source: Gartner, Voice of the Customer for Security Service Edge, Peer Contributors, 29 September 2023 

Reviews quoted above have been edited to account for errors and readability.

2Source: Gartner Peer Insights: Security Service Edge

GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

The graphics above were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Island.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

The Enterprise Browser named in 4 different Gartner Hype Cycles

The Enterprise Browser named in 4 different Gartner Hype Cycles

Tad Johnson
August 7, 2023

It’s humbling and gratifying for a technology vendor to get named to a Gartner Hype CycleTM. The Enterprise Browser was just named in four. Four different Hype Cycle reports in the span of two weeks. What’s driving this explosion of interest? 

The observations from Gartner are a reflection of the broad value that the Enterprise Browser delivers. A simplified approach to implementing Zero Trust Networking, even unmanaged devices. The rationalization of the Everything-as-a-Service delivery model. Layered protections for Endpoint Security. Improved productivity through a refined approach to Workload and Network Security. Shifting the point of control and governance to the point of maximum impact — the browser — unlocks new workflows, more flexibility, and ultimately more productivity throughout the enterprise. 

Focus on the game and the scoreboard takes care of itself. 

Our mission is to deliver the ideal enterprise work environment. When the call center agent can shave seconds off a task that they repeat hundreds of times each week, that’s progress. When a healthcare provider can quickly access sensitive patient information and spend more time with patients — and less time in front of their computer — that’s progress. When a business can reduce their operational expenses and invest more into their core products and services, that’s progress. These aren’t hypothetical examples; this is how Island, the Enterprise Browser, is delivering real value, right now. When hype is the natural result of delivering real value, then you know the hype is real.

Why now? 

The web browser is not new. It’s a technology that’s been evolving for over 30 years, and it reached ubiquity long ago. The “browser wars” are over and we all benefit from universal standards and cross-platform compatibility. Along the way, browsers and the web applications they powered gained more and more capabilities. In the workplace, it’s now common for most employees to do most of their work within a browser. And recently, the work place moved outside the office and left the traditional managed network behind. Put simply, the browser is the workspace, and the workspace is the browser. 

In this context, the rise of the Enterprise Browser is the logical outcome. Critical applications, data, and work flows through the browser; it follows that enterprise technology leaders would choose the browser that’s built for them. The Enterprise Browser represents a new approach to enabling enterprise workflows with security, application controls, and user productivity at the forefront. To learn more about how the Enterprise Browser creates new opportunities for IT, Security, and the enterprise workforce more broadly, read a recent research report from Gartner about the Future of Enterprise Browsers 1.

1 Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

Enterprise Browser: Revolutionizing XaaS

Enterprise Browser: Revolutionizing XaaS

Tad Johnson
July 30, 2023

In the rapidly evolving world of Everything-as-a-Service (XaaS), security and accessibility take center stage. The Enterprise Browser, a cutting-edge solution by Island, is shaping the future of secure application access. Recognized by the latest Gartner Hype Cycle for XaaS, the Enterprise Browser is designed to offer unparalleled security, even on unmanaged or untrusted devices. This article dives into the transformative role of the Enterprise Browser in the XaaS delivery model, and how it stands apart from traditional solutions.

The most recent Gartner Hype CycleTM for XaaS named Island as a Sample Vendor for Endpoint Access Isolation. The Enterprise Browser offers an elegant approach to secure application access even when the host device is unmanaged or untrusted. The unique last-mile controls and self protecting browser capabilities differentiates Island from legacy solutions like VDI/DaaS or classic VPN. As the research notes, “Trading physical hardware for virtual desktop infrastructure (VDI) and desktop as a service (DaaS) sessions for contractors and partners won’t address the underlying security issues of the local machine — a viable vector for credential and IP theft.”1

As the Everything-as-a-Service (XaaS) trend continues, the browser has an increasingly critical role to play. Enterprise workflows with sensitive business information often take place exclusively through the browser — crossing multiple service providers on the far end. Workers that connect remotely outside the office, or third-party contractors that make up the extended workforce, put a strain on legacy security solutions that were designed for a managed endpoint and managed network environment. 

According to the Hype Cycle research, “Traditional remote access tools like classic VPN can profile a device but can’t actively neutralize local threats. As organizations rethink allowing access to SaaS apps via any browser, from any device, this technology can offer a more secure way to reach these apps. This technology allows organizations to simplify both the standard IT “stack” and its deployment to end users for remote access. This is particularly important as hybrid working remains a day-to-day reality for most organizations.”1

Island pioneered the Enterprise Browser to deliver secure access and offer a productive workspace that works across any deployment model and all device types. By embedding access policies, data protection, and security controls within the Enterprise Browser, Island creates a safe working environment that works on unmanaged endpoints (e.g., BYOD or contractor devices) as well as managed endpoints. Last-mile controls protect sensitive data from moving outside the enterprise environment, and the self protecting browser neutralizes tampering and local malware, such as keystroke loggers. This approach is validated in the Hype Cycle research: “There is a trend of adding a layer of security through enforcing consistent browser configuration and control for any user accessing productivity apps and company data from an unmanaged PC.”1

To support organizations with a mix of on-premise and cloud applications, the Enterprise Browser offers integrated Island Private Access (IPA) to make a secure connection to private applications or networks that aren’t open to the Internet. IT administrators or engineers use the integrated SSH client to securely connect to servers over IPA. Internal web applications that were built for Internet Explorer aren’t left behind either, as Island supports IE Mode for a seamless user experience across both modern and legacy applications. 

The Enterprise Browser represents a new approach to security that puts access controls, data protections, and application visibility at the point of maximum impact: inside the browser. To learn more about how the Enterprise Browser creates new opportunities for IT, Security, and the enterprise workforce more broadly, read a recent research report from Gartner about the Future of Enterprise Browsers 2

1 Source: Gartner, Hype Cycle for Xaas, Jason Donham, Philip Dawson, Chris Silva, Stuart Downes, et al., 20 July 2023 

2 Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Enterprise Browser Enters Gartner Hype Cycle for ZTNA

Enterprise Browser Enters Gartner Hype Cycle for ZTNA

Tad Johnson
July 26, 2023

Two massive shifts forever changed the enterprise workplace: Applications moved off the desktop to the cloud, and workers left the office to work remotely.

Together, these changes pushed IT and Security teams to rethink their strategy for delivering and securing enterprise workflows and data. Along the way, the web browser moved from a supporting tool for accessing information to the central workspace where most users do most of their work. It follows that the Enterprise Browser category is growing in importance as more organizations adopt a browser that’s built for enterprise work and delivers essential security controls and governance. 

The most recent Gartner Hype Cycle(TM) for Zero Trust Networking named Island as an Example Vendor for Enterprise Browsers. In the report, they highlight several of the key drivers for customer adoption, including “providing Day 1 access for new organizations gained through mergers and acquisitions, contractor access management, or as layered security controls on top of fragile critical infrastructure.”1

In the context of a zero trust security framework, the Island Enterprise Browser offers a welcome alternative to infrastructure-heavy legacy security solutions. The browser holds a privileged location within the application workflow: it knows the user’s identity, the posture of the device it’s running on, the network it’s connected to, the geographic location it’s operating in. This creates the foundation for zero trust access policies, even for deployments that challenge legacy security solutions. As the report identifies, “Existing security solutions often struggle to support unmanaged devices. This is an area where enterprise browsers have found early traction in the market, by providing an acceptable level of secure remote access that is able to maintain a mostly familiar end-user experience.”1

Where the Enterprise Browser stands apart is its ability to extend zero trust principles inside an application. With full visibility and control of the specific actions and data, the Enterprise Browser can apply the least-privilege principles within any application. For example, a call center employee could view a customer record in their CRM with certain sensitive fields redacted and be restricted from printing, saving, or exporting that information. Or a contractor could gain access to an internal system in read-only mode for a limited period of time. In these there’s no dependency on the application itself to support role based access policies or redactions, as it’s done within the Enterprise Browser itself. 

The Enterprise Browser represents a new approach to security that puts access controls, data protections, and application visibility at the point of maximum impact: inside the browser. To learn more about how the Enterprise Browser creates new opportunities for IT, Security, and the enterprise workforce more broadly, read a recent research report from Gartner about the Future of Enterprise Browsers 2

1 Source: Gartner, Hype Cycle for Zero Trust Networking, Andrew Lerner, John Watts, Dan Ayoub, et al., 18 July 2023

2 Gartner, Emerging Tech: Security — The Future of Enterprise Browsers, Dan Ayoub, Evgeny Mirolyubov, Max Taggett, Dave Messett, 14 April 2023

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner Hype Cycle Zero Trust
Embracing Generative AI in the workplace

Embracing Generative AI in the workplace

Tad Johnson
June 14, 2023

2023 is the year that generative AI reached mainstream awareness. ChatGPT captured the world’s attention and imagination for what’s possible. It’s still the early days, but there’s no question that this technology presents a massive opportunity to boost productivity across a wide range of disciplines. Those organizations that embrace AI and experiment with ways to optimize key workflows will surely see positive returns. Many more vendors will enter the market with AI-enabled products while the hyperscale cloud providers continue to differentiate their platforms through integrated AI tools. We can’t see the future, but it’s clear that generative AI will play a transformative role over the next decade. 

Of course, like all transformative technologies, there are well-founded concerns about governance and safe usage of generative AI tools in the workplace. A well-intentioned employee could inadvertently leak confidential or sensitive information when submitting an AI chat prompt or uploading an image file. This seemingly benign action can create an immediate data loss problem, but also a long-term one when that sensitive information becomes part of the dataset used to generate new responses. Recent news reports indicate this exact scenario played out at Samsung, where employees submitted highly sensitive source code to ChatGPT for debugging. Incidents like these expose two orders of risk: the first is the direct impact of inappropriate information handling and leaking sensitive data. The second, and arguably larger risk, is the opportunity cost to organizations who avoid AI tools entirely out of concern for data security. There’s so much positive potential for generative AI that organizations who close that door now may be left behind in the future. A recent paper published by NBER showed a 14% increase in productivity for call center workers assisted by generative AI — and that’s with today’s relatively immature AI product set. The future is bright for organizations who embrace the potential for AI and implement the necessary controls to use it safely. 

Smart AI Governance

When considering how to implement smart AI governance in the workplace, start with these four categories: 

  1. User Education and Awareness

Data security when using AI tools is grounded in the same policies and practices used when working with third-party agencies or vendors. User education and basic data protections go a long way in reducing the risk of unwanted data leakage. When a user starts interacting with AI tools, it’s a good opportunity to remind them about the information security policies that govern the interaction. 

  1. Protecting AI Inputs 

Adding interactive controls around the AI inputs, or prompts, is a smart way to avoid unwanted information disclosure. Users should get immediate feedback if they attempt to share sensitive data like payment records, social security numbers, or API keys. Some applications, like source code repositories, may be entirely off-limits and restrict any data being shared with an external AI tool. When done right, these controls can prevent inappropriate information leakage without degrading the user experience.  

  1. Inspecting AI Outputs 

Today’s generation of AI tools are always confident in their responses, even if those responses contain factual errors. A New York lawyer discovered how damaging this can be when he submitted a court filing including AI-generated citations — that did not exist in reality. Adding some boundaries around how the AI-generated output is used is a smart approach. This is especially true for AI-generated code, where a developer may be tempted to copy and paste whole blocks of code without careful analysis. 

  1. Measuring Efficacy 

The ultimate goal for AI usage in the workplace is to improve overall efficiency and employee productivity. As organizations develop their AI strategy, it’s smart to consider how to measure the results. This will differ greatly depending on the particular function where AI is being used, but it’s essential to help steer business leaders towards success. 

AI And The Enterprise Browser 

Island, the Enterprise Browser, is the ideal platform to safely use generative AI tools without compromising on data security or leakage. Whether your organization is just getting started with AI and experimenting with different services, or if you’ve identified a preferred AI tech stack and you want to maximize its value, Island offers several key capabilities to benefit IT, Security, and the end-users directly.  

Application visibility offers a full accounting of all the web applications and extensions used throughout the organization. This is useful for identifying users or groups who are early adopters and make good candidates for testing AI tools and policies before widespread adoption.  Visibility extends to application usage, including the ability to audit all interactions with AI tools to analyze user-generated prompts. All analytics data collected by Island can be shared with your SIEM or data aggregation platform of choice. 

Gracefully redirect users to the AI tools your organization prefers, and prevent the use of unsafe alternatives. If a user attempts to use an unwanted AI application or install an unsanctioned AI browser extension, Island can block access and redirect to the sanctioned platform, including the native built-in Island AI Assistant. Browser extensions are fully managed within Island, so you can allow for experimentation, while controlling which applications those extensions can be used with. Or, you can automatically install the preferred extensions while blocking others. Many vendors are offering AI-powered extensions so this is an important area to implement smart governance. 


End-user awareness and education is improved through dynamic in-browser messaging. If a user attempts to paste sensitive data they will see a clear message explaining why the action was prevented and where they can learn more about company data policies. When a user navigates to an AI tool like ChatGPT, they will see a message reminding them about the company's privacy and security policies and the acceptable-use policy for generative AI tools. Showing this type of information in context, at the moment it’s relevant, makes it more effective than alternatives like a company-wide email message. 


Scan AI-generated code output to govern how it’s used. Generative AI tools will often generate code snippets that are functional but include serious flaws that should never make their way into a production environment. Island can scan code blocks when a user attempts to copy and provide immediate feedback. This approach balances the benefit for developers getting code suggestions from AI, while ensuring that they don’t uncritically accept the generated code and paste it into a production codebase. 

Application boundaries provide an intuitive way to keep sensitive data within certain applications, and the corporate tenant of those applications, from being moved or shared to untrusted destinations. As an example, customer support staff can move customer records freely between the corporate tenants of, Slack, and Microsoft365 but they can’t be pasted into the ChatGPT prompt window. This same boundary applies to browser extensions, which can be automatically disabled when accessing critical applications.


Contextual DLP controls offer further granularity to prevent certain types of data, like credit cards or social security numbers, from being shared with an AI tool — regardless of where they originated. If these data types are detected, the user sees a clear message explaining why their action was blocked and a reminder about using sensitive data with AI tools. This control mechanism allows for use of AI tools while preventing sensitive data getting added to a prompt. Island offers a built-in DLP engine and can integrate with external providers to leverage existing rules and classifications.   


Flexible deployment options for AI tools optimized the user experience. With Island, AI web applications can be deployed as browser extensions, added as a link to the homepage, or brought out of the browser and deployed as a standalone app on the desktop. Regardless of which deployment method users prefer, all the data controls, governance, and auditing visibility are the same. For organizations that choose to standardize on a particular AI vendor, users can see a gentle reminder or a redirect to the appropriate corporate standard AI resources when they attempt to access other AI tools — or they can be blocked entirely. And for users who are new to generative AI tools, Island offers the ideal onramp with a built-in AI Assistant that’s immediately available in a side panel within the browser. Across all deployment models, Island gives you unmatched visibility, audit logging, and metrics to refine policies and measure efficacy. 

Looking Ahead 

We don’t know exactly what the long term impact of widespread generative AI usage will be — the full potential of disruptive technologies are only understood in hindsight. It’s a safe prediction to say that AI will massively transform the way we work, and bring a dramatic increase in productivity. The risks to data security are real, but they’re overshadowed by the opportunity cost to organizations that avoid AI entirely. Across industries, the organizations that harness the power of AI for productivity and efficiency gains will see competitive advantage. The generative AI category is in the early stages, and there will surely be missteps and surprises along the way to full maturity. At this moment, there’s tremendous value in instrumenting the tools, policies, practices to safely navigate the coming AI revolution. This includes user awareness, application visibility, and governance for AI inputs and outputs.  

Island, the Enterprise Browser, is the ideal platform to safely use generative AI in the workplace. Island delivers the complete visibility, governance, and DLP controls that IT and Security teams need, along with a frictionless end-user experience that guides and informs users in using AI tools safely and efficiently. With Island, organizations can embrace innovation while safeguarding sensitive data. 

WWLW Ep. 23: The Case of the Viable BYOD Program

WWLW Ep. 23: The Case of the Viable BYOD Program

Davie Park
May 25, 2023

What we know  

Davie is working with a customer who needs to balance strong security controls with a user-friendly mobile BYOD program. This customer wants to protect sensitive data, apply DLP rules, and ensure that enterprise applications are available to their employees. Other solutions they explored forced too many trade-offs: either requiring too much intrusion into the employee’s personal device, or creating a cumbersome interface that isn’t optimized for a mobile device screen.

What we learned

A common approach for mobile BYOD programs is to use a mobile device management (MDM) solution. The challenge with this approach is that it requires a device enrollment workflow that’s unfamiliar to users and requires that employees allow management of their personal device — including the ability to wipe their device, inspect the installed apps, or route all network traffic through a proxy. For privacy-conscious employees, this is often a bridge too far.

The other approach this customer explored as desktop virtualization. Many VDI platforms offer a mobile interface, but the user experience is generally poor. Rendering virtualized applications on a tablet-sized screen may work for some use cases, but doing that on a phone is a stretch.

When this customer met with Davie and saw Island, the Enterprise Browser, they immediately saw the potential for their BYOD program.

What happened next

With the Enterprise Browser available on both iOS and Android app stores, every employee can easily install the app with the same familiar workflow they’re accustomed to. Once launched, they authenticate with their enterprise identity and can access all the apps provisioned to them. When they’re done with their work tasks, they simply switch apps to their consumer browser of choice. Unlike an MDM solution, Island doesn’t require any device-level configurations so their personal devices remain personal. When an employee leaves the organization, they simply delete the Island app and there’s nothing left behind on their device.

WWLW Ep. 22: The Case of The Credit Card Masking

WWLW Ep. 22: The Case of The Credit Card Masking

Tim Deese
May 10, 2023

What we know

Tim is working with a retailer based in the Pacific Northwest. One of their challenges is related to handling customer credit card data when they need to process refunds. The legacy payment platform they’re using requires an employee to scroll through a list of transactions to find the charge that needs to be refunded — showing too much information in the process. Rewriting that application wasn’t an option, so they turned to Island to see how we could help mask the credit cards within the web interface.

What we learned

This is a common challenge that Island, the Enterprise Browser, is perfectly positioned to solve. Many organizations have web applications that disclose more information than necessary to a user: credit card numbers, email addresses, or social security numbers, as a few examples. With Island, it’s easy to add a data masking rule that hides the sensitive information from view, with the option to reveal one record at a time as needed. Because it’s applying this masking locally in the browser, there’s no dependency on the backend systems and no code changes required — especially helpful for legacy applications that are difficult or impossible to modify.

What happened next

Tim helped this customer create a policy that obfuscates credit card numbers while leaving the last four digits visible for easy identification. The store managers now have a much improved workflow that allows them to find and issue refunds quickly without displaying every credit card number on the screen. This had been a thorny problem that their other security tools simply couldn’t resolve, until they found the Enterprise Browser. Along the way, Tim helped address several other challenges relating to safe browsing and content filtering and even found a way to open internet access for employees during their break time, while limiting distractions within the store. This is another great example of using the Enterprise Browser to improve the end-user experience while safeguarding sensitive business data.

WWLW Ep. 21: The Case of Employee Privacy on Shared Devices

WWLW Ep. 21: The Case of Employee Privacy on Shared Devices

Matt Pour
May 3, 2023

What we know

Matt is working with a retail-based service provider with over a thousand locations who raised a concern around employee privacy. Their service technicians use shared computers as part of their workflow and accidental disclosure of personal & sensitive information is an issue. Complicating the matter, this organization is required to adhere to various state and federal privacy laws in each region they do business in.

What we learned

This organization’s Privacy Officer shared a concern with Matt that their employees were using shared computers to access their pay statements and tax documents and leaving them on the desktop where another employee could easily find them. Obviously this was not ideal. Fortunately, Matt was able to work with them to implement policies within the Island Enterprise Browser to proactively warn employees when they were accessing sensitive information on the shared computer and automatically delete the records once they were done.

What happened next

This customer experience is a perfect example of how Island, The Enterprise Browser, offers real value that goes beyond IT and Security. The Privacy Officer and their legal department were pleased to discover that Island could solve a challenging issue for their staff, and the employees at this organization benefit from Island’s ease of use while protecting their personal data from accidental disclosure.

WWLW Ep. 20: The Case of Saying “Yes”

WWLW Ep. 20: The Case of Saying “Yes”

Dean Carey
April 26, 2023

What we know  

Dean is working with a large financial services company who found Island as the ideal solution for several of their data security and access controls. Along the way, they uncovered an opportunity to change the way they approach the use of personal apps like Gmail.

What we learned

As a financial company, their employees routinely handle sensitive customer and financial information and they operate under strict financial regulations. Previously, their policy around personal apps was simple: not allowed on company devices. This simplified data controls, but it created some frustrations for users who wanted to take a few minutes in their day to send a personal email. Users would need to switch between devices or wait until they left the office. With Island, they were able to take a new approach and say “yes” to users who desired the convenience of a quick personal email while at work.

What happened next

By implementing the Enterprise Browser, this company now has all the data controls and visibility they require to create a firm boundary around sensitive information and ensure that nothing leaks out the side door into a personal email thread. This new posture is very popular with their user community and it’s helped accelerate their rollout of Island. Now, users get both a valuable workplace for conducting all their work tasks and a safe, secure way to access personal apps. And importantly, they use the built-in Island privacy indicators to clearly show their users that personal information is not being tracked when they’re engaging with personal apps. The company can say “yes” while strengthening their security posture.

WWLW Ep. 19: The Case of the Claims Adjusters

WWLW Ep. 19: The Case of the Claims Adjusters

Derek Carver
April 19, 2023

What we know  

Derek is working with an insurance company based in the U.S. with a large staff who work remotely and travel on-site to document and evaluate their customer insurance claims. The onboarding process for these remote staff was starting to cause friction and unwanted delays. Their previous model was to ship a full computer workstation to the employee’s home and then walk through the setup process over the phone. With a varying degree of technical savviness, it resulted in hours of help desk agent time and frustration for the employee — not to mention a significant upfront cost for the hardware and shipping.

What we learned

Derek worked with this customer to design a model where employees could use their existing computer and install the Enterprise Browser to access all the applications and resources they need. Compared to the task of setting up a full workstation, the process of installing Island is a snap. The demand on their help desk dropped significantly, and the hardware and shipping costs went to zero. Another benefit to using Island is the integrated Island Private Access solution that replaces their legacy VPN solution. Now their employees get fast access to every web application they need, with Island securely routing traffic for internal apps and sending public Internet traffic directly through their home broadband connection. VPN congestion was a problem during busy times of the year, and Island completely eliminates that bottleneck.

What happened next

Another big improvement for the claims adjusters who travel on-site to their customer’s location is the Island Mobile app. Previously, adjusters would visit the site, take photos and notes, then return to their home office to input all the information. With Island Mobile, they can access their claims applications directly from a smartphone or tablet over a cellular network. This reduces the time between to begin the claims process and eliminates the extra step for adjusters. With Island, this insurance company is streamlining their entire claims adjustment process and delighting their employees with a fast, efficient workflow.

WWLW Ep. 18: The Case of the Graceful M&A Onboarding

WWLW Ep. 18: The Case of the Graceful M&A Onboarding

Brian Borthwell
April 12, 2023

What we know  

Brian is working with a customer who recently acquired another company and working through the project of merging their systems and onboarding their staff. One of the big challenges with M&A activity is the scale of the onboarding process — unlike regular employee hiring that is gradual over time, they need to simultaneously onboard thousands of employees all at the same time.

What we learned

This organization considered a few different approaches: shipping out new laptops or deploying a VPN client to quickly grant access to their internal systems. Brian was already engaged on a project with a different group to explore using the Enterprise Browser. When they learned about Island Private Access, the integrated ZTNA solution for private network access, they realized this was the perfect solution for solving the M&A onboarding challenge.

What happened next

The configuration of the Enterprise Browser with Island Private Access was quick and easy, and when they deployed Island to the staff at the acquired company, they loved it. Compared to alternatives like VPN or VDI, the Enterprise Browser is fast, intuitive, and easy to use. Employees got immediate access to all the applications and resources they needed to be productive, on day one. The CISO of the acquiring company was pleased with the visibility and device posture controls that Island offers — without requiring any additional agents like MDM or EPP on the device. This M&A onboarding project was a complete success, and accelerated the adoption of the Enterprise Browser across the whole company.

WWLW Ep. 17: The Case of Securing Unmanaged Devices

WWLW Ep. 17: The Case of Securing Unmanaged Devices

Adrian Cunningham
March 29, 2023

What we know  

Adrian is working with a company who’s working on an innovative approach to transportation. This company is focused heavily on research and development, with extremely valuable intellectual property (IP) that they need to secure.

What we learned

Like many organizations, this company has a mix of full-time employees and contract workers. As such, they can’t always count on having full device management in place for all their worker’s devices. When they found Island, the ability to deploy the Enterprise Browser on any device — managed or unmanaged — and establish controls around their data, it was a perfect fit for their needs. Leveraging Island’s dynamic device posture assessment, this company built policies that treat managed devices differently than unmanaged. For example, if a user on an unmanaged device launches the Slack app, they’re gracefully redirected to the Slack interface within the Enterprise Browser. On a managed device, they can use the standalone Slack app.

What happened next

While working with Adrian and building policies, this company identified a handful of internal applications that aren’t exposed to the Internet. When they learned about Island Private Access, they were delighted to discover how fast and easy it was to configure and enable remote access without a traditional VPN client. A project that they assumed would take hours was completed in minutes.

A new solution to the age-old challenge of web filtering

A new solution to the age-old challenge of web filtering

Scott Montgomery
March 28, 2023

Sometimes changing one thing changes everything.
This may sound pithy, but there’s a healthy dose of truth to it. Just ask any of the social media companies who had to completely reimagine their products to adapt to the smartphone era. (Yes, we had social media before the smartphone!) For that matter, ask Canon or Nikon how their DSLR business changed when smartphones put software-enhanced digital cameras in the pocket of billions of people.

The five most popular cameras by users in the Flickr photo-sharing community are all iPhones.

The web security industry is no different. To understand the opportunity of the moment, let’s first look back at where we started: 

First the earth cooled. Then the dinosaurs came. Then people determined that the Internet was a bit dangerous. 

What followed was a period of problem identification, solution, lawsuits, and legislation. Advocates of web filtering were concerned particularly about public libraries, which was where many people, school-age children included, had their only access to the internet. Was filtering limiting free speech? Was the ability to filter pornography from libraries to protect children a Constitutional issue? Lawsuits did ensue, and ultimately Congress stepped in, passing the landmark 2000 Children’s Internet Protection Act, or CIPA. At the time, the dominant browsers were Navigator from Netscape, and Microsoft’s Internet Explorer. Both were designed for consumers to access the bold new landscape of the World Wide Web. 

Around the same time, the market for personal web filtering formed with companies like NetNanny and CyberPatrol running locally on a user’s computer, trying to sort out whether the user was browsing to pornography or how to conduct a breast self-examination – with sometimes underwhelming results. Companies too weighed in as employees often used the higher bandwidth at work to look at content they couldn’t see as easily at home. Vendors for this side of the market included Websense and Secure Computing, selling URL filtering often bundled with caching tools or firewalls. 

In each case, the filtering technology continued to evolve and added tools like categorization, reputation, dynamic DNS searching, geo-location, and a host of additional features to try and keep up. As time marched on, both consumers and enterprise organizations began to insist upon encryption of browser-borne traffic, leading to the standardization of the use of SSL and ultimately TLS. The use cases that began with ecommerce purchases quickly evolved to begin encrypting PII and PHI in transit. Eventually web sites standardized on HTTPS as a best practice.

Web filtering had to catch up too, adding ‘break and inspect’ techniques – what amounts to an  ‘authorized’ man-in-the-middle attack on encrypted web traffic. This allows the filter to determine whether the outbound request was acceptable by policy from the URL filtering standpoint and whether the reply data had malware or unacceptable content in it. As organizational data started to have a dollar value outside of the organization to cybercriminals and state-sponsored adversaries, it became necessary to break and inspect to determine whether valuable data was being inadvertently or maliciously leaked. A variety of network and cloud-based data loss prevention (DLP) suites were attached or involved to the practice of web filtering. 

Eventually, users and companies began to want to utilize software-as-a-service, storage, and a variety of other tools that were hosted in the cloud, requiring even more new categories for filtering and protections. Billions and billions of dollars are spent each year on increasingly complex host, network, and cloud security controls. Why?

Because the browser is still designed for consumers, on a personal device, connecting from a home network. None of these complex security operations are performed where they should be — the browser — where the encryption handshake between client and server occurs.

What tool should know whether or not the requested URL agrees with organizational policy? The browser.

What tool should determine if the reply data has malware or other harmful content? The browser.

What tool should identify whether an uploaded file is a violation of company policy because of the destination, data contents, or other characteristics? The browser.

What tool spans across all of the devices a user might have or want to use whether a laptop, tablet, or smartphone? The browser.

And yet, what consumer browser allows policies to be centrally managed to create and enforce these protections without spending millions of dollars on other tools that literally require a technique that we would otherwise classify as a malicious man-in-the-middle attack? None.

Which browser should you consider as part of your modern toolset to increase productivity, improve user experience, and reduce complexity without sacrificing security controls? 

Island. The Enterprise Browser. Sometimes changing one thing changes everything.

Web filtering, Enterprise Browser
WWLW Ep. 16: The Case of the Safe Browsing Platform

WWLW Ep. 16: The Case of the Safe Browsing Platform

Elad Leizerin
March 22, 2023

What we know  

Elad is working with an insurance company who wants to ensure their employees have a safe browsing environment. All organizations have a desire to protect their users from the myriad of threats that are troublingly common on the web today. For an insurance company — managing financial transactions and sensitive customer records — it’s imperative.

What we learned

When this customer connected with Elad and learned about Island, the Enterprise Browser, they immediately saw a solution to this challenge. The Enterprise Browser is a unique approach to safe browsing, by embedding critical security features within a familiar web browsing experience. This allows for more advanced controls to secure cookies and govern the browser extensions layer for sensitive company applications. The Enterprise Browser also offers browser isolation to defeat threats that exploit modern web technologies like the just-in-time (JIT) compiler. To ensure that their security posture is always up-to-date, Island also offers an automatic patching system that keeps the Enterprise Browser updated without relying on any third-party management tools.

What happened next

With Island, this customer offers their employees a safe and secure browsing experience without any disruption to their workflows. Every aspect of the browsing experience — from web content to downloads to extensions — is governed and secured in accordance with company policy.

Make the web browser an active player in getting work done

Make the web browser an active player in getting work done

Tad Johnson
March 21, 2023

The browser is the most-used application for the vast majority of workers. Over decades of innovation, web applications and SaaS business models have flourished. It’s not just possible, but increasingly common, for employees at all levels to complete their daily tasks entirely within a browser.

Even so, the web browser itself is not dramatically different today than it was ten years ago. Sure, it’s faster and capable of rendering increasingly sophisticated web applications. It offers some conveniences like filling in your contact information on a web form or remembering your passwords. It can efficiently stream high-res video and audio. What’s missing is the parallel track of innovation to make the web browser as productive a business tool as the suite of SaaS tools that we use every day.

This is the missing gap that motivated Island to create the Enterprise Browser.

Now, employees around the world start their workday with a browser that is intentionally designed to help them be productive. It starts with a company-branded launch page that is tailored with all the tools they need — personalized based on their particular role, location, or group. Since it’s integrated with their workplace identity using single sign-on, every tool and application is immediately accessible. This is especially valuable for onboarding new employees who can get to work immediately, without the need to build a personal collection of bookmarks. For organizations completing a merger or acquisitions, the ability to instantly enable access to groups of employees is particularly useful. The same benefit extends to the IT teams who are introducing a new SaaS tool or replacing a legacy app. With a single configuration change, the new tool is immediately available to everyone who needs it.

Many workers will find a need to use multiple devices throughout a typical week. Shift workers in health care or manufacturing, for example, or the office-based employee who periodically logs in from their home computer to complete a task. With the Enterprise Browser, everything you need to get work done follows you to each device and synchronizes using the Island Cloud. Administrators can configure the sync experience to fit the business needs, and define how user sessions are handled. This capability can save the day when a laptop is lost or left behind, allowing an employee to regain productivity with a replacement in minutes.

Frontline employees like sales reps, customer support, or call center agents can speed up common tasks using the smart clipboard manager that’s integrated into the Enterprise Browser. Common responses for customer queries are automatically loaded into the smart clipboard to make chat or email responses quick and efficient. And since these smart clips are managed through the Island Management Console, managers can make updates that are instantly cascaded to each employee so everyone is always sharing the right information. In addition to Smart Clips, the Island clipboard remembers the last 50 elements that are copied to eliminate the need to “pogo-stick” between pages when transferring several pieces of information. These timesaving conveniences quickly add up for anyone who touches dozens or hundreds of records in a day.

A side-effect of the rapid innovation in web technologies is that many organizations end up with one or more legacy applications that are critical for some important function yet impractical to update and maintain. CIOs are left with two choices: either implement a costly migration project or live with the legacy app and all its shortcomings. The Enterprise Browser includes robotic process automation (RPA) that can modify the user interface of any web app to add multi-factor authentication, hide obsolete fields, or disable certain actions. These modifications can be applied for select users, groups, or across the board to fit the business need. And it’s not limited to legacy apps, as the same RPA technology applies to any web app, such as a SaaS app that would normally be impossible to modify directly. By tailoring apps to fit the exact business workflow, user productivity goes up and human errors go down.

Offering these productivity enhancements to your employees is a great first step at creating the ideal employee working environment. To take it further, Island recently introduced a Digital Employee Experience dashboard with granular metrics around application usage and performance. With this expansive dataset, IT administrators can identify issues with certain networks, devices, or applications and take remediation action — without waiting for users to complain. By simply deploying the Island Enterprise Browser within your organization, you can make a meaningful difference with the day-to-day employee experience while collecting all the metrics to help you make informed, proactive decisions.

The Island Enterprise Browser makes a familiar, frictionless workspace that’s the ideal employee experience for getting work done.

WWLW Ep. 15: The Case of The Safer, Smoother VDI & DaaS Experience

WWLW Ep. 15: The Case of The Safer, Smoother VDI & DaaS Experience

Jason Trunk
March 8, 2023

What we know  

Jason is working with a global financial institution with a large VDI deployment. Virtual Desktop Infrastructure (VDI) and Desktop as a Service (DaaS) rapidly grew in popularity as more workers left the traditional office environment. The IT team likes the control and manageability of virtual desktops, but have also discovered that the end-user experience can be dreadful, particularly for their global employees on limited bandwidth connections. When this customer learned about Island, they saw an opportunity to improve the virtual desktop experience across the board.

What we learned

This customer had two different challenges with their virtual desktop environment:

First, they found that many of their users logged on to the virtual desktop every day and primarily used just one application: the web browser! The added round-trip network path for every web request meant their browsing experience was degraded. It’s also a significant expense to the company, paying for the bandwidth, VDI or DaaS platforms, plus the administrative staff to manage it.

The other challenge was around data security and application access. Employees need secure access to protected applications that handle financial and customer data. Their VDI environment was configured to connect to their private network, but they wanted more granularity and easier auditing of user activity. Ideally, their employees would only connect to their private network when interacting with protected applications, rather than the always-on connection within the virtual desktop.

What happened next

Jason helped this customer to deploy Island, the Enterprise Browser to satisfy both requirements. For the users whose work is primarily through SaaS and web applications, Island offers a faster and more efficient connection path. They can launch the Enterprise Browser from their desktop directly, without the added overhead of virtualization. Island protects all their browsing activity and grants access to all their web applications, even those on the protected network via Island Private Access.

Island was also installed as an application within the virtual desktop environment. Now the users who require non-web applications can use those within their virtual desktop and launch the Enterprise Browser for web access. The Security team gains valuable logging and analytics about all web activity and can ensure a safe browsing experience for all of their users.

Internet Explorer End of Life is Here

Internet Explorer End of Life is Here

Tad Johnson
March 8, 2023

Microsoft’s Internet Explorer (IE) debuted three decades ago and introduced millions of users to the (then) relatively new wonders of the world wide web. IE was so wildly successful in the 1990s and early 2000s that it was commonplace to write web applications based on its proprietary rendering engine. Twenty years later, many of those web applications are still in use — but Internet Explorer has reached its end of life. IT Leaders are faced with the challenge of navigating the transition to modern web applications without disrupting the business or leaving users exposed with unsupported, deprecated technology. Island stands ready to help.

The transition away from IE is a long time coming and Microsoft has gone to heroic lengths to minimize the impact to their customers. In 2015, Microsoft launched Edge, the successor to IE, and recommended that customers begin planning their migrations. In 2019, Microsoft Chief of Security Chris Jackson recommended that customers stop using IE as their default browser. In 2020, Edge adopted the Chromium engine, greatly improving compatibility with virtually all modern web applications that are built and optimized for Chromium. Last year the IE desktop application ended support for most versions of Windows and this year all remaining IE applications will be disabled with an update for Windows 10. The end of the IE era is here.

Today, web applications play a critical role in virtually every enterprise. The evolution of SaaS and web technology makes the web browser a mission-critical application. What started as a mostly passive browsing experience in the 1990s is now an activation application platform with nearly limitless potential. This insight is what inspired Island to create the Enterprise Browser: a web browser that’s built for today’s enterprise workflows, and includes the security, productivity, and IT management tools that businesses need.

To assist customers in making the transition away from Internet Explorer, Island offers IE Legacy Mode, based on the same technology used in Edge (Microsoft is committed to including legacy mode through at least 2029). To support the widest possible range of applications, Island Legacy Mode can be configured for IE5 through IE11, along with supporting legacy dependencies like ActiveX or Silverlight. But Island goes much further than simple compatibility. Choosing the Enterprise Browser gives you complete control and visibility to every web application and browsing activity — without making any changes to the underlying web or SaaS apps you’re using. The Enterprise Browser is secure by design, insulating users and critical application data from whole categories of web-based threats or malicious attackers. It can create secure network connections to legacy apps served from behind your firewall, without a VPN client. It’s also smart: you can build in business logic to modify the behavior of web applications without ever touching a line of code. Island’s integrated robotic process automation (RPA) can add multi-factor authentication, remove a deprecated button, mask sensitive data, and more. And importantly, the Enterprise Browser is backed by a dedicated team of web technology experts who can help guide you through the IE transition and build a future-proof web application strategy.

Internet Explorer is going away. Legacy applications must be addressed. This is the ideal moment to take a fresh look at the web browser and discover how the Enterprise Browser delivers a dramatic, positive impact on every layer of cybersecurity and all other functions of IT, all while improving the end user experience. When you’re ready, let's talk.

Island named one of the most innovative companies of the year

Island named one of the most innovative companies of the year

Ari Yablok
March 6, 2023

<div class="vimeo-embed" data-plyr-provider="vimeo"></div>
<div class="vimeo-video-id" data-type="inline" data-aspect-ratio="square">806261323</div>

Island was just named one of the most innovative companies of 2023 by Fast Company. It’s a real honor to be recognized for the breakthrough tech we’re creating and delivering to our customers. A moment we’re incredibly proud of and want to share with the world.

But I was working on a million different things when we found out and I didn’t have time to write a whole blog article about it.

So I didn’t. I had Island GPT Assistant do it for me.

It was my first time using Island GPT Assistant inside my regular workflow to accomplish a task I’d normally do on my own. And I must say – it did a pretty good job.

Here’s the article it wrote for me about how innovative Island is, so I can continue… innovating. Congrats Island!

It's official: Island, The Enterprise Browser, was just named one of the most innovative companies of 2023 by Fast Company, and we couldn't be more proud.

The list recognizes companies that have launched groundbreaking ideas that have the potential to revolutionize their respective industries. Each year, Fast Company editors and writers select the most remarkable businesses across 36 categories, including health, finance, government and artificial intelligence.

We at Island have worked hard to create a browser that helps businesses remain secure while providing their employees with the necessary tools they need to excel in the modern workplace. Now, to see that effort - and our groundbreaking browser - receive national recognition, is beyond validating.

But how did Island gain this recognition? What exactly makes Island innovative?

Is it the fact that it’s so different from all other security and IT solutions on the market?

Or the many capabilities it makes possible for organizations?

Or how excited both security administrators and end-users are about using it?

Or the game-changing impact it’s having on enterprise work?

We’d like to think the answer is all of the above.

But don’t take our word for it. Our customers themselves can tell you everything you need to know about Island’s innovative strength.

“It really is a game changer.” – Frank Gulotti, Head of IT Infrastructure, Bloomreach

“It just checked so many boxes of what we were missing.” – Tim Ringley, VP and CISO, The Bank of Marion

We can do things we didn’t think we could do” - Bob Schuetter, CISO, Ashland

“It’s just such a different approach.” – Brandon Shafer, Director of IT, Mattress Firm

“My mind went wandering in a million different directions.” – Emily Heath, Former CTSO, Docusign. Former CISO, United Airlines

“It’s going to change the industry.” – Gai Hanochi, VP Business Technologies, Fiverr

Island The Enterprise Browser has earned its place as one of the most innovative companies of 2023 based on its commitment to providing secure and productive web browsing experiences to businesses and their employees. We are honored to have received this recognition and will continue to strive to exceed the expectations of our amazing customers.

WWLW Ep. 14: The Case of the Exposed Gift Card Codes

WWLW Ep. 14: The Case of the Exposed Gift Card Codes

Paul Murgatroyd
March 1, 2023

What we know  

Paul is working with a global eGift Card Retailer who’s faced with a unique challenge around their customer service reps. When assisting customers with purchasing or redeeming gift cards, the customer service team naturally has to handle personal & financial data, as well as gift card codes themselves. Those codes, which customers may share with customer service reps, can be redeemed by anyone, so it’s in their best interest to tightly control the visibility of these codes.

What we learned

All customer service interactions are done through a SaaS platform and handled by a distributed support team. The customer learned about Island and was intrigued by the ability to protect and conceal data like gift card codes when working in the Enterprise Browser. As this company grows their operations, they also need the flexibility to quickly expand the customer service team and onboard new staff. Island offers the ideal platform to provision new users and protect the sensitive data that they work with every day.

What happened next

While each code is unique, they follow a consistent pattern so it’s easy to identify when a code is included in a support request ticket. Paul helped this customer configure Island’s Robotic Process Automation (RPA) capability to detect and mask gift card codes — wherever they appear within the Enterprise Browser. Importantly, this capability is done entirely within the browser and does not require any changes to the underlying SaaS applications. They allow for certain users (like the escalations team) the option to un-mask codes when required. These events are logged and easily audited through the Island Management Console. The combination of effortless onboarding, automatic data protections, and dynamic policy controls made Island the ideal choice.

Introducing Island GPT Assistant

Introducing Island GPT Assistant

Dan Amiga
January 26, 2023

Since it was announced several weeks ago, ChatGPT has captured the imaginations of nearly everyone using the internet.

Island’s mission is to make work extremely efficient, completely secure and profoundly simple. Which got us thinking. What if ChatGPT was built into the browser to dramatically change things at work? It’s already shown its effectiveness when given one-off tasks. But what if it was readily available from within the browser itself – helping us out with our daily work?

Today, we’re raising the curtain on the industry’s first integration of ChatGPT into a browser, with Island GPT Assistant for the Island Enterprise Browser. The Island Enterprise Browser gives organizations  complete control, visibility, and governance over everything that happens in the browser, while users get the smooth, Chromium-based browsing experience they know and love.

Island GPT Assistant is the industry’s first integration of ChatGPT’s technology into a browser, and goes beyond simply placing generative AI inside the browser – it provides deep contextual awareness, so you receive prompts that are informed by your behavior and relevant to what you’re working on, as you work on it.

If you’re not familiar – ChatGPT is the generative AI chat assistant launched by OpenAI in November, 2022. Since then, it’s become a global cultural phenomenon for its advanced ability to actually “talk” to us humans, responding to our detailed queries with complex, thoughtful, human-like answers. It’s the latest in conversational intelligence technology, and in the short period since its debut, millions of people across all walks of life have experimented with it to draft term papers, write poetry, compose music, do research and lots more.

We designed The Enterprise Browser to dramatically simplify everything that goes into securing and enabling work. For organizations, this means unprecedented control, visibility, and governance over all work activity from within the browser itself. But what could it mean for end users? Making everyday tasks simpler using generative AI seemed like a perfect fit.  

We’re only starting to understand all the possibilities, but one thing is clear - workflows everywhere are about to get a lot simpler. How exactly? Let’s take a look.

The ultimate assistant

What might a work day look like with the Island GPT Assistant by your side?

Imagine getting a lengthy email from a colleague. It’s filled with specific info you need to relay to your manager in a clear and simple way.

But instead of searching the whole message for the important parts yourself, you right click, and ask Island GPT Assistant to summarize it for you. Then you ask for a bullet point list of the main points that you can easily send over to your boss.

See it in action here:

But it goes much further.

  • Software developers can ask Island GPT to check their newly written code for bugs, right on the page.
  • Salespeople can find the perfect title for their cold outreach email as they’re writing it.
  • Customer service agents can keep customers happy by quickly generating responses to their  questions.
  • Marketers can research their competitors as they prepare their upcoming campaign.
  • Product managers can find user-friendly names for products and features they’re building.

What’s ahead

And this is just the beginning. We’re developing some more advanced features that will redefine what’s possible with AI at work. In the future, Island GPT Assistant can learn your organization’s documentation, giving your internal teams, external contractors, partners and BPOs alike the ability to research and understand every aspect of the product or service they are working on. It can learn the ways your people work and make suggestions for more productive workflows. It might be the ultimate assistant helping to optimize your own work. And it can also be the ultimate onboarding tool - providing a hyper-personalized, comprehensive experience for every new employee or contractor.

And on the admin side of things, organizations will be able to control how their end users interact with Island GPT Assistant, choosing which groups have access, and fine-tuning the experience down to the department or use case.

To us, Island GPT Assistant is a testament to what’s possible when you reimagine the browser for the enterprise. It’s an environment that is not just fundamentally secure for organizations, but one that can continuously provide ways for users to work better, faster, and simpler.

And yes, this article was written with the help of The Island GPT Assistant :).

Author, Dan Amiga

Co-founder and CTO

From Newcomer to Innovator in 90 days: The Island Onboarding Experience

From Newcomer to Innovator in 90 days: The Island Onboarding Experience

Adi Reis
Alon Biran
December 13, 2022

When your goal is to reach a very specific target that’s very far away, trajectory is everything. The slightest turn and you may miss the mark entirely.

This is why we at Island have been obsessed with onboarding since day zero. Set the precise trajectory for each engineer, and they’ll be perfectly positioned to build amazing things for months and years to come. But what does that onboarding experience look like? And how do we build an easily scalable process for the huge amount of talent showing up? And what if these aren’t entry-level developers, but first-class engineers, team leaders, superstars, ex-founders, top engineers in their former company? What kind of process will prepare them to work at the highest level as soon as possible?

This made our challenge especially difficult.

The most talented people are usually already happy where they are. Companies invest in retaining them, both by compensating them well, and challenging them to do meaningful work. We needed to convince them to take a big step out of their comfort zones and enter the unknown. And even after they do make the move to a new company, it can be months before they learn the new role, product, and team, and begin making the impact they were used to making in their previous role.

This pushed us to think up the ideal onboarding plan.

One that will help new team members get comfortable with new tech, a new codebase, and new team dynamics. One that empowers all types of engineers to learn and develop at their own pace, inside their specific domain, and within their own areas of interest. And most importantly - one that continuously offers opportunities to do cutting-edge, innovative work.

I was so impressed by how early the company started investing in training. All onboarding materials were perfectly organized. I’m 90 days in, and the challenges are only getting bigger and more exciting - and I don't see it slowing down any time soon.

- Adi K., Software Tech Lead

And like our development cycle, we’re continuously investing in our onboarding. Testing it. Adjusting it. Doing frequent retrospectives on it. So we know it continues to serve our people and our business in the best way possible.

But enough talking - let’s dive into it. Here is the experience our engineers encounter in the first 90 days at Island.

First, meet your buddy

Before you start, we assign you a “buddy”. Your buddy is your go-to mentor. The one who will help you in the coming months with everything you need, from learning the company culture and mission, to all the technical stuff like product architecture and code reviews, as well as the day-to-day activities like lunch, operations and administration.

Your buddy will also introduce you to some new groups of fellow engineers to expand your personal and professional network beyond the friends you already have inside the company.

A few days before you start, your new group lead will reach out to tell you who your chosen buddy is, how your first days and weeks will look, and some of the basics like when to show up on day one. He/she will also tell you a bit about which “Island”  (a.k.a team) you’re joining. This is to help the newcomer feel welcome, get acquainted with things before walking through the door, and know how excited we are for them to join.

Day One

You’re finally here! We’ve been waiting for you! So what does your first day look like?

You’ll arrive a little bit early to meet a few people in the dining area to get those first few awkward introductions out of the way. And of course, coffee and breakfast :).

Your workspace will already be set up with your new computer and some swag waiting at your desk.

You’ll start the day getting to know your direct manager. Your manager will talk a little bit about how the business is doing, where we are as a company,  what your Island will focus on, and some other general points. He/she will also discuss your goals, targets and milestones as an Islander.  You’ll also have your first daily stand-up meeting with your island. There, you’ll get to meet all of your new teammates.

Next comes your first meeting with your buddy. He/she will share your onboarding plan and show you our detailed onboarding guide. He/she will also advise you on what to focus on based on your previous skills and experience.

I'm not just learning what to code. I'm understanding how we present the product to potential customers, how we respond to their needs, and what our role is as engineers in getting a customer to choose us.

- Eran A., Software Engineer

Remember - take your time. Ask even the most basic questions. Learn about the areas of your work you’re not yet familiar with. Don’t hop on the train until you’re ready - because once you do, the train won’t stop moving. Fast. So enjoy the peace and quiet while you can :)

In addition to that, you will also meet our Engineering & Product leadership. They'll share some aspects of Island that are core to what we do – like our agile methodology, end-to-end ownership, and putting the customer first as well as where we are from a business perspective and what our high level company goals are.

Week One - The Organization & Business

Your first week will include many face-to-face introductions, where you’ll learn about Island’s different departments and stakeholders (product, design, HR, engineering and many many more!) , you’ll also watch some great recorded presentations on business goals, product introduction, the Island brand and company architecture.

You’ll start reading up on our technology, get familiar with our development process and learn about our tech stack.

You like headphones? Perfect - you’ll be spending most of this week wearing them ;).

Day 30 - Technical Deep Dive

By now, you’ve gotten your hands dirty, learned the technology stack, and had an exercise or two reviewed by your buddy and some fellow engineers.

You completed a few automation tasks, know your way around the architecture, and can run the product end to end.

You even did some field-impacting tasks from a backlog of small tasks we always have.

Congratulations – you’ve officially completed your first milestone as an Islander. (There’s a beer in the fridge with your name on it - go celebrate :)

I'm three months in and already completing tasks like everyone else on my team. And yet, I'm still learning and developing each day as if I just started.
- Noa D., Software Engineer

Day 90 - Crossing The Entire Stack

Now, it’s time to become an expert. After completing the initial milestones of your onboarding, we know what your sweet spot is and where you can strengthen your knowledge and skills in order to become an Island engineer.  

Your manager will now assign tasks from different areas across the architecture to ensure that you get real comfortable with the product’s entire technology stack. The ultimate goal? To give you a deep understanding of our coding standards, how to write code for each component, what the right CI and automation is for each, how to deploy gradually and safely, and how to monitor and track all your deployments and features. Soon, you’ll be ready to do your first demo in front of the entire team (that’s a big deal around here), where you’ll explain how you built your feature, why you made it that way, and its business impact on the company as a whole.

You will also gain visibility into the different deployments and customer engagements so that you know what’s going on with our customers. At Island, we keep our customer engagements very visible to everyone and promote engaging with the field, keeping the engineering team very close to our go-to-market team and the product itself. We believe this will give engineers a broader perspective on the development process and on customers' needs. And ultimately, it will lead to better products and greater innovation.

From Engineer to Company Builder

Ok - so you’ve seen it all. How we plan, build, and ship products at the highest possible standard. What’s next? Time to explore. With an enormous platform and architecture, we rely on our engineers to actively seek out new business cases, investigate new technologies, and innovate on our product continuously. And by doing so, your job never stays the same. You and the environment around you will constantly evolve, expand, and accelerate. New challenges will arise, and with them, new opportunities will emerge. And in a short while, you’ll find yourself leading an entire Island of your own (more on our ‘Islands of Innovation’ model here). Building standalone products, competing against large companies’ core business, onboarding new engineers of your own, and overseeing all aspects of your team’s success.

It’ll be like operating your own startup within a startup.

If you’re an ambitious engineer, you’re an entrepreneur at heart. And here, you’re purposely positioned to naturally evolve into one. Which means the ‘ceiling’ that engineers often hit at startups - when work begins to feel stale, routine, unsatisfying - that doesn’t exist at Island. By design.

So roll up your sleeves. Hop on the train. And start building something special.

WWLW Ep. 13: The Case of Helping the Help Center

WWLW Ep. 13: The Case of Helping the Help Center

Elad Leizerin
December 7, 2022

What we know

Elad is working with a customer who provides a global B2C platform with millions of customers. They manage several distributed help centers around the world to support all constituents on the platform. The help center staff will naturally interact with PII, financial, and other sensitive company data during the course of their work. They need a platform that meets their security needs and offers the speed and dexterity their staff require.

What we learned

The help center staff need to use a variety of applications throughout their workday. Some are SaaS apps, others are internal applications hosted in a private network. Elad and the Island team helped this customer to configure Island Private Access to create a secure zero trust connection to their private applications. The end-users were delighted by the speed and simplicity of the Island browser. Every application they need is available on their customized home screen, and the Island Private Access connection is completely transparent.  

What happened next

By deploying Island, the Enterprise Browser for their help centers, this customer found their staff were more efficient and productive. This led to a faster response time for customers, improved employee satisfaction, and ultimately improved the company’s bottom line. The security requirements were easily achieved without any user hinderance, and the Island Private Access solution made private application access effortless.

WWLW Ep. 12: The Case of the Clean Desk Policy

WWLW Ep. 12: The Case of the Clean Desk Policy

Adam Thompson
November 16, 2022

What we know

Adam is working with a customer in the Business Process Outsourcing (BPO) industry who wanted to explore a new endpoint technology strategy. They have a large, distributed workforce who need to efficiently pivot between customer accounts. Most of their work involves sensitive business records so robust information security is essential. They weren’t happy with the traditional options like desktop virtualization so they sought out Island for a new approach.

What we learned

This customer reported the same thing that we hear from many customers with distributed workforce: the user experience for desktop virtualization can be really painful. When you combine long distance backhauls to the VDI infrastructure and highly variable local bandwidth, desktop virtualization slows to a crawl. If you’ve ever been on the phone with a customer support representative who asked you to wait while their system responded, you’ve likely been at the receiving end of a poor virtualization experience.

What happened next

Rolling out Island, the Enterprise Browser, immediately improved the user experience for BPO staff. Now they access web applications directly with the browser running on their local machine, with no added lag for virtualization. Beyond that, this organization found Island offered the ideal platform to communicate and enforce their “clean desktop policy” for all employees. Island offers the last-mile controls to define data boundaries within critical applications, along with user-facing messaging and advanced logging. All together, this solution is helping this BPO to deliver exceptional customer service and create a great working environment for their employees.

Meet the security and IT executives who are rethinking enterprise work

Meet the security and IT executives who are rethinking enterprise work

Ari Yablok
November 10, 2022

Some ideas are so powerfully simple, they aren’t embraced at first. They need some time to sink in.

Consider the story of the Universal Product Code, a.k.a the UPC – That small black and white rectangle, scanned billions of times a day for nearly every product transaction worldwide. When the barcode was first introduced in the early 1970s, businesses struggled to envision themselves adopting it in their stores. True, the existing manual checkout process was complex, labor-intensive, and full of errors. But an automated system seemed too… different. Too good to be true. And to the industry that would come to rely on it most — supermarkets — the technology was nearly overlooked.

Then, some customers started using it. All kinds of customers. And all at once, the massive potential of the barcode became obvious. Mass-merchandisers like Kmart began using them to automate their checkout process. Automotive and railroad companies like GM scanned them to track car parts and identify train locations. Even the U.S. government used them to standardize vendor transactions. Suddenly, that little box wasn’t just about buying groceries. It was about revolutionizing entire industries.

It took some time, but we all know what happened next. Supermarkets, along with nearly every product-driven industry on earth, adopted the barcode as a foundation of their business. All they needed were those initial customers to tell their story. To help them see it.

The Enterprise Browser began as a powerfully simple idea. We already use a browser for work. What if we built the core IT, security, and productivity needs of the enterprise right into it? What could something like that do for the enterprise?

We thought we had the answers. But like the barcode, there was some hesitation at first around a browser becoming the foundation of an organization’s IT and security infrastructure.

“What does a browser have to do with security?”

“Why do I need another browser?”

“You’re asking me to pay for a browser?”

Yet, also like the barcode, it was our customers who ultimately made The Enterprise Browser’s potential obvious. Once it was in their hands, they understood just how impactful it can be. Not just on their particular business, but on entire industries.

“It just checked off so many boxes of what we were trying to accomplish.”

“It’s amazing the control and visibility you get in an instant.”

“It’s as simple as installing a browser.”

“How is it that nobody thought of this before?”

It took some time, but it sunk in. And the idea of an enterprise browser is now taking off faster than we ever imagined. We’ve heard story after story of the impact this powerfully simple idea is having on all kinds of organizations – from banks to retailers to chemical manufacturers.  How it’s keeping data completely secure, yet making work more enjoyable for end users. How deploying it is as simple as installing a browser. How tracking down security incidents takes minutes instead of hours. How this one change has the potential to change everything.

We invite you to experience these customer stories for yourself. Maybe one will speak directly to you and your needs. Maybe you’ll find The Enterprise Browser checks off some or all of your boxes. And maybe a new story or two of your own will emerge – just don’t forget to take some time to let it sink in.

WWLW Ep. 11: The case of browser consolidation

WWLW Ep. 11: The case of browser consolidation

Davie Park
November 9, 2022

What we know

Davie is working with a government agency who wanted to simplify their application stack and reduce the complexity of security patching. Like most organizations, the bulk of their workforce used a web browser as their primary productivity tool. Over time, the organization ended up supporting several browsers, each with their own patch frequency and update method. It was time for a change.

What we learned

This agency wanted to simplify their operations and ensure that every employee had a fully patched browser to use for their work. They knew some of their legacy applications would be a challenge, as they relied on the discontinued Internet Explorer browser. Thankfully, Davie and the Island team offered a solution.

What happened next

Island, the Enterprise Browser, is now the default browser for all employees. With one browser to support and automatic patching, their IT operations are simplified. Legacy apps that require Internet Explorer make use of the integrated IE Legacy mode within Island, so users never have to switch browsers. Because Island is built on the Chromium foundation, it’s fully compatible with their existing web applications and the user experience is flawless. Now this agency can focus their efforts on their public service mission and not worry about supporting and patching browsers.

WWLW Ep. 10: The case of the automated onboarding

WWLW Ep. 10: The case of the automated onboarding

Matt Smith
November 2, 2022

What we know

Matt is working with one of Europe’s largest insurance companies. This organization has a challenge with onboarding and offboarding insurance agents. As is common in the industry, agents may join and leave the firm within the span of months. This degree of turnover makes onboarding efficiency critical. Add to that the sensitive nature of the customer and financial records that agents work with every day and the challenge is compounded.  

What we learned

This organization had tried several solutions to their onboarding challenge, including physically shipping laptops all around the continent or using a virtualized desktop solution. Everything they had tried came with a serious drawback — it was too slow, too expensive, or both. This pushed the team to expand their search further and connect with Matt and the Island team. From the first meeting with a hands-on demo, they knew that the Enterprise Browser was the right solution.

What happened next

Using Island, the Enterprise Browser, allowed the firm to reimagine their agent onboarding process. Now, instead of configuring and shipping laptops or going through a complex virtual desktop setup, new agents simply download Island on whatever computer they prefer to use and login with their credentials. They can immediately access all the applications they need to complete their work. All the sensitive customer and financial data is protected within the Enterprise Browser and can’t leak out. When an agent leaves, the offboarding process is done in seconds by deactivating their account. The agents like the new process, the IT support team massively improved their efficiency, and the Security team knows that all sensitive data is protected.

Do you really know what’s going on inside your SaaS apps?

Do you really know what’s going on inside your SaaS apps?

Tad Johnson
November 1, 2022

The trends in modern workplace technology have made visibility more challenging than ever before. With work shifting to the browser via SaaS and web apps, organizations struggle to see what’s actually happening in their own workplace. Like cheap concert tickets, there’s always some sort of obstruction getting in the way, making the crystal clear picture impossible to see.

Island’s Enterprise Browser is the backstage pass organizations have been waiting for. It delivers a whole new level of visibility with high-fidelity logging for web applications. By using a browser built for the enterprise, customers gain an unobstructed view of all applications, devices, and users in their natural environment. Security events are immediately visible, making incident response and investigation a matter of minutes instead of hours or days.

Why the browser?

The browser holds a unique position in the tech stack: it’s the natural point of termination for encryption; it’s the application that users interact with most; it sees and knows all actions taking place within a given web application. In essence, the browser is the operating system for web applications. But until now, organizations have not had visibility into this critical layer.

Giving you that insight is at the core of what the Enterprise Browser delivers organizations. It solves a growing pain point for companies managing the combination of SaaS applications and distributed hybrid workforce. Network-based tools lose visibility when users and applications move off the corporate network. Endpoint protection agents lack the dexterity to capture what’s happening inside SaaS applications. When employees work from home and connect to SaaS applications, the browser becomes the critical point for instrumenting activity logging.

Getting started with Island is remarkably easy. Island can be installed on any type of device, desktop or mobile, managed or unmanaged, even BYOD. The Enterprise Browser is built on Chromium, same as Chrome and Edge, so web application compatibility is 100% and the user experience is immediately familiar.

Visibility that’s crucial for both IT and Security

IT and Security teams depend on visibility across the enterprise. IT teams need to understand which applications are actually being used, shedding light on the “shadow IT” problem. Security teams need to understand where critical data travels as well as the context of how it gets there. Incident response teams must identify the depth and breadth of the impact of a malicious action — fast. Yet many of the trends in workplace technology make visibility into all this incredibly challenging: modern encryption standards, distributed hybrid workplaces, and SaaS evolution to name a few. Legacy solutions like network monitoring or endpoint agents are unlikely to give the degree of visibility you need.

Consider the challenge of encrypted network traffic. As outlined above, we should embrace strong encryption and avoid unnecessary encryption tampering. Yet, we’re often forced to do so just to gain visibility into end user behavior.

Instead of attempting to break and inspect encrypted traffic, the Enterprise Browser provides a point of inspection before that traffic is encrypted in the first place. This means that the browser can report rich details about the web activity, paired with contextual details like the user identity and device details. All of this information is collected by the Island Management Console, where it can be viewed directly or sent to the SIEM platform of your choice.

By instrumenting the browser for visibility, the Enterprise Browser is remarkably flexible, easily accommodating every permutation of device type, network topology, and user location. The experience for a freelance employee working on a personal laptop from their home office is no different than an employee working in the office on a fully managed desktop. And for the IT Operations staff, onboarding and enabling employees, contractors, and other third parties is dramatically simplified. Regardless of how a user connects, the Enterprise Browser offers full visibility and activity logging for all web-based activity.

Transparency that’s crucial to end users

The visibility goes both ways, with privacy indicators displayed within the browser itself. This helps to mitigate concerns about user privacy by making it clear to users when sensitive activity is logged and when casual browsing is not. To take it one step further, a BYOD user can simply close the Enterprise Browser and use their consumer browser for personal use. This deployment model makes a simple segmentation strategy to keep work and personal browsing distinct.

Fine tuned visibility - log what matters

Island offers a high degree of granularity when it comes to choosing what browser activity to log. Because the browser has full context of the user, device, and destination or app, administrators can define very precise policies to capture only what’s important. For example, a user with elevated privileges for AWS Console will have their activity within AWS closely monitored — including individual screenshots with click-location indicators to show exactly what actions they did inside the console. That same user might later browse AWS documentation, where the page URL is logged but no screenshots are necessary. Finally, if that user visits their personal banking website, their browsing activity is fully anonymized. With this granularity, the Security and IT staff get the rich detail they need, without needlessly collecting non-important activity.

A new chapter for enterprise visibility

As work moves to web applications and SaaS providers, the web browser is the logical headquarters for security controls, access management, and visibility. Island, the Enterprise Browser, is built to solve the visibility challenges presented by modern web applications and a dynamic, hybrid workforce. Finally, that crystal clear picture is right before our eyes.

Learn more at

WWLW Ep. 9: The case of visibility for BPO staff

WWLW Ep. 9: The case of visibility for BPO staff

Glenn Medina
October 26, 2022

What we know

Glenn is working with a fast-growing FinTech company that offers app-based retail banking and payment services. This company works with several business process outsourcing (BPO) companies to fulfill various aspects of customer service and support functions. By its nature, this means that employees of the BPOs need access to customer records and other operational systems. With sensitive information crossing organizational lines, robust security and full visibility is critical.

What we learned

Before working with Glenn, this organization was using virtual desktop environments to extend access. As is often the case, the virtualization setup gave end-users a sub par experience and it didn’t do much to solve their visibility challenge.

What happened next

With Island, this company was able to rethink how they work with BPOs and extend access to the BPO employees. Instead of a complex virtualization platform that inherently adds latency to the user, the Enterprise Browser offers secure access and frictionless performance. Now the financial organization has the visibility they need, along with robust security controls to safely offer access to critical information.

WWLW Ep. 8: The case of the simple security stack

WWLW Ep. 8: The case of the simple security stack

Will Reischmann
October 19, 2022

What we know

Will is working with a tech-forward insurance company that’s bringing fresh ideas to an established industry. As a startup company, they’re building out the core systems that they need to run the business and preparing to scale as they grow. Information security is critical, as they’re handling sensitive information including PII and financial records. 

What we learned 

This organization chose Okta as their identity provider and needed to find tools for data security and compliance controls. As they worked with Will and learned more about the Island Enterprise Browser, they discovered that they could check off a number of boxes with just those two products. And with built-in integration for Island + Okta, proving out the solution was a snap. 

What happened next 

With Island, the company found a solution that could solve their security concerns while providing a refreshingly simple user experience. Now they’re well equipped to grow as a business, onboard new employees, and take on more customers. We expect to see many more companies embrace the simplicity of a cloud-first approach and use Island to secure and govern access. 

WWLW Ep. 7: The case of the happy call center users

WWLW Ep. 7: The case of the happy call center users

Dean Carey
October 12, 2022

What we know

Dean Carey is working with a customer in the financial asset management industry. Information security is critical to safeguard their assets and customer data, and this company is very thoughtful about how security tools can impact their end-users.

What we learned 

When Dean showed them the Island Enterprise Browser, they saw a natural fit for implementing strong security controls in a way that enhances the user experience, rather than adding friction. Their first area of focus was building a home screen experience for their users with all the apps and resources at the ready and displayed with familiar branding. From there, they configured a number of browser extensions to automatically load without user intervention. When they showed it to the teams responsible for their call center, the reaction was immediately positive. 

What happened next 

The call center employees picked up on the convenience and productivity gains right away and gladly switched to the Island Enterprise Browser. This was a huge win for the security team, as they could deliver end-user benefits alongside their security controls. Word traveled quickly within the company, and now more departments are rolling out the Enterprise Browser with enhancements that align to their specific business workflows. 

WWLW Ep. 6: The case of the unmanageable privileged access

WWLW Ep. 6: The case of the unmanageable privileged access

Jason Trunk
October 5, 2022

What we know 

Jason Trunk is working with a global airline who wants to solve an IT operations challenge. They have about 1,200 IT staff who need occasional access to the administration credentials for critical IT systems. As an airline, 24𝗑7 operations are mission critical so they have robust governance rules to prevent any accidental or malicious misuse. 

What we learned 

The airline was using a privileged access management platform called CyberArk to store and retrieve credentials. Good governance of these credentials is essential and IT staff need to retrieve the right credentials as part of their operations workflow. Working with Jason, they made the Island Enterprise Browser the only way to access CyberArk and improve both usability and governance for IT operations. 

What happened next 

First, they improved the user experience by selectively hiding or showing the credentials within CyberArk based on the particular user’s role or group. Now, when an IT operator logs in through Island they see a condensed list of only the credentials they need. Next, the airline improved IT operations governance by enforcing business rules within the browser. For example, when IT staff login to the Azure portal and create a virtual server, they are only allowed to choose the options that fit the airline’s IT policies. They also have increased visibility for all IT operations so an auditor can easily trace a change through the full cycle.

WWLW Ep. 5: The case of the 45-day onboarding delay

WWLW Ep. 5: The case of the 45-day onboarding delay

Matt Pour
September 28, 2022

What we know

Matt Pour is working with a global eCommerce platform company with employees and contractors around the world. One of their big challenges that was especially painful in the last few years is onboarding contractors. With tight supply chains on laptops and logistics challenges for global shipping, this company found that it took an average of 45 days to equip a new contractor with the tools they needed to be productive. 

What we learned

The IT team took a fresh look at this challenge and searched for a new way to solve the problem. The vast majority of software their contractors used was SaaS, so there was nothing to install on the laptop. They needed access controls and visibility, so they couldn’t just throw the doors open and use unmanaged devices. Instead, they found the ideal solution with the Island Enterprise Browser: a contractor can download and install the browser on their own laptop and it gives the IT team all the visibility and access controls they desire. 

What happened next 

Working with Matt, this company rolled out the Island solution in a matter of days. The proof point was how they could shrink the contractor onboarding process. The task of getting a contractor onboard and productive shrank from 45 days to under an hour. That kind of time savings makes a meaningful impact on overall productivity and will help fuel continued innovation and success for this eCommerce leader. 

A Closer Look at MFA in the Browser

A Closer Look at MFA in the Browser

Ohad Edri
Ron Dalal
September 22, 2022

Multi-factor authentication is — thankfully — a normal part of our digital experience. Whether at work, connecting with your bank, or logging in to social media, we’re used to the extra step of entering a short code or acknowledging a push notification during login.

Attackers are on the hunt

In recent years, attackers have grown an arsenal of capabilities — varying from sophisticated to straight-forward — to bypass the security MFA provides. Examples from recent incidents that included MFA bypasses are the SolarWinds breach, which was carried out by Russian state-actors the NOBELIUM APT; the Nvidia and Microsoft breaches, who are believed to be carried out by LAPSUS$ cybercrime gang, and most recently the Uber incident, by a currently unknown attacker. All of these incidents have a common thread: these organizations used MFA but their attackers found a way to bypass it.

What are we going to cover in this article?

The Island Enterprise Browser enables administrators to embed MFA authentication into every web application and on every user flow at will, and enforces strong MFA methods. We will cover the different types of MFA methods, the challenges of using them within enterprise applications, and how the Island Browser brings it all together. 

A one time challenge, or no challenge at all

MFA adoption is dependent on application developers, and security teams often have to find creative ways to enforce MFA consistently. This gap becomes even more apparent in legacy applications that are no longer maintained, or that were developed with technologies that make incorporating MFA difficult or impossible. Thus, many critical applications that we use do not, or cannot, adhere to the security standards we all wish to see. 

Implementing MFA eventually sums up to better security at the stage of authentication to the application. Once an attacker has already obtained an authenticated session (through session hijacking, for example), they can do anything they wish in the application. In fact, relying on authenticated sessions is one of the most common ways attackers bypass MFA altogether.  

With the ability to embed MFA everywhere, Island allows administrators to build a secured workflow for their users within any application, and protect the most sensitive actions they perform within the browser. For example, with Island, an administrator can choose to prompt for MFA when the user decides to edit a sensitive financial file, or add an MFA prompt to a legacy application that doesn’t support MFA natively. 

The MFA method you choose does matter

Rolling out MFA in the organization is not a silver bullet — security teams must be conscious of which MFA methods they use and weigh the risks of each. In the following sections, we will review some of the most common MFA methods and the risks associated with them.  

SMS-based MFA

One of the most common MFA methods is SMS-based MFA. Once a user enters their password, a temporary code is sent to the user by SMS, which they input in order to complete the authentication. But according to research from CISA, Microsoft, Okta, and others, it’s also one of the weakest. 

SMS-based MFA hinges on the ownership of the phone number tied to the account, and not on ownership of the mobile device itself. Except for phishing and malware, SIM swapping is one of the most common attack vectors on SMS-based MFA — an attack in which the attackers take over the victim’s phone number. 

One common method of executing such an attack is using social engineering to impersonate their victim, claim to have lost their device, and convince the mobile carrier to move the number to a new device. In a recent example, an attacker pleaded guilty to stealing some $50 million USD in Bitcoin from a wallet after a successful SIM swapping attack, which allowed him to gain access to the victim’s email and then their cryptocoin wallet. 

Time-based One-Time-Password (TOTP)

Another common MFA method is time-based one-time password, or TOTP. In TOTP, a shared-secret is set up between an application (usually on a mobile phone) and a web application, usually by scanning a seed provided in a QR-code. After the shared secret is created, the application generates short-lived codes derived from the secret and the creation time of the secret, making the generation of new codes by a malicious actor extremely difficult. 

TOTP is a strong MFA method, but it is not bulletproof. A phishing website that simulates the authentication process with the destination website can intercept the password TOTP code. This allows an attacker to create an authenticated session with the real website on behalf of their victim. Alternatively, malware on the device can steal the TOTP shared secret, and generate a valid code on demand.

Recently, a sophisticated campaign targeted organizations by creating phishing websites mimicking their SSO authentication pages, and intercepting the victims TOTP codes to create valid sessions.

App based push notification

Push-notification based MFA gives a great user experience: a user simply has to click a notification from an MFA app to approve an MFA challenge. Since the challenge is given and completed in a trusted application on one of the user's devices, app-based push notification is considered one of the strongest MFA methods.

However, most applications do not require the user to prove they are physically present near the device used to access the account (by asking the user to input a code shown on the screen, for example). Attackers can flood users with push notifications until a user approves it out of habit. Also, a malware can steal the push notification client key or read the notifications directly. Such attacks allowed both sophisticated state-sponsored APTs as well as cybercrime gangs to bypass MFA of users from very large enterprises. 

FIDO2 and WebAuthn

In recent years, using biometric authentication (such as fingerprint and facial recognition) for web applications has been on the rise, with steady adoptions on physical devices and operating systems from vendors such as Apple and Microsoft. Biometric authentication is just one type of authentication that has been made possible by the FIDO2 (Fast Identity Online) project, and the WebAuthn standard. WebAuthn allows the use of a private key stored in a device — a laptop, a mobile phone, or a security key, that upholds certain hardware and software security standards — to authenticate to a web application while verifying its identity. 

WebAuthn-based MFA is considered the safest MFA method these days, as it relies on a private-public authentication mechanism and has a verification of the destination website during the authentication process. This can prevent most phishing scenarios, like those described above. If possible, always use a WebAuthn based authentication. 

Browser attacks

Besides directly attempting to bypass MFA, an attacker can aim for getting the end result of such bypass directly: a valid session token or cookies of the victim. There are some possible ways to achieve that and they all revolve around attacking the browser. Some examples: 

Stealing cookies from the endpoint 

An attacker who has access to the endpoint, or the browser, can (assuming they have user privileges) retrieve the cookies stored in all common browsers — both Chromium based (such as Chrome and Edge) and others (such as Firefox). The cookies are stored encrypted on the endpoint. However, since the encryption mechanisms are known and the keys are accessible to the user, malware can also access the cookies and decrypt them.  

In a recent example, the LAPSUS$ cybercrime gang has claimed to have breached EA by buying an active session token of an employee to the company’s Slack. This token was most likely obtained from malware installed on an employee’s devices from which they used to login to the corporate Slack.

Stealing cookie via MITM

SSL is almost ubiquitous in the modern world and keeps our online activities both secure and private. However, Man-in-the-Middle (MITM) attacks are still a possibility. For example, malware installed on the endpoint can add the attacker’s trusted certificate, allowing them to decrypt SSL traffic. By achieving visibility to the unencrypted traffic between the victim and the service, attackers can steal all of the tokens and cookies sent in it.

Island makes MFA ubiquitous

The Island Enterprise Browser empowers organizations by allowing them to use MFA everywhere. Some of the most common scenarios include:

  1. Application access: Attach MFA to access any application, modern or legacy, and enforce the highest standard of security. 
  2. User interaction: Attach MFA to any type of user interaction that is deemed sensitive, such as clicking on production-sensitive flow in a web application, downloading a file, or sending a form. 
  3. Physical access: Island can protect against physical access of an idle machine by obscuring the window and requiring MFA to resume work — even on an unmanaged device. 

In addition to making MFA another tool in the administrators tool shed, Island also protects against endpoint and network attacks, like the ones mentioned above. This is done through various methods of local and cloud-based encryption of sensitive browsing data and network integrity checks and verifications. By combining the power of MFA everywhere with strong MFA methods, last-mile controls and enterprise-grade protections, Island protects the enterprise, while empowering the end user.

WWLW Ep. 4: The case of the legal docs in 3rd party deal rooms

WWLW Ep. 4: The case of the legal docs in 3rd party deal rooms

Dennis Pike
September 21, 2022

What we know

Dennis Pike is working with a large American law firm to improve their document management and information security practices. Whenever the firm is engaged in a legal matter with a client, they use a digital “deal room” to collect and share documents between the legal staff. The information in these documents is often highly sensitive so access control and confidentiality are critical.

What we learned

One of the unique challenges for this law firm is managing documents across multiple deal rooms or file share services. It’s common for a client to use their own file storage service in addition to the law firm deal room. It’s essential to make sure documents are correctly stored between the two sources and that the right people have access. Using the Island Enterprise Brower helps the firm achieve both, without adding any unnecessary burden on their staff.

What happened next

Working with Dennis, the law firm deployed the Enterprise Browser and require its use when staff are using an external client deal room. The additional visibility and access controls gives their risk & compliance team confidence in how deal room documents are managed. It’s also opened the door for employees to have more flexibility with the productivity tools they use at work. The Enterprise Browser gave the law firm the confidence to “say yes” to a wide range of web apps that help their legal staff increase productivity.

WWLW Ep. 3: The case of the poor content moderation experience

WWLW Ep. 3: The case of the poor content moderation experience

Tad Johnson
September 14, 2022

What we know

Brian Borthwell is working with a company that offers customer support services for some of the world’s largest brands. This company has employees all over the world who fulfill critical roles like content moderation on forums, social media engagement, and customer support. This type of work requires interacting with sensitive customer and company data, so information security is critical to their business. 

What we learned 

One of the unique challenges they wanted to solve was replacing a legacy virtualized desktop platform. They used a non-persistent VDI so employees could log-in during their shift, complete their daily task list, then clear all data after their shift. This was a clumsy experience for employees, who would need to spend the first few minutes of each shift logging in and configuring their workspace. It was especially painful for employees on a slower connection. 

What happened next 

Working with Brian, they implemented the Island Enterprise Browser as the secure workspace for employees. Daily work assignments are stored and accessed through Island Secure Storage and data is deleted after each shift. Making the change from VDI to Island was a big improvement for employee user experience and boosted productivity by eliminating virtualization friction. It also cleared the path to decommission the old VDI platform to reduce costs and simplify their IT operations. 

WWLW Ep. 2: The case of the mysterious call center activity

WWLW Ep. 2: The case of the mysterious call center activity

Tad Johnson
September 7, 2022

What we know

Jason Trunk is working with a FinTech Lending company who wants to improve their call center operations. They have several call centers around the world to serve customers on loan origination and servicing and they use for all their customer service operations. In the business of financial lending, a simple human error could be very costly both for the company and their customers, so it’s critical to track exactly what each employee is doing to catch errors and audit their operations.

What we learned

Previously, this customer was using a combination of several tools to secure access and provide visibility. One of these tools was Salesforce Shield, an add-on module for that offers granular logging but adds 30% to their subscription costs. They also required employees to login to Salesforce via a VPN, which degraded the user experience for some employees outside the U.S.

What happened next

Working with Jason, they configured the Island Enterprise Browser as the default browser for all call center employees. This gave them dramatically improved visibility to all activities through the browser, including They were also able to retire the VPN solution, as Island offered a secure and trusted platform to connect through. With this change, the day-to-day user experience for call center employees improved and the company got better visibility and a simpler technology stack.

Why Dmitri Alperovitch chose to partner with Island

Why Dmitri Alperovitch chose to partner with Island

Bradon Rogers
September 1, 2022

There’s no playbook for building a whole new category.

It’s not because nobody knows how to do it. It’s because arguably the most important step of category creation is not in your control.


Gaining the recognition and endorsement from the voices that matter most in your industry sends your market an unmistakable message – that a true innovation has arrived and the game has officially changed. 

This is why we are so grateful to have Dmitri Alperovitch not just support Island’s mission, but to personally join us as an investor in that mission to help us continue making it a reality. 

Dmitri Alperovitch is one of the most accomplished experts in the world of cyber security. 

Formerly the Vice president of threat research at McAfee, Dmitri is perhaps best known for having co-founded and served as CTO of Crowdstrike. 

Today, Dmitri focuses his time and energy on his three passions – The future of cybersecurity, the teams building it and his philanthropic work.

As he considers cybersecurity investments, Dmitri says there’s just not a lot out there that wows him these days. As an industry, cybersecurity is about as saturated as possible in both innovation and the funding behind it. So something truly new is hard to find. 

And that’s why Dmitri’s belief in Island feels significant. It signals that we’ve arrived at something truly groundbreaking. 

When it comes to his second passion, the people, Dmitri saw in Island an executive team with a history of success he was quite familiar with. With many of Island’s leaders having worked closely with him in the past, it wasn’t difficult for Dmitri to envision Island bringing this new technology and category to life. 

Yet, what was maybe most meaningful of all was hearing our story come from Dmitri’s mouth.

How CISOs want more security but fewer security tools and agents. 

How the solutions we’ve relied on until now have become the very targets of attack that put companies at greater risk.

How no one considered enabling the browser to do more than just browse.

How The Enterprise Browser isn’t just about security. It’s about efficiency and productivity – areas that appeal to CIOs just as much as CISOs. 

How so very simple the whole thing is.

When one of the industry’s most accomplished and respected leaders shares our vision, believes in our mission, and invests in our future - that’s some of the best validation any new category can get. 

WWLW Ep. 1: WWLW Ep. 3: WWLW Ep.Introducing ‘What We learned Wednesdays’

WWLW Ep. 1: WWLW Ep. 3: WWLW Ep.Introducing ‘What We learned Wednesdays’

Tad Johnson
August 31, 2022

They say you can only grow once you know that you don’t know.  

When you start something entirely new, there are always a fair amount of unknowns. Lessons you only learn once you’re already out there marketing, selling, and delivering for customers.  

For us, our “something new” wasn’t just a product. It was a whole new approach. A category that never existed. 

Which meant what we didn’t know was a whole lot. So we spent a lot of time listening. listening. 

We pitched what our product can do for organizations and then listened to what customers needed for their organization. And then we built something that (we hoped) would be transformative for them. 

We showcased features, and then learned what additional features mattered to them most. Some of those became new features we added later that week, or in some cases, that day. 

We listed relevant use cases, then found out there were four more we never even thought of. And optimized for those as well. 

And this kept happening week after week. Call after call. Until we realized, this wasn’t just about our product. These were valuable lessons for our industry. Anyone can learn from these conversations, to understand what security teams, end users, organizations as a whole are struggling with, and how we can help. 

And from that, “What we learned Wednesdays” was born. A weekly video series where our sales professionals share unique customer stories and what we learned from them. Each conversation consists of three parts:

  1. What we know: The specific situation or challenge our customer faced
  2. What we learned: The need our customer had and what it would take to solve it
  3. What happened next: Have we addressed the challenge, and the impact it had on the customer

To start things off, here is our first video in the series: The case of the HITRUST Certification - a set of important risk management and compliance requirements that are critical to customers in the healthcare market.

The Case of the HITRUST Certification


What we know 

Eugene Kim is working with a health care customer who needed to set up a secure environment to access patient records. They considered the virtual desktop approach, but found the cost and complexity was too high. Instead, this customer chose the Island Enterprise Browser as the secure access point for all apps and resources. This solved their challenge for onboarding new employees and didn’t add any of the complexity of desktop virtualization. 

What we learned

One of the requirements this customer brought to Eugene was the ability to support HITRUST certification. Working with extremely sensitive patient records is central to clinician workflows and protecting those records is critical. In practice, this means adding tight controls over how patient records can be accessed and where they are stored. 

What happened next

Working with Eugene, they configured the Enterprise Browser to freeze a user session after a period of inactivity. Once the clinician re-authenticates with their secure credentials, they can pick up exactly where they left off. If a user is inactive for a longer period, the session ends and the browser clears all open tabs and browsing data. To prevent any data leakage, they also enabled several controls to prevent patient data from leaving the browser. In this way, they can treat the browser itself as the managed endpoint regardless of which device it’s running on. Island provides all the security controls they require with a much simpler deployment model. 

The Best Enterprise Security Solution of the year is… a browser?

The Best Enterprise Security Solution of the year is… a browser?

Ellen Roeckl
August 22, 2022

So it’s official. The Enterprise Browser was named The Best Enterprise Security Solution by SC Magazine. 

And while this is certainly a time for us to take it all in, celebrate the win, and be proud of our accomplishment - this is more importantly a time to reflect on how we got here.

Think about it for a moment - the best enterprise security solution of 2022 is a browser.

A browser. 

Imagine telling your industry peers five years ago that, in 2022, a browser will be the most important security solution for the enterprise. Imagine saying that even nine months ago!

And yet, here we are.

In some ways, it’s pretty shocking, and yet, if you dig a bit deeper (like we did), this outcome seems kind of inevitable.

The world of work was slowly moving to the web. SaaS was gaining momentum fast. Companies started moving critical apps to the cloud. Then moving their entire organization to the cloud. Then companies were being born in the cloud.

And then COVID happened. Work was no longer just in an office, on the corporate network, using company devices. It was everywhere.

Suddenly the browser wasn’t just another work application. It was the center of our digital workspace. It became, quite literally, the most important application in the enterprise.

And yet, the browser, where pretty much all work took place, wasn’t even designed for work. No way to secure sensitive data. Now way to govern access. No way to control or even see what’s happening in there. 

Which forced organizations to do some pretty uncomfortable things just to work safely on a browser that was never meant for work.

Things like

  • Breaking the encryption meant to secure our data, in order to inspect traffic
  • Shipping pre-configured laptops to contractors, just to give them access to SaaS apps
  • Virtualizing your desktop just to use the browser that’s… already on your desktop
  • Adding proxies, gateways, and VPNs everywhere we try to get work done
  • Blocking personal email or messaging apps at work

All this led two industry veterans, Mike Fey and Dan Amiga, to arrive at a entirely new thought:

What if the browser was designed for the enterprise?

What if everything the enterprise needed to work safely was built into the browser, instead of on top of it?

And like that, The Enterprise Browser was born.

The ideal workplace, where everything the enterprise needs is built right in, and everything else is out of the way.

Organizations now control, see, and govern everything happening in the browser. While users get the smooth browsing experience they know and love. Everyone wins.

It was the answer to the high cost, huge complexity, and heavy resources that have gone into securing the enterprise until now.

And the answer to the frustrating, disappointing, and underwhelming end user experience of working with tools that seemed to just get in the way.

It’s everything the enterprise needs, and everything the user wants.

And it’s just.. a browser. 

And that explains why today, The Enterprise Browser is the Best Enterprise Security Solution of 2022.

Guest Blog: Island Redefines Security Delivering the Enterprise Browser

Guest Blog: Island Redefines Security Delivering the Enterprise Browser

Alon Weinberg
July 27, 2022

Several years ago, Island Co-founders Michael Fey and Dan Amiga had an epiphany.

What if enterprise organizations had complete control over the browser environment? They knew the traditional web browser was the most widely deployed application by enterprise organizations; yet the browser wasn’t built for the enterprise, it was built for the consumer market.

This commonly used software application is incapable of offering the high-level security, visibility and privacy enterprise users needed.

If it could be modified for the enterprise, they knew it could change everything. With this belief, the founders began developing an enterprise browser that would simplify the security stack, give the enterprise complete policy control and deliver a more efficient, safer and productive browsing environment.

In February 2022, their vision became reality when the enterprise browser emerged from stealth mode to take control of the last mile – from the network to the end device - and redefine the end-user experience.

With the Island Enterprise Browser launch, enterprise organizations no longer need Secure Sockets Layers (SSL) or costly virtual desktop infrastructure (VDI) for data loss prevention.

While the thought of contractors accessing Software-as-a-Service (SaaS) applications from home once made CISOs think twice, with Island’s Enterprise Browser they can now greenlight personal email, collaborative platforms and Bring Your Own Devices (BYOD) while quickly ramping up contractors as needed.

Perfect Timing for the First Enterprise Browser

After nearly two years of product development, the Island browser emerged at a time when most major browsers were standardizing to the Chromium open-source project. Leveraging the open-source project, Island’s co-founders seized an opportunity to create a custom browsing experience for enterprise organizations without having to build their own rendering engine. Building on Chromium also meant creating an entirely familiar experience for end users, reducing friction in deployments.

“We could stand on the shoulders of those giants and make sure all of our energy went into making the browser the best enterprise resource possible by upgrading the security posture, improving integrations, giving them complete policy control and providing infinite last mile control,” said Michael Fey, co-founder and CEO, Island.

At the same time, enterprise organizations were shifting to a remote workplace where contractors, call center staff, and BYOD workers needed access to internal web and SaaS applications like Salesforce and Workday.

Island’s enterprise browser allows these organizations to seal the SaaS environment, secure last-mile control and achieve total data loss prevention (DLP). By simplifying the security stack and working with, not against, existing systems, the browser is able to support web filtering, web isolation and Zero Trust network access with a cost-effective solution.

“When call centers move remote, they find themselves going to a SaaS application over a virtual infrastructure to a backhaul location to get out to the SaaS application,” says Fey. “We bring common sense to that architecture and let those users go directly to the SaaS application while still providing the security controls.”

A pricey venture requiring a massive number of engineers, Island’s browser also carried the good fortune of launching within a favorable fundraising environment, with Insight Partners, Stripes and Sequoia Capital providing more than $200 million in capital to bring the founders’ vision to light.

Protecting the SaaS Environment with Built-in – not Bolt-on – Security

Unlike bolt-on security tools, Island’s enterprise browser provides deep control at the operating system level with security that’s built by design.

While not a replacement but more of an augmentation to the enterprise customer’s existing approach, the enterprise browser circumvents massive change management, allowing enterprises to quickly ramp up call centers and contractors on personal devices.

Users can decide what the browser does and doesn’t do – like cut, copy, paste; take a screenshot; tag traffic; redact data; and change what information flows under enterprise control and governance.

Although Island’s enterprise browser provides remote browser isolation, web filtering and mobile device management (MDM), the browser most often works alongside existing systems to simplify the architecture, reduce expense and provide total endpoint protection.

“This allows us to connect to any of those designs and complete that last mile that’s been missing. So often in the Zero Trust architecture, people would get to the last mile and realize the data on the endpoint was still a massive point of risk, so they went with a heavy, overburdened architecture like a desktop as a service. The enterprise browser allows us to rethink the last mile and ensure it collaborates with all the platforms,” says Fey.

How Island Built its A-Team

Island has built an impressive roster of leadership and engineering talent with a “nexus of experience” approach beginning with Fey, the former president of Symantec, and Amiga, the founder of Fireglass, an RBI solution that works with Chromium browsers.

“In the world of cybersecurity, where the bulk of people spend their entire careers selling and building something that is just the next generation of something else – the next endpoint, the next gateway, the new firewall – this was an opportunity for those people to take all that skill and expertise and do something fundamentally new and different. We’ve excited people’s imaginations,” says Fey.

The co-founders also learned early on that they would need to remove the friction of adoption if they were going to realize the ultimate vision of delivering the first enterprise browser.

“I think too often people fall in love with their big vision and don’t fully appreciate the challenges they will encounter on the path between the vision and the reality,” says Fey. “You have to address the journey from day one because your investors are going to go to those places and ask you the hard questions, and the difference between an investment they’re excited about and one they just think is interesting is having great answers and proof points to solve those problems.”

Fey advises other startup founders to first identify the obstacles that may be standing in the way of their go-to-market plan. “What is uncharacteristically difficult about your plan? Whether it’s adoption, the business model or the tech, make sure your early days of investment are about tackling that,” he says.

As Island drives toward more integrations, Fey expects the company to expand beyond cybersecurity by helping IT better understand performance and the end user process with greater visibility.

Island’s founders believe every enterprise organization will be running on an enterprise browser one day. “That level of control at the last mile is essential to delivering things like Zero Trust, secure edge and BYOD,” says Fey.

If the vision holds true, the enterprise browser will soon become a core part of the IT toolset as users seek a safer, more secure and productive end solution.

The True Power of AWS Tags: How to Use ABAC at Scale

The True Power of AWS Tags: How to Use ABAC at Scale

Itamar Bareket
July 27, 2022

One of the biggest challenges nearly all engineering organizations face is scaling up without slowing down productivity or compromising on security standards. One area where we at Island encountered this challenge is in controlling access and permissions to AWS without compromising on speed and developer autonomy.

While AWS IAM is packed with features, including support for ABAC (attribute-based access-control), It is often very hard to control who can tag what at scale. In this blog post, we’ll dive into the deep waters of AWS IAM, face its problems and learn how to leverage IAM policies to make ABAC scalable.

This journey walks through parts of a talk I gave at fwd:cloudsec 2022 called "The Power of AWS Tags". I encourage you to watch it here

A journey for developer autonomy

You might be familiar with RBAC (role-based access-control), where access is granted for specific roles on specific resources, which typically requires an administrator to handle permission requests from R&D teams and adjust their roles accordingly. In many organizations - this is a slow process.

On the other hand, if permissions are managed with ABAC (attribute-based access-control), it is easier for the administrator to create rules to match resources by the attributes set on both resource and actor. That way permissions would be granted dynamically, lowering the number of requests from R&D teams and giving teams more autonomy and control over the resources they own.

For example, here is a rule an admin may configure: “users of team: infra can read data from DynamoDB tables tagged with owner: infra.”

This IAM policy would look like this:

Where it gets more complex

What if a bad actor from the infra team had access to modify the tags of his own user or role, or even modify the tags of other DynamoDB tables? Privilege escalation is pretty easy.

In order to mitigate this, we’ll need to protect our owner tag. Let’s write statement like this:

Now, imagine you manage 30 of those tags. Adding a protection statement for each kind of tag sounds pretty cumbersome, and with IAM policies contain as many as 6144 characters, it’s probably a good idea to propose a solution that will allow scaling ABAC with more ease. 

Reaching separation of concerns

Looking at the previous policy we came up with, it is easy to distinguish each statement as its own role:

  • The first statement is responsible for the access-control logic itself - these kinds of data plane statements are to be distributed so it can be attached to different users, roles or groups or the whole organization, according to the business needs.
  • The second statement is responsible for the tagging integrity, the control plane, and we want it to be as generic and centralized. This policy will be attached as an SCP to all accounts in the organization.

Modeling privileged tags

Think of a UNIX filesystem. If I’m granted permissions to my home directory at `/home/itamar` I can write anything under that path, since this is my grant area.

Translating this into IAM, we’ll assign each user/role with a grant path of their own that will define their tagging grant area: if a role’s grant path points to “ctl/v1/admin” then users assuming this role can tag anything under that path, like “ctl/v1/admin/owner” (but not “ctl/v1/bagels”).

Setting the grant path

In our UNIX filesystem we’d have a special file, in which every entry will be a username and its grant area, and no one would have write access to it (unless they’re using sudo). Like this:

Yet in IAM, we don’t have the equivalent of a centralized file, so each principal will hold its own grant path in a tag key (which itself, is a control tag under a meta subtree) that no one can create, delete or modify (unless they use “sudo”, we’ll get to that..). In that case, the tag value will be a pointer to the grant area.

Introducing Control Tags

Control Tags are a privileged set of tags. Any tag that starts with `ctl/` is a Control Tag.

Let’s see the IAM statements behind this control plane:

Let’s break this down:

  • We do not allow principals that don’t have grant path configured to tag any control tag.
  • We do not allow principals to tag outside of their grant area, or other allowed set of tags, such as “environment”, or “info/*”

Revisiting our first example

It’s THAT simple

This way, only admins can designate principals with team affiliation and only team members can designate resource affiliation with the team.

Recipe: How to Use Control Tags

  1. Define the meta grant_path tag key, and set grant paths for your principals.
  2. Attach the Control Plane as an SCP to your AWS account.
  3. Define data-plane policies and attach them to your roles/accounts/resources.


Managing grant paths for users

Say you want to introduce a new team to this scheme, change paths or add a broader grant area for some users.

There are two main options to manage grant paths for your users:

  • Using 2PA, 2PA is a concept we created to implement the two-person rule in the cloud. Learn more about it in our fwd:cloudsec lecture!
  • Temporarily exempt yourself from the Control Plane SCP. Just add another Condition to assert your user/role can tag under the meta grant path.

To sum up, Control Tags are a great way to manage tagging permissions and enable some developer autonomy in your organization. Check out my entire presentation to learn more tricks Control Tags have up their sleeves

Zero Trust in Practice

Zero Trust in Practice

Tad Johnson
July 20, 2022

The zero trust security model builds on decades of hard-learned lessons. The era of a secure network perimeter is long past, so we should never implicitly trust a connection based on its network location alone. With the ubiquity of federated identity providers, we can positively identify the identity behind every request. We can evaluate the posture of the device a request originates from to protect to further protect against stolen credentials being misused. And with modern networking technologies, we can start from zero and build up these layers of trust before allowing the network connection, then continuously re-evaluate trust with every request.

As a security philosophy, zero trust offers a path to resolving many categories of vulnerabilities. Credential theft is much less effective when we require multiple factors for authentication and evaluate the device posture before granting access. Internet-based attacks can’t succeed if there is no routable path between a private app and the outside network. Even if malware is already resident on a device, lateral movement to infect other devices is made exponentially more difficult.

Making it Real

Bringing zero trust out of the realm of theory and putting it into practice means investing in security tools. An identity provider, some network infrastructure, and typically some combination of endpoint agents. Curiously, there’s one application at the center of almost every zero trust workflow that’s been ignored by most security vendors: the web browser.

When an enterprise invests in security tooling to put zero trust in practice, it doesn’t make sense to leave a basic consumer-oriented web browser at the center. Island built The Enterprise Browser to change that.

The Enterprise Browser is the on-ramp for a practical zero trust security implementation. It integrates with identity providers for user authentication and identification of all web activity. It continuously evaluates device security posture, without requiring any additional agents. It can make secure connections to private apps and resources over any network, while keeping those private apps completely dark to unauthorized access. It can apply last-mile controls to protect data from inappropriate use or accidental leakage – something that is virtually impossible for a legacy network-based security tool to achieve. And all web activity within the browser can be logged and shared with a SIEM or analytics platform to gain unmatched visibility and inform security governance and incident response.

And because all of this is built around a Chromium-based web browser, the end-user experience is frictionless and familiar. There are no extra agents to deploy, no training to teach users how to connect. Simply by introducing a new web browser, you can take a practical step at leveling up your security practice and embracing the zero trust paradigm.

The Human Element

A collaborative partnership with end-users is key to any successful security strategy.

At baseline, any new security tool or technique shouldn’t burden users or disrupt their general productivity. Thankfully, modern security practices are generally transparent to users or follow familiar patterns that become second nature. Clear communication with users in the form of status indicators, notifications, or error messages (with instructions on what to do next) goes a long way in ensuring lasting success.

The Enterprise Browser offers a unique approach to end-user engagement. The browser itself is tuned to be fast and a tailored enterprise app chooser makes every app and resource immediately available. There are no added burdens for end-user adoption, and no extra steps that could hinder user productivity. User messaging can be customized to match corporate brand voice, and users get clear and immediate feedback when they encounter a security policy. It’s tempting to overlook user experience or take it for granted when designing a security strategy. The Enterprise Browser makes it easy for end-users to adopt it as their default browser, and it gives Security teams the tools they need to clearly communicate their security policies.

Changing One Thing  

The concepts and technologies that form a zero trust security model are not a secret, nor are they proprietary to any one security vendor. Today’s challenge is largely one of optimization and operations – how do we implement a security strategy that decreases risk without disrupting end-users or business operations?

This challenge is what motivated creating The Enterprise Browser. It’s a unique approach, where the web browser itself plays an active role in the security strategy. Sometimes changing one thing changes everything.

The Last Mile of Zero Trust

The Last Mile of Zero Trust

Tad Johnson
July 20, 2022

“Zero Trust” is everywhere in the cybersecurity world. While it’s fair to say that the term is a bit over-used by over-zealous marketers, the security paradigm it describes is real. Broad categories of security exploits can be significantly reduced – if not eliminated – by implementing a zero trust security model that continuously validates user identity, device posture, and resource access. One area that’s often overlooked in zero trust implementations is the last mile: extending the principle of least privilege all the way to end-users of information systems.

What is the last mile of zero trust?

To understand the last mile of zero trust, let’s first review the first mile. A user wants to access a protected resource, such as a customer record stored in their SaaS CRM platform. The user’s identity is verified against the enterprise identity provider (IdP), the security posture of her laptop is validated to conform with enterprise standards, and her access privileges for the CRM platform are verified. Once this level of trust is established, a secure connection is established between her laptop and the CRM platform and the customer record is displayed. In an ideal scenario, everything just mentioned happens in milliseconds and is transparent to the user.

At this point in our scenario, a customer record is displayed on screen. Now let’s consider the last mile: what can the user do with that data?

  • Is she allowed to print the page, creating a new physical copy that is more or less untraceable?
  • Is she allowed to take a screenshot of the window, creating a digital copy that’s disconnected from the CRM platform?
  • Is she allowed to copy notes from the most recent customer support case and paste it in an email? What if she tries to paste those notes in her personal email account?
  • Is she allowed to view the customer’s credit card number that was attached in a note regarding a recent billing inquiry?
  • When she joins a Zoom meeting and shares her desktop, will that customer record be displayed to everyone in the meeting?

This deeper level of granularity in data protection is critically important – but it’s left largely unaddressed by legacy ZTNA vendors. The principle of least privilege is a foundational tenant of zero trust: a user should be given only those privileges necessary to complete their job. Returning to the example above, her job requires access to customer records from the SaaS CRM platform; her job does not require her to make new copies (printed or digital), move customer data to a personal email, or share customer records to a Zoom meeting. Most of the time, she doesn’t need to view credit card data, but there are some exceptions when she needs that information to resolve a customer issue.

An ideal last-mile security policy would look like this:

  • When she is viewing customer records, the function to print or take screenshots is disabled (and she sees a clear message explaining why if she attempts that function).
  • If credit card numbers are stored in case notes, they are redacted from view. The InfoSec team set an optional rule to allow a user to toggle visibility (and when toggled, that action is logged).
  • When copying data from a customer record, she can paste it within the CRM platform, or within trusted enterprise apps, but she is not allowed to paste that data to a personal email or untrusted apps.
  • If she joins a Zoom meeting and shares her desktop, the window with customer records is hidden, but other non-sensitive windows can be shared.
  • All the controls above are granularly enforced to apply only to sensitive content like customer records, so she remains fully productive at work.
  • Every interaction with the CRM platform is logged to a centralized analytics platform to support fast incident response and investigation.

This vision for embracing zero trust principles for end-to-end security of modern web apps and data inspired the development of Island, The Enterprise Browser. It’s the browser that’s designed for the enterprise that makes work fluid, frictionless, and fundamentally secure. Instead of layering security tools on top of a consumer-focused browser, Island applies security controls within the browser itself. It’s the perfect on-ramp for putting zero trust principles into practice, both at the network layer and at the last mile. Because it’s built around Chromium technology, users enjoy the fast, familiar experience they expect. It’s work as it was meant to be, where security is native to all users, applications, and the data between them.

Why it’s time to rethink your VDI or DaaS

Why it’s time to rethink your VDI or DaaS

Tad Johnson
June 27, 2022

Cut out cost and complexity and dramatically improve user experience by replacing your VDI or DaaS strategy with an Enterprise Browser

The promise of desktop virtualization is hard to argue: your employees can work from (just about) any device, anywhere in the world while you keep your sensitive apps and data secure and centrally managed. VDI was a decent solution at a time when most organizations managed their own data centers, Windows apps were the norm, and working with rich content (such as video) wasn’t a requirement. Today, most apps are delivered through a web browser and hosted by SaaS providers. Users often connect from home networks outside the reach of enterprise controls. A growing remote workforce pushed many organizations to rethink how they secure and monitor access to critical apps. As an established technology, VDI or DaaS was a natural choice at the time. 

But as your help desk tickets will confirm, virtualization in any form comes with a huge burden on both operations staff and the end-users they support. Performance issues, network congestion, and complex provisioning weigh against the benefits of virtualization. Add to that the high costs of hosting, licensing, and operating a robust VDI or DaaS environment and the costs start to outweigh the benefits.

There’s a modern alternative to DaaS that you should consider: The Enterprise Browser. 

The Enterprise Browser takes a new approach to securing critical apps and data. Instead of adding layers of virtualization–disrupting the user’s experience and adding cost and complexity–security and access controls are built-in to the browser. Users authenticate with their corporate credentials, last-mile controls stop data leakage, browser hardening protects against malware, and full activity logs are sent to your SIEM. This approach gives InfoSec teams a level of control and visibility that goes way beyond VDI or DaaS, and end-users enjoy unrivaled performance.

Provisioning a new user with The Enterprise Browser is much simpler for IT Operations teams: install the browser. That’s it. End-users can even download and install it themselves on devices IT doesn’t own or manage. And it’s available for Windows, macOS, and Linux so everyone gets to enjoy full native-app performance. Once deployed, IT’s job is done: no performance tuning, resource monitoring, or cost modeling required. 

The end-users who are working with SaaS apps every day see a noticeable improvement. The Enterprise Browser is built on Chromium, so web performance is as good as it gets. Since there’s no virtualization overhead, there’s no lag or visual artifacts. Users get their work done, in a browser they’re already familiar with. 

The Enterprise Browser won’t replace all virtualization: if you’re connecting to systems for high-end CPU or GPU workflows, VDI is the right play. But if your primary goal is to secure access to web apps and data, across a remote or distributed workforce, The Enterprise Browser is a far better choice. Get a demo

VDI / DaaS cost and complexity Security controls End-user performance
Three Pitfalls of BYOD and One New Answer

Three Pitfalls of BYOD and One New Answer

Tad Johnson
June 27, 2022

There are still many advantages to centralized purchasing and provisioning, both financial and operational. On the other hand, every business needs the ability to extend access to a personal device in some cases: employee onboarding, business continuity, or contract workers, for example. Some employees want the option and convenience of accessing business apps using their home computer. Balancing the competing concerns of information security, IT operations, and user privacy is no small task—as is evident from the mixed results of BYOD in practice.

BYOD initiatives often stumble when they hit one or more of these three pitfalls: 

  1. Un-Managed Devices
    The most common barrier to any BYOD program is the very real concern of unmanaged devices connecting to critical applications housing sensitive data. Putting sensitive data on devices where you have no visibility or management is a huge risk. The natural solution is to install an endpoint management agent, which solves one problem but creates another.

  2. User Rejection
    Ask the average user to install an endpoint management agent on their personal device and you’ll be met with some (well deserved) skepticism. What data can the agent see? Are my personal email, documents, and photos visible? Is all my personal web browsing being logged? Concerns over user privacy are real and users shouldn’t have to trade their privacy for BYOD flexibility. Instead, we can deploy a virtualized desktop and manage that layer. Problems #1 and #2 are solved, but at what cost?

  3. IT Operational Cost
    Desktop Virtualization seems appealing for allowing users to leverage their own devices, because it answers some of the security questions without intruding on user privacy. But that technology comes with a steep price tag, both in licensing cost and operations staff to manage it. For remote users on less-than-ideal networks, the user experience of DaaS can be painful. Now you’re adding extra help desk calls on top of an already costly solution. What if we could get all the benefits of a managed, secure, and isolated platform without the high costs of VDI or DaaS? 

Now we can solve all three with Island, The Enterprise Browser. 

First, the Enterprise Browser eliminates the need for a system-level endpoint agent on a personal device. By enforcing security and management policies in the browser itself, all critical web apps and data are secure. Last-mile controls keep data in the browser, stopping data leakage and keeping business and personal data separate. Users keep their personal privacy and you get the security controls you need. No endpoint management agent required. 

Next, the Enterprise Browser eliminates the need for DaaS or legacy VDI. On top of the security controls mentioned above, the Enterprise Browser protects against web-based browser exploits, phishing scams, man-in-the-middle attacks, malware, and more. Instead of adding multiple security agents, or virtualizing the desktop and all its apps, The Enterprise Browser addresses the root cause of web vulnerabilities: the web browser itself. You get more granular control and visibility than with VDI or DaaS, without the cost and complexity. 

Last, the Enterprise Browser is already familiar to users. It’s based on Chromium, the same as Chrome, Edge, and other modern web browsers. The user interface is the same and every web app functions exactly as expected. And unlike DaaS, it’s running locally on their computer, so performance is excellent. 

The Island Enterprise Browser is a unique approach that resolves several common problems that hold back BYOD. To learn more about how Island can deliver a better BYOD experience, contact us. 

BYOD / BYOPC User Privacy vs. UEM Security Visibility DaaS/VDI alternative
Supporting Legacy Web Apps in the Modern Era

Supporting Legacy Web Apps in the Modern Era

Tad Johnson
June 22, 2022

2022 marks the end of the Internet Explorer era, with Microsoft ending all support for IE11. While it’s no surprise that modern browsers like Chrome, Edge, and Safari have replaced the legacy Internet Explorer, there are still many organizations who rely on legacy web apps developed years ago and seldom updated. These legacy tools are often critical to some business process and difficult to replace (hence why they’re still in use today). 

1. Add Multi-Factor Authentication (MFA)

Many legacy web apps were built before MFA was a common practice. Refactoring the login and authentication flow to support MFA is a daunting task for old, brittle code. So, while it’s a universal best practice to use a second factor during authentication, it may be impractical if not impossible.

The Enterprise Browser can change that: the browser integrates with your enterprise Identity Provider so every user is identified and authenticated with as many factors as you like. You can go further and require a one-time code on when a user navigates to a web app–giving you the security benefits of multi-factor authentication without touching the legacy source code.

2. Access shared credentials without disclosing passwords

Another challenge for legacy apps is managing shared credentials. In an ideal world, every user would use their own credentials to authenticate; in practice it’s not uncommon for legacy systems to rely on a shared administrator account. When common credentials are shared among several users, you lose visibility and control over user access. And revoking credentials for a user when they leave the organization can be inconvenient (or worse, left undone).

The Enterprise Brower can help: you can store shared credentials securely and make them available to specific users or groups. When the user reaches a login page, the browser will offer to auto-fill the credentials. Unlike using a shared password manager, the actual password is never disclosed to the user. Since every user is identified within the browser, you get an accurate record of every user and every login event where shared credentials are used. Password rotation is much easier, with a single place to update in the Island management console. And revoking credentials is as simple as removing that user from the access list in your IdP.

3. Support Internet Explorer 11 compatibility

As published by Microsoft:

The Internet Explorer (IE) 11 desktop application ended support for Windows 10 semi-annual channel on June 15, 2022. Customers are encouraged to move to Microsoft Edge with IE mode. IE mode enables backward compatibility and will be supported through at least 2029.

In global web browser market share, Edge holds about 4% behind Safari (20%) and Chrome (63%). Rolling out Edge with IE mode is a sizable effort for a rather limited benefit. It doesn’t answer either of the issues addressed above, so MFA and shared credential challenges remain unsolved.

The Enterprise Browser is a better choice: it’s built on the same Chromium browser engine as Edge or Chrome, so it looks and feels familiar. It offers IE11 compatibility mode so you can run legacy web apps in a separate tab, and it can solve the other legacy web app challenges listed above. Of course it doesn’t stop there–The Enterprise Browser is built for the modern workplace with security and user productivity in mind.

enterprise browser, IE replacement
5 Myths of the Enterprise Browser

5 Myths of the Enterprise Browser

Tad Johnson
June 7, 2022

Click here for an infographic of this article

The Enterprise Browser is just another flavor of remote browser isolation (RBI)


The Enterprise Browser achieves the same outcomes as RBI — protecting malicious code execution, phishing attempts, and dangerous file downloads — but does so from within the browser itself. This means no added latency for the user and much less complexity  for the organization. And unlike RBI that only isolates a fraction of web activity, The Enterprise Browser by definition protects all web activity.

Takeaway: Island, The Enterprise Browser, keeps all web-based work fundamentally secure—without the cost and complexity of a full RBI implementation. 

The Enterprise Browser is just another web security tool 


While the Enterprise Browser delivers end-to-end security for web applications and their data, it’s so much more than that. By operating inside the browser presentation layer, it provides granular, “last-mile” controls such as screen capture, copy/paste, and download/upload control, or sensitive data redaction. But it doesn’t stop there: it also enhances any web app with robotic process automation (RPA), such as adding MFA to legacy web apps or placing additional approval steps for mission-critical workflows. And all data flows directly into your SIEM for detailed visibility and forensic analysis.  

Takeaway: Island takes an entirely different approach to security that goes beyond the network or content layer to inspect and modify web apps at rendering time, opening a range of possibilities far beyond other security tools. 

The Enterprise Browser requires a managed device for policy enforcement  


The Enterprise Browser secures access to web apps and content on any device, managed or not. It knows the posture of the device it’s running on and enforces policies accordingly. For example, the Enterprise Browser can redirect file downloads from an unmanaged device to in-browser secure storage to prevent data leakage. Many organizations are using the Enterprise Browser in place of more complex VDI or DaaS implementations to give contractors or BYOD users secure web access. Whether it’s running on an unmanaged or managed device, the full power of the Enterprise Browser remains intact.  

Takeaway: Island secures access to web apps & content, regardless where it’s installed, with a deployment mode that’s far less complex than VDI or DaaS. 

The Enterprise Browser is a locked-down secure browser


While the Enterprise Browser provides secure-by-design access to web apps, it’s built with the same familiar browsing experience that users already know and love. Policies are context-aware, so the security controls that keep sensitive data secure and enterprise apps protected are only applied where they’re needed. Unlike single-purpose secure browser products, the Enterprise Browser is often used as the default browser for all web access. 

Takeaway: Island pairs enterprise security & management policies with a granular enforcement engine so the important apps and data are always protected without sacrificing browser speed or user experience.

Existing browsers already have enterprise features


The enterprise features offered by popular consumer-oriented browsers like Google Chrome and Microsoft Edge are significantly limited and only skin deep by nature. For example, the controls offered are only applicable at the device level, which means policies are by definition applied to all web apps, leaving no room for granular policy enforcement. And most essential enterprise features are missing entirely, such as device posture assessment for tailoring policy management, or inserting browser-based RPA to enhance web app functionality.

Takeaway: Existing browsers offer few, limited, and surface-level enterprise features that were not designed to address the wide-ranging needs of the enterprise. The Enterprise Browser, however, offers comprehensive control, visibility, and governance over all browser behavior, delivering a level of security that was previously unimaginable.


It may seem easy at first glance to confuse the Enterprise Browser with some familiar solutions we’ve seen over the years. But dig deeper, explore what the Enterprise Browser has to offer, and the truth comes out - changing this one thing really does change everything. 

Chromium Internals 101

Chromium Internals 101

Peleg Wainberg
June 7, 2022

What is Chromium?

As described in the Chromium project's official site:

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web

Technically, Chromium is the name of the project, and is not referred to in the code. The product itself is Chrome, not to be confused with Google’s browser named Google Chrome.

Over the years, the Chromium project became more than just a browser. It’s a powerful web platform that can be used in many ways to build different products (Electron, Chromecast, etc). It even became an integral part of an OS (Chromium OS).

Chromium is one of the largest codebases in the world, and it runs almost everywhere. It is developed mostly in C++, but already includes some Rust, TypeScript and more.

Basic concepts / Terminology

Before we begin, let’s set some common terms which anyone interested in Chromium must know.

  1. Rendering Engine - The component responsible to parse and transform HTML to what we see as web pages. It takes the tags and implements their behavior.
    1. Blink - The rendering engine used in Chromium. It was forked from Apple’s WebKit in 2013.
    2. Renderer - Usually refers to a process running the rendering engine.
  2. V8 - The JavaScript engine used in Chromium.
    1. Chrome API - JS events and functions that the browser exposes. Some APIs are exposed globally across the browser, some are limited to specific components (e.g. to extensions only).
  3. Mojo - Chromium’s IPC (Inter Process Communication) system. Used for communication between the different processes and components of the browser.
  4. Sandboxing - The concept of isolating and limiting a component. Usually implemented by restricting process privileges via operating system features. Implemented differently per operating system.
  5. Extensions - Software plugins for the web browser. Built mostly with web technologies such as HTML, CSS, JavaScript, etc. They allow adding capabilities to the web platform by third parties.
    1. In Chromium, extensions run in their own process.
    2. There are other types of plugins supported, we will cover some of them later on.

Process model

One of the most commonly known facts about Chromium based browsers is that they have lots of processes. But why are they all needed?

First of all, for security reasons. If we run all of our code in the same process, exploiting one part can lead to code execution all over the browser. It’s harder to isolate threads, so the browser leverages operating system’s features and isolates processes. In Chromium, a renderer doesn’t run in the main browser’s process. Different sites will run in different renderers who have different processes. Also, different types of processes have different privileges. Some processes are sandboxed. This makes exploiting the browser much harder, as in most cases you will have to chain multiple vulnerabilities in order to gain control of the whole browser

This separation is also good for the user’s experience. As more “services” or logical components are moved out of the browser process, it is more likely to recover from errors and crashes - it might be possible to just relaunch the service seamlessly. To be as fast as it can, it uses more operating system resources.

Process Types

So what kind of processes do we have? Here are some notable examples

  1. The browser process - The main broker of the engine. It is not sandboxed, provides capabilities via its interfaces and acts as a broker between different processes
  2. Frame/Tab processes - The renderer of the tab itself. In Chromium, a different renderer instance is created per frame (tab, iframe, etc), usually in its own process
  3. Utility/Service processes - Provide specific capabilities as a service. The network service is an example of such process, and it's responsible for, as you can guess, network operations
  4. Extension Processes - each extension runs in its own process

And of course there are more.

You can view your own browser’s processes by opening the browser’s task manager:

In this example, we can see a browser with 2 tabs. It has a browser process, some utility processes, a tab process for each tab and an extension process.

So we’ve got different logics in different processes, and some of them are tightly restricted. But how do they work together? If tabs are sandboxed and cannot access most of the operating system’s features, how can we listen to music or download files? It all starts with a bit of mojo.


Mojo is a platform-agnostic collection of runtime libraries, providing inter process communication primitives, a messaging format and a binding system. To make it simple, it allows components (within the same process or not) to communicate with each other over predefined messages, in different languages.

Mojo is the successor of a legacy IPC system, which barely exists as most code was migrated. Nowadays, the different components of Chromium communicate with each other almost only using Mojo. That way, when we upload a file, the renderer process asks the browser for the file’s contents - and the renderer doesn’t need to actually access the filesystem.

Mojo is relatively similar to other IPC systems, but is unique for its ability to pass object handles - such as file descriptors and file handles. It also allows validations that the browser uses for security (e.g. it doesn’t allow passing file path objects if the receiver might not have permissions to it now or later on).

Mojo's top level design, taken from the official documentation

Blocking/Non blocking threads

In order to maintain a fluid user experience, the browser doesn’t allow blocking/synchronous operations to run everywhere. It would be a shame if the entire UI would freeze while the browser tries to write a file, or a single tab waits for server response.

Any blocking task that runs in the browser must be marked as such, and it would usually run in a dedicated thread. Blocking APIs always validate that they run in a context that allows blocking.

In the browser process itself there are different UI and IO threads.

Extensions and applications

Chromium provides interfaces which allow third parties to extend the browser and provide non-generic features to the browser. Extensions are the most known interface, but others exist as well.

Extensions and apps should be downloaded from the official store, but can practically be downloaded and installed from anywhere else.

Chromium provides APIs for such components, making them more powerful and versatile. You can read more about it here. They are developed in JavaScript (or any other language that can be transpiled to JavaScript).

An extension is defined via a manifest file. In this file it declares the permissions it requires, its scripts and in which tabs to inject them, what resources it needs, some metadata and more. An extension is limited in regard to what it can and cannot access, and it must ask for specific API permissions in the manifest (e.g. - storage, bookmarks, …).

Extensions can run two types of scripts - background and content. Background scripts run in the extension’s process, have access to the chrome API and in general have more capabilities. Content scripts are injected into the requested tabs and can access them. Background and content scripts can communicate with each other and work together.

Web platform or a browser?

While for the end user Chrome is the entire product, the project is actually built as a framework and a specific implementation of it.

The framework, often referred to as the web platform or the web engine is the multi-process sandboxed browser platform itself. It includes the rendering engine, interfaces for all supported features, most of the services and components of the browser and more. Think about it as a browser library.

Chrome is the product itself, the browser built atop the web platform - the UI, implementations of platform interfaces, browser specific logics and so on. It uses the framework’s library, implements some of its interface and “makes it an app”.

While the two were separated for code health reasons, it also allowed new opportunities such as creating other products on the platform - such as Electron, Chromecast and others.

in the code, all of Chrome’s code is under src/chrome, while the platform’s code is under src/content.


Great, you’re ready to dive deep into Chromium’s internals! We’ve learned what Chromium is, covered some basic concepts and set a common ground. In future blogs, we will move on to explore various features and areas in the project. Stay tuned!


  1. Chromium's official site
  2. Chromium's official documentation
  3. Chrome University

Extensions in Chromium and where to find them

Extensions in Chromium and where to find them

Michael Maltsev
May 24, 2022

Chromium extensions provide a way of customizing the web-browsing experience by adding extra functionality to the browser. The straightforward way of loading an extension in Chromium is by installing it via a supported extension store. But that’s not the only way. An extension can also be loaded from a folder on the computer, via the registry, or via admin policies. Some extensions, called component extensions, are an integral part of the browser which happen to be implemented as extensions.

For each loaded extension, Chromium keeps track of its source location type, which affects the way the extension is treated. For example, component extensions are not displayed on the extensions page (chrome://extensions) and have some extra privileges.

In this post, we’ll take a closer look at where inside Chromium extensions are found, and why their location matters.

The ManifestLocation enum

The ManifestLocation enum is defined in the manifest.mojom file in the Chromium source code, and at the time of writing, it has 10 valid values. The enum is preceded by a short explanation comment:

Historically, where an extension was loaded from, and whether an extension's files were inside or outside of the profile's directory. In modern usage, a Location can be thought of as the installation source: whether an extension was explicitly installed by the user (through the UI), or implicitly installed by other means. For example, enterprise policy, being part of Chrome per se (but implemented as an extension), or installed as a side effect of installing third party software.

Here are the 10 values and comments from the source code which provide a short explanation:

The location rank

The values in the ManifestLocation enum are ordered chronologically, with each newly added value added to the end of the list. I found it more convenient to order the values by their rank. The GetLocationRank function, implemented in, assigns a rank to each ManifestLocation value in order to be able to decide which extension to load if there’s an extension of the same id in different locations. The rank has a good correlation with the privileges that are given to the extensions from the corresponding location.

Here are the ranks along with short comments which can be found in the source code:

In addition to the rank values, the ranking function divides the 10 ManifestLocation values to 5 groups, which helps get some extra intuition about the values and the way the browser treats them.

Listing installed extensions

Before we begin looking at the different extension types, let’s tackle another basic question - how do we list all of the installed extensions and their location values? There’s the extensions page (chrome://extensions), but as we mentioned, not all extensions are displayed on it, and it also doesn’t show the location values.

One way to see all enabled extensions, including component extensions, is to navigate to chrome://system and look at the extensions row. Another way to see component extensions is to run Chromium with the --show-component-extension-options command line switch which will show them on the familiar extensions page (chrome://extensions). But those two methods still don’t give us enough information. Specifically, we still can’t see the location value of each extension.

To get full visibility, we can look directly at the information in the user profile folder. The “Secure Preferences” file contains the information we need. For Chrome on Windows, the file for the default profile is located in the following folder:

%localappdata%\Google\Chrome\User Data\Default

The file is a JSON file containing, among other details, the list of installed extensions for the profile which can be found under extensions.settings. For each extension, the key of the entry is the extension ID, and one of the properties is “location”. The location value is a number corresponding to the ManifestLocation enum defined in the manifest.mojom file.

For example, Google Chrome comes bundled with a component extension called Google Hangouts, and we can see the following entry for it in the Secure Preferences file:

  "extensions": {
    "settings": {
      // …
      "nkeimhogjdpnpccoofpliimaahmaaome": {
        // …
        "location": 5,
        // …
        "path": "C:\\Program Files\\Google\\Chrome\\Application\\97.0.4692.71\\resources\\hangout_services",
        // …
      // …

This tells us that the location value of Google Hangouts is kComponent. The path parameter is also interesting - we can see that the extension is loaded from the readonly installation folder of Chrome, not from the profile folder.

After installing vanilla Google Chrome (version 97.0.4692.71) on Windows 10, here’s what I got under my profile:

Note that 4 extensions are visible on the extensions page, but in fact 14 extensions are installed.

Extension types

The post wouldn’t be complete without mentioning extension types. Chromium defines another enum called Type, defined in manifest.h, which contains the following values at the time of writing:


The logic that determines the extension type is implemented in the GetTypeFromManifestValue function in That’s the reason why, for example, the Slides extension was visible on the extensions page for me, but the YouTube extension wasn’t - the former is of type TYPE_EXTENSION, while the latter is of type TYPE_HOSTED_APP (and is visible on chrome://apps).

In this post, we’ll be focusing on extensions of type TYPE_EXTENSION.


As a reminder, here’s what the comment in the ManifestLocation enum says about kComponent:

An integral component of Chrome itself, which happens to be implemented as an extension. We don't show these in the management UI.

Component extensions are registered to be loaded by the AddDefaultComponentExtensions function in, and loaded by ​​the AddComponentExtension function in The list of component extensions is predefined in the code, and can’t be changed without changing the code and recompiling the browser. The extensions themselves are loaded from the browser installation folder, not from the profile folder, and don’t change unless the browser changes, e.g. on a browser update. That means that component extensions don’t update independently like regular extensions do.

As an example, here’s the commit that adds the Google Network Speech component extension.

It can be useful as a reference for adding your own component extension to Chromium.

Regarding special treatment of the browser for component extensions, you can find several such code snippets in the source code by looking for “kComponent” and “IsComponentLocation” around the code. Here are a couple of examples:

Note: Confusingly, in addition to component extensions, Chromium has something completely unrelated called components. Components are listed in chrome://components, and are bundles of files, usually dynamic libraries or data files, which are updated separately from the browser itself. To add to the confusion, components are distributed in .crx files, but they have nothing to do with extensions.


Before proceeding to kExternalComponent, there are details that are common to all kExternal* values. Extensions for all 6 kExternal* values (kExternalComponent, kExternalPolicy, kExternalPolicyDownload, kExternalRegistry, kExternalPref, kExternalPrefDownload) are loaded by loaders which are specialization classes of the ExternalLoader class. Those loaders are used by instances of ExternalProviderImpl that pass the loaded extensions to an installation service. The extensions are eventually loaded by the CheckForExternalUpdates function in

Each external provider can provide extensions in two ways: Extensions originating from .crx files, and extensions originating from update URLs. The external provider is initialized with a location type for each of the two ways, which the installed extension will end up being marked with.

Here is the rough list of extension loader specializations and their location values. ChromeOS-specific and other OS-specific cases are not included.

It’s interesting to note that kExternalPolicy is not present in the table. It’s only being used in ChromeOS.


The comment from the ManifestLocation enum:

Similar to kComponent in that it's considered an internal implementation detail of chrome, but installed from an update URL like the *kDownload ones.

External component extensions are registered in the StartLoading function in The registration sets the extension IDs and the extension store URL to be used for installing the extensions.

Like with component extensions, the browser has special treatment for external component extensions. You can find relevant snippets in the source code by looking for “kExternalComponent” and “IsComponentLocation”.


The comment from the ManifestLocation enum:

A crx file from an external directory (via admin policies), cached locally and installed from the cache.

As was already mentioned, the kExternalPolicy location is only used in ChromeOS.


The comment from the ManifestLocation enum:

A crx file from an external directory (via admin policies), installed from an update URL.

kExternalPolicyDownload extensions are registered in the StartLoading function in Two instances of ExternalPolicyLoader are created, one for forced extensions (that can’t be disabled) and one for recommended extensions.

Like with other location types, the browser has special treatment for policy extensions. You can find relevant snippets in the source code by looking for “kExternalPolicyDownload” and “IsPolicyLocation”.


The comment from the ManifestLocation enum:


Extensions that are loaded by using the --load-extension command line switch are marked with the kCommandLine location. They are loaded by ​​the LoadExtensionsFromCommandLineFlag function in, which delegates the loading to UnpackedInstaller which loads the extensions from their target folders.

The browser has special treatment for extensions which are loaded unpacked. You can find relevant snippets in the source code by looking for “IsUnpackedLocation”. There are also a few places with special treatment specifically for “kCommandLine”.


The comment from the ManifestLocation enum:

From loading an unpacked extension from the extensions settings page.

Extensions that are manually loaded from a folder for development are marked with the kUnpacked location. They are loaded by ​​the FileSelected function in, which delegates the loading to UnpackedInstaller which loads the extensions from their target folders. They are also reloaded by ​​the LoadExtensionForReload function in on browser launch.

The browser has special treatment for extensions which are loaded unpacked. You can find relevant snippets in the source code by looking for “IsUnpackedLocation”.


The comment from the ManifestLocation enum:

A crx file from an external directory (via eg the registry on Windows).

kExternalRegistry is a Windows-specific location for extensions that were loaded from a local .crx file via the registry as specified here: Pre-installed Extensions (Pre-installing via the Registry). The extensions are registered in the StartLoading function in

Note: Extensions that were loaded from a URL (and not a .crx file) via the registry as specified here: Alternative extension distribution options (Using the Windows registry) are registered with the kExternalPrefDownload location, not kExternalRegistry.


The comment from the ManifestLocation enum:

A crx file from an external directory (via prefs).

kExternalPref is a location for extensions that were loaded from a local .crx file via the browser preferences as specified here: Alternative extension distribution options (Using a preferences file). The extensions are registered in the StartLoading function in Two instances of ExternalPrefLoader are created, one for the system-wide preferences and one for the per-user preferences. kExternalPref is not used on Windows (except for ExtensionMigrator which is a specific migration case).

Note: Extensions that were loaded from a URL (and not a .crx file) via the browser preferences as specified here: Alternative extension distribution options (Using a preferences file) are registered with the kExternalPrefDownload location, not kExternalRegistry.


The comment from the ManifestLocation enum:

A crx file from an external directory (via prefs), installed from an update URL.

kExternalPrefDownload is a location for extensions which were loaded from an update URL via the registry (Windows) or via the browser preferences (non-Window). See kExternalRegistry and kExternalPref for more information.


The comment from the ManifestLocation enum:

A crx file from the internal Extensions directory. This includes extensions explicitly installed by the user. It also includes installed-by-default extensions that are not part of Chrome itself (and thus not a kComponent), but are part of a larger system (such as Chrome OS).

Except for a couple of specific cases, kInternal extensions are the common, regular extensions that are installed by the user from the extension store.


In this post, we went over the extension locations that Chromium defines and uses. We looked at when and where they’re used, and how they affect the way the browser treats the extensions.

How software teams avoid death by hypergrowth

How software teams avoid death by hypergrowth

Alon Biran
May 20, 2022

We were building a really big product, and we knew we needed to do it right from the start and keep it right at scale, no matter how many engineers we onboard. 

We knew the code itself was less important, as it would change frequently, but building a mechanism that would allow us to move fast while continuously onboarding people was critical. And because of that, we decided to invest in building the right infrastructure.

Here are the five main areas we focused on to successfully launch Island.

Create consistency by systemizing the development of new services

We wanted the code to look similar across the system, so we made a skeleton of how a microservice looks, how an extension “service” looks, and made sure they were similar to each other. This made diving into any code and things like code reviews much simpler. It also enabled us to get into someone else’s code very quickly, easily, and confidently, since all of the code looked similar. Naturally, we didn’t want to create a big boilerplate for each service, so we wrapped it in generators and Jenkins jobs to create the code as easily as deploying it. Today, populating a new service takes less than a day and is mostly automated. Engineers focus on the business logic rather than how to install dependencies, or how the code structure should look.

And of course, in the specific cases where you’d want to go out of the template, it would be obvious to understand a discussion is needed around it

Ensure the highest standard of quality with ongoing tests, coverage, automation, & CR

We then understood that, while we wanted to move fast and release features in rapid phases, our releases had to be of the highest quality and remain that way. Maintaining this high-quality standard was extremely important because the browser is such a crucial tool for everyone – bugs could negatively impact our customer’s productivity – and because of that we kept progressing without letting ourselves get “stuck in the mud” with a lot of regression bugs.

First, we had a rule: No code goes unreviewed. Every piece of code must be reviewed by at least one person from the team. Every feature, every bug, every configuration file, even every typo fix. In specific cases we even added code owners to make sure only the code they approve makes it into the product.

Second, we added CI in the form of github actions to enforce specific style, coverage of tests, build and quality of the code (no warnings etc.), and while coverage does not always point to quality, it at least forced the engineers to think about what they wanted to test and how.

Here’s a nice graph on how our coverage looked after we started enforcing it. When we started back in Jan ‘21 we were at around 80%, eventually making it to 97%.

In addition, we invested heavily in automation from the beginning. This gave us the ability to test features E2E and and keep ourselves accountable for its stability and consistency, while always improving our ability to understand and debug issues on a given PR.

Here is an example of our Grafana presenting the automation success rate:

Another good example is our per-test fail ratio & build time, for monitoring which tests are giving value, which are not, and of course which are slowing us down:

Make gradual deployment easy with feature flags

Deploy, deploy, deploy. Since we use our own browser on a daily basis, we wanted to make sure engineers are comfortably deploying multiple versions a day while maintaining a high level of quality. Instead of canary or blue-green deployments style, we wanted to make sure our deployment strategy fits the Island company strategy – lots of engineers moving at a very fast pace. We chose a strategy to keep deploying and keep testing in production while having granular control on how each feature behaved. For that, we chose to use feature flags. Each development, each feature can be controlled by a feature flag (not only boolean, but every variation of a parameter) and each feature is gradually deployed among customers as well. 

First we deploy features to our own browsers, then we deploy them to our demo segment and sales engineering. Afterwards we deploy them to specific customers (beta customers, early stage adopters) and finally to all customers. This strategy allowed us to control the quality of releases while getting continuous feedback from both internal and external users and our internal tools and metrics. In addition, it allowed our product managers to have granular control over the product and its deployment, and to decide how and when they wanted to present it to the customer instead of having to depend on engineering. Of course, we’ve added granular control flags in both unit-tests and E2E automation in order to ensure the system is working in all kinds of variations.

I suggest this strategy to any early stage startup wanting to move fast while maintaining high quality.

Invest in onboarding as much as your code

As we planned on continuously onboarding engineers, we made sure everything was well documented so a clear plan was presented to each engineer as they joined. Of course, like most companies, we assigned each new engineer a ‘buddy’ to guide them along the onboarding process. Our initial goal with onboarding was to have an engineer fully ramped up with all of our tech and be ready to insert code into the product by the time onboarding was finished. The engineer received a clear checklist of what needed to be done and what exercises were to be completed. There would be planned checkpoints between each technology, that included a sync with his/her assigned buddy where they’d show what they worked on. In addition, the engineer would add a module that improved the life of the day-to-day work of the developers, followed by a “kudos” shared with the whole company from his/her buddy to celebrate what the new team member achieved in such a short time. 

What’s important to understand is that onboarding is not a static, one-time, “check the box” creation. It’s an ongoing process.

Every new employee joining the Island team improves and fixes the onboarding flow as we go, in case something is wrong or no longer relevant. In addition, we do a retrospective with the engineer and his/her buddy, and see what other items we need to add to the onboarding. For example, our onboarding originally focused only on technology. But over time, we added architecture sessions, product functionality overview, automation and other areas.

Create visibility into your production environment via monitoring & alerting

Finally, you can’t keep the flow without visibility and alerting. We added logs everywhere and set up alerts to dedicated slack channels on every error. We assigned a “developer on duty” to continuously investigate bugs and improve our monitoring infrastructure. We added dashboards to ensure quality as well as user experience, which measured latency of calls, time of browser events as well as error rate and uptime of production cloud services, all alerting into Jira.


It’s important to make a conscious effort to recognize when your organization is in scale mode. Every tiny decision is important, even the small stuff like how you organize a specific file in the development environment file system or taking the time for a regular retro with new employees. 

Find a way to create an environment where quality is top priority but does not cause fear of deploying and merging. Enable the tools your engineers need to deploy their code comfortably while putting strict methods in place for having granular control over what is deployed and when, as well as ensuring overall quality. In addition, engaging product leadership to understand those decisions will create a healthy work environment while enabling the speed and velocity you need for early stage start-ups aiming to grow fast.

Solving Critical SaaS Vulnerability with an Enterprise Browser

Solving Critical SaaS Vulnerability with an Enterprise Browser

Jason Trunk
April 26, 2022

SaaS and corporate web apps present challenges to the enterprise many have not considered. The process of signing up and migrating critical business operations to the cloud is fast, easy and can add remarkable value, but comes with a tradeoff that’s not always obvious. These apps can increase an organization’s vulnerability to cybersecurity risk. Due to the nature of the web and traditional web clients (browsers), there is simply not an adequate level of data protection or governance.

Given the massive adoption of SaaS and web apps, this presents an urgent problem. Organizations are operating with thousands of apps, sanctioned and unsanctioned, and often have thousands of employees across myriad departments with their own needs. The need to create constant exceptions to give workers what they require creates massive complexity, along with equally massive risk.

In other words, the present situation is a colossal headache for IT departments.

Here’s the good news: we’ve solved this problem by creating an innovative new product category: the world’s first Enterprise Browser.

A Simple, Elegant Solution for Data Protection and Governance

The web browser is now an integral part of the business technology landscape. Yet they were never meant to be enterprise tools. Conventional browsers may work beautifully, but they are a consumer product at core.

Pressing a consumer-grade tool into enterprise service comes with a slew of security complications. You can’t see how users interact with data within a browser. They can print screens, copy and paste data, take screen snapshots–a full range of potentially compromising actions for which organizations had minimal visibility.

There have been attempts to address this problem by bolting on tools such as web gateways and Cloud Access Security Brokers (CASBs). These approaches have always failed because these tools are cumbersome and do not offer fine-grained control, creating an ongoing governance mess.

These failures led us to pose a fundamental question: what if we approached this problem of control and governance directly in the browser?

Marrying Enterprise-Grade Security with Consumer-Grade Usability and Performance

Role-Based Access Controls (RBAC) associated with some apps provide a level of control, but they can’t do the one thing that enables effective governance: assert control over the right app, at the right time, for the right user.

An Enterprise Browser can do this by checking device posture during user logins to ensure trusted devices are being used to access critical SaaS apps. An Enterprise Browser allows you to create policies to block things like screen printing, cut & paste into non-approved destinations, or sharing information over web conferencing.

Additionally, you can use an Enterprise Browser to redact sensitive data types within applications via browser-based Robotic Process Automation (RPA) or enable deep audit logging to see every action a user has taken. An Enterprise Browser can also encrypt cookies to protect app sessions from intrusion, scan for malware, or create policies governing data storage and enhance privacy.

This gives you everything you need to make data protection and governance headaches a thing of the past.

While SaaS and Web apps have seen extraordinary adoption and delivered numerous benefits, cyber-risk and unstructured governance have hitched along for the ride. Creation of the enterprise browser is the breakthrough that IT departments urgently need to solve this long standing problem.

For a more in depth article on protecting critical SaaS and web apps using an enterprise browser, click here.

Navigating the Challenges of Contractor and Third-Party Access

Navigating the Challenges of Contractor and Third-Party Access

Bradon Rogers
April 11, 2022

It’s been impossible to miss the recent cybersecurity incidents involving contractors and third-party access to organizational resources. While these headlines are hardly new, their impact is now exponentially more serious given the major shift to hybrid work, paired with mixed cloud and on-premises hybrid architectures.

Contractors and third parties often serve as the functional backbone of many operations. In some cases, they are individuals performing a specific function. In others, it’s a third-party organization performing an entire function like logistics management or HR. To ensure at least a basic level of security, organizations typically ask them to legally attest to their understanding of their responsibilities toward protecting the critical resources they are given access to. This may also involve rigorous inspection of the contractor’s controls and resources. But given the urgency of many contractors’ work, these inspections are often treated  as a mere “checkbox.” Regardless of the need for speed or not, it’s a given that onboarding contractors and third parties is slow, expensive and cumbersome. Here’s why.

Third parties need to be granted access to an organization’s critical systems just to do their jobs, which organizations typically do using one of these two approaches;. 

  1. They allow third parties to use their own devices 
  2. They ship a company-owned device that the contractor or third party must use to access these systems and fulfill their duties

Both approaches involve different complexities and levels of risk that cause unnecessary pain on both sides. Let’s take a closer look:

Unmanaged Contractor and Third-Party Devices

As uncovered in recent news stories, third parties very often use their own devices. The advantages of this approach are fairly obvious. Allowing these resources to use personal devices saves time, reduces onboarding costs and allows the third-party’s resources to operate in a familiar environment, which significantly speeds up productivity.

But this approach has its downsides as well. It requires giving individuals account credentials to the systems (VPNs, Virtual Desktops, and actual applications) they need to perform their roles. Onboarding this kind of access is complex, costly, and requires ongoing attention to manage provisioning and revoking access and credentials. 

Managed Devices for Contractors or Third-Party Access

On the other hand, many organizations opt to ship a company-owned, managed and pre-configured device to the contractor or third party. The upfront cost and effort involved in buying, building, and shipping these devices at scale is immense.  Not to mention the timing - it can take a month or longer to get a single contractor up and running. It also creates a steep learning curve on the third-party’s side to integrate new devices and systems into their workflow. While ultimately this may be the less risky approach, the significant tradeoffs feel unacceptable to both the organization and the third party.

The Ongoing Effort

In both of the above scenarios, provisioning alone is a serious organizational challenge. And yet, it’s only the beginning. Ongoing governance is also necessary to ensure contractor and third-party access is limited to only the sources and systems necessary to perform the responsibilities they were hired to carry out. This requires uncomfortable architectural choices to be made to balance the often opposing forces of efficiency and risk. On a practical level, these considerations include whether to use VPN backhaul, cloud forward/reverse proxy implementations, virtual desktops, CASB, DLP, Web Gateways, or ZTNA technologies to govern third-parties safely. Unfortunately, these decisions cause complexity and costs to explode, leaving the organization vulnerable to the contractor or third-party risk.  This was made quite evident in recent headlines where the level of complexity for offshore third-party access was undoubtedly one of the core issues.

The Enterprise Browser: An Ideal Way to  Onboard and Oversee Contractors

We’ve always been forced to choose between security and complexity or speed and efficiency. This is what we challenged ourselves with. A way to ensure security while enabling work. Maximum efficiency, minimum risk. And out of this challenge came the industry’s first browser built for the enterprise. Imagine, instead of all the organizational challenges, all the workers’ frustrations, all the costs and complexities, contractors or third parties just logged into a browser that had all the resources they needed waiting for them. This is what the Enterprise Browser can do for work. 

Let’s start with provisioning. For third-party organizations or contractors using their own devices, you provide a download link for the Island installer. Once the browser is installed (it takes less than a minute), you give them credentials and access privileges aligned with their role, and in seconds they begin working. The applications they need are immediately made available with no complex configurations or additional software required. And for organizations choosing to provide their own managed devices to contractors or third parties, simply include the Island Enterprise Browser in your device build, and the process is exactly the same as above.

Once the user is working on the Island Enterprise Browser, your organization’s applications and associated data are fundamentally protected. Island’s unique last mile controls allow you to easily create policies to govern application and data access. And further, it allows you to control who has privileges to add new users, who is authorized to change or copy data, and whether or not a user can download, screenshot or save content.  

You also get extraordinary visibility in a way that simply wasn’t possible before; deep forensic audit logging to keep a close watch on what these resources are doing as they do their jobs. You can even output these activities in real-time to data aggregation environments such as SIEM to monitor user behaviors and actions to quickly discover unwanted activities. Island sheds light on a unique dimension of user-based data by keeping tabs on the contractor or third-party’s actions within the browser window. 

As seen in recent news stories, the inability to govern contractor or third-party usage of key application areas was  what allowed attackers to manipulate backend application areas that very well could have been out of the scope of the third-party’s work in the first place. Last-mile control and deep logging could have been the difference between identifying and preventing any sort of compromise and hunting down and remediating the problem once the damage is done. 

And while it’s essential to govern the actual contractors or third parties as they engage in critical application areas, it is equally necessary to ensure that they are protected from outsiders who might leverage them as a vulnerable attack vector in the organization. Island ensures that the browser is safeguarding the entire journey on all sides, at all times. Island delivers several key capabilities to ensure that attackers are thwarted in their attempts to use the contractor or third party as a vector of compromise.  These capabilities include:

  • Man-in-the-Middle Protection
  • Anti-tampering Protection
  • Browser Isolation
  • Malware InspectionDocument Isolation and Disarmament
  • Malicious and Unknown Site Categorization

These built-in capabilities ensure that the organization’s applications and the contractor or third party are always protected from attack as they perform their work.

The Bottom Line. 

Third-party contractors and resources are pervasive and the practice is growing exponentially as the gig economy and the need for hyper specialized project work expands. Companies are purposefully building this practice into their business models, making these services very often mission critical to operations. But recent compromises using this vulnerable channel threaten to either reduce the practice entirely or forcefully add more cost, complexity and inefficiency into the process.  

It is time to consider a whole new way to approach contractors and third-party access.  We need to be able to get people to work quickly, and allow the organizations and people on both sides of the equation to be confident that both the applications, data and users are protected. With Island’s Enterprise Browser at the core of these use-cases, you can safely and quickly get people to work, create a great user experience and be confident your data and applications are protected. 

Frost & Sullivan Thinks an Enterprise Browser is Critical for SaaS

Frost & Sullivan Thinks an Enterprise Browser is Critical for SaaS

Bradon Rogers
March 29, 2022

When was the last time you thought about your web browser?

The truth is that today's browsers are so powerful, refined and simple-to-use that we essentially take them for granted. Most people use the browser for personal/consumer use and the same exact thing to access their work environment.

A new report from leading analyst firm Frost & Sullivan highlights the challenges of using a consumer browser for business and points out the features and functions a true enterprise browser must offer.  You can download it here.  

I think the report sums it up best with this statement: 

“An enterprise browser with a different approach, which delivers functions with the enterprise in mind, is needed. With the proper control, the browser is able to solve serious problems more easily. Its position is a very unique intersection of users, critical web applications, the underlying data, and the threat landscape.”

Here’s a quick summary of the report.  

Consumer-Grade Technology Can't Provide Enterprise-Grade Security

Consumer-centric design hasn't stopped web browsers from playing a critical role in the business technology ecosystem. Yet it has created a very significant (and often underappreciated) problem: Conventional browsers don't have the visibility, control and manageability required for corporate SaaS and web-based applications.

In other words, reliance on conventional browsers means the assumption of significant and sustained cyber-risk.

Fortunately, there is good news: A new category of browser now exists -- one that pairs the speed and flexibility of a consumer browser with the security of an enterprise-grade product.

Meet the Enterprise Browser.

Why CISO's Need a New Browser Approach

Today, the browser has become the new office. Employees spend much of their workday accessing data and applications through browsers. This greatly accelerated during the COVID-19 pandemic, which sparked an explosion of telecommuting activity.

Massive adoption of work-from-home and bring-your-own-device scenarios, however, means that IT departments now have even less visibility into user behavior and how people and data are interacting.

For CISOs, the security concerns that come with vastly expanded work-from-home opportunities simply add another layer of stress and pressure.

Other key issues include:

  • Addressing growing complexity (which is often exacerbated by deployed security solutions)
  • Dealing with a shortage of skilled staff
  • Navigating evolving regulations, privacy and compliance mandates

That's a tall order. Fortunately, it's now possible, for the first time, to address these challenges at the browser level.

A New Breed of Browser

A browser rests at the intersection of organizational users, critical applications and underlying data. They are deeply embedded in almost all organizational activity.

Yet enterprises have not been able to exert flexible control over what happens when employees use these browsers. Consumer-grade browsers simply do not offer tools to implement security policies. As a result, they leak data. They are vulnerable to screen grabs or printouts, downloads, copying and pasting into personal apps or even smartphone snaps.

Enterprises understand this and have historically attempted to mitigate these risks with multiple security and management tools. Plus, they are forced to do things like banning the use of personal email accounts or other applications. Yet these measures are not truly effective, and they alienate employees.

Enter the Enterprise Browser -- an innovative new product category.

An Enterprise Browser mitigates cyber-risk by assessing the posture of the device on which it is installed. It then dictates the appropriate policy depending on the device type of the logged-in user. This means organizations can manage access regardless of device, user or location.

In essence, an Enterprise Browser gives CISOs infinite control over how users and information interact.

Fine-grained controls aren't the only benefit offered by an enterprise browser. They can also audit user behavior, giving enterprises visibility if unauthorized screen grabs or data copying occurs. This level of visibility into browser-level user and data interaction has never existed before. And what’s more, is that organizations can enforce the use of an Enterprise Browser for certain applications, while allowing standard consumer browsing for personal use or access to non-risky applications or destinations. And for the final kicker, since it is based on the open source Chromium browser, the basis of the majority of browsers in use today, the Enterprise Browser delivers the same experience to users, lowering resistance to adoption significantly.

Bottom Line

Conventional browsers are powerfully elegant pieces of software. Yet they are poorly suited for the integral role they are being asked to play within the business technology ecosystem.

Introducing enterprise-grade security at the browser level with an Enterprise Browser is one of the most impactful things CISOs can do today to simplify their entire security architecture and mitigate some of the most urgent cyber-risks they face.

Get the Frost & Sullivan report by clicking here.  

Press Release: First Enterprise Browser Improves Enterprise Security

Press Release: First Enterprise Browser Improves Enterprise Security

February 1, 2022

Backed by Insight Partners, Sequoia Capital, Cyberstarts and Stripes, Island delivers a familiar Chromium-based browser experience with built-in critical security control and governance for corporate applications and data

DALLAS and TEL AVIV – Feb. 1, 2022 – Today Island unveiled a new category of enterprise software that revolutionizes security control, visibility and governance with the introduction of the world’s first Enterprise Browser. After almost two years of product development, the company emerged today from stealth mode to introduce the Enterprise Browser, eliminating the massive gaps between current consumer-focused browsers and the increasingly complex IT and security requirements of enterprises worldwide. With core needs of the enterprise naturally embedded within the browser itself, Island is the first browser to provide end-users with the same Chromium-based experience they expect, while giving the enterprise much needed functionality to vastly improve corporate security and employee productivity.

Headquartered in Dallas with research and development in Tel Aviv, Island is led by co-founder and CEO Mike Fey, previously president and COO at Symantec and GM and CTO of McAfee; and co-founder and CTO Dan Amiga, inventor of web isolation technology and previously founder and CTO of Fireglass. Island emerges from stealth with a complete senior management and technical team bringing decades of experience in enterprise security from both successfully established cybersecurity firms and start-ups, as well as deep domain expertise in Chromium research and development.

To date, the company has secured almost $100 million in financing from leading early-stage investors including Insight Partners, Sequoia Capital, Cyberstarts and Stripes and has hired over 100 employees.

“For decades, organizations have globally utilized consumer browsers in the corporate computing environment,” said Mike Fey, co-founder and CEO, Island “These organizations require strong control and governance, which consumer browsers were never built to deliver. Island uniquely provides manageability, control, security and enhanced productivity features from within the browser itself, while users enjoy a familiar browsing experience. We envision the Enterprise Browser fundamentally improving not just security, but enterprise work itself.”

“SaaS has fundamentally changed how IT teams are providing value added services to their companies and the industry is ripe for a new way of thinking about how we secure that value,” said Bob Schuetter, CISO at Ashland Global Holdings, Inc. “A browser built for the enterprise can fundamentally change the industry, empowering us to reimagine how we approach our use cases with tremendous power yet elegant simplicity.”

Product Features, Capabilities and Use Cases

The Enterprise Browser enables organizations to deeply govern how users interact with all SaaS and internal web applications. Through the use of the Island Enterprise Browser, security teams can fully control last-mile actions from advanced security demands to more basic data exfiltration protections such as copy, paste, download, upload, screenshots and other activities that might expose critical data. This opens up unprecedented opportunities across a growing number of enterprise use cases, including securing critical SaaS and internal web applications from data leakage, safe access for contractors and BYOD workers, and full governance over privileged user accounts. It can also reduce VDI dependency while also supporting built-in safe browsing, web filtering, web isolation, exploit prevention, smart network routing, and Zero Trust access.

“The browser is the office where today’s hybrid workforce lives,” said Dan Amiga, co-founder and CTO, Island, “We have engineered the Enterprise Browser to be the platform for the future of their work. It begins by redefining how an organization secures its work but will positively impact endless needs across information technology.”

“It’s rare that you see a security technology with the potential to reimagine the industry the way Island’s Enterprise Browser does,” said Jeff Horing, Insight Partners co-founder and managing director. “Island has all the attributes we look for in a successful venture – an experienced management team, a brilliant idea and a large market disruption capability.”

Market Demand Intensifying

Island released and deployed its GA product beginning in September 2021 to some of the world’s most recognizable brands across a range of industries, including several in the Fortune 500.

“When we first saw Island’s design, we immediately recognized the revolutionary impact it could have on securing the workplace,” said Doug Leone, Sequoia global managing partner. “By delivering on the long-standing goal of security by design, we see it as a disruptive solution within the security industry.”

“Our focus at Cyberstarts is to invest in important ideas and people that will change the cybersecurity industry,” said Gili Raanan, Cyberstarts founder and Sequoia general partner. “Island’s Enterprise Browser has the potential to positively impact every part of the space.”

About Island

Island, the Enterprise Browser is the ideal enterprise workplace, where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect. Led by experienced leaders of the enterprise security and browser technology space and backed by leading venture funds -- Insight Partners, Sequoia Capital, Cyberstarts and Stripes -- Island is redefining the future of work for some of the largest, most respected enterprises in the world. Island is based in Dallas with research and development in Tel Aviv, and can be reached at or (866) 832 7114.

For more information contact:

Hannah Carroll/Tim Hurley
Matter Communications for Island

Enterprise Strategy Group highlights Island Enterprise Browser

Enterprise Strategy Group highlights Island Enterprise Browser

Bradon Rogers
February 1, 2022

As organizations turn towards SaaS cloud-based applications to help them grow, there is an increasing need for access control and sensitive data control measures to be taken. However, internal security teams have many different complications to work through in order to maintain compliance and protect sensitive data across enterprise-level organizations.

Third-party SaaS applications are increasingly important for businesses, as they help manage key operations, improve employee collaboration, and help new initiatives start quickly. While these applications provide many benefits to organizations, they also make security management difficult as there are limitations to access controls for internal IT, risk, and security teams.

Adding even more complication to the problem is the increased reliance on non-corporate-owned devices and personal devices. This goes hand-in-hand with the growing hybrid workforce, making it even more difficult to maintain compliance and security standards across an organization. New strategies are needed in order to address these problems.

The Challenges of IT, Security, and Compliance Teams

There’s no question that third-party SaaS applications help businesses grow, compete with competition more effectively, and cover gaps within the workforce. However, they do add challenges to IT, security, and compliance or risk teams' ability to:

  • Implement fine-grained user-access privileges
  • Prevent sensitive data leakage from personal and non-corporate devices
  • Audit access and user functions and sensitive data access
  • Leverage network security controls and strong encryption protocols

IT, security, and risk teams struggle to manage the staggering amount of third-party SaaS and internal web applications that organizations are adding to their workplace. SaaS applications are often designed for the most common use cases, making specific access and compliance controls difficult to manage and security hard to maintain across departments and at-home or hybrid employee offices.

Identifying the Need for an Enterprise Browser

Most organizations use consumer browsers like Chrome or Edge to engage with SaaS and web-based applications. However, these browsers were not built with governance in mind and offer no controls over what a user can do inside an application, including printing, taking screenshots, or downloading content.

Clearly, a new approach is needed in order to provide security to modern businesses with cloud-based SaaS applications, hybrid work environments, and non-corporate devices. ESG has identified a new, disruptive approach to securing and managing user and data access—an enterprise browser.

What is the Island Enterprise Browser?

Island is a security-enabled and compliance-focused web browser. It uses the same capabilities and user experience that you would find in Chrome or Edge, but ensures that organizations have control over how users interact with information and provides core security controls for IT, risk, compliance, and security teams.

Island enterprise browser provides:

  • Sensitive data protection
  • Safe browsing
  • Device posture assessment
  • Forensics and audit capabilities
  • Multi-tenancy control
  • Centralized management
  • Browser-based robotic process automation

To learn more about the need for an enterprise browser and the capabilities that are provided by Island, read the whitepaper from ESG and discover the bigger truth about modern security and governance in enterprise-level organizations. Click here to see the report.

Why “The Last Mile” is the Most Critical Terrain in Cybersecurity

Why “The Last Mile” is the Most Critical Terrain in Cybersecurity

Brian Kenyon
February 1, 2022

Cloud growth continues to be nothing short of astonishing: Gartner estimates 95% of new digital workloads will be deployed on cloud-native platforms by 2025, up from just 30% in 2021.

Yet this race to adopt cloud technology has left security teams with an extremely challenging mandate: They need to keep critical assets safe in a world where remote work, BYOD and virtual desktop use are all exploding.

Fortunately, they have no shortage of options. Security concepts such as Zero Trust, and the usual range of data loss prevention, identity management and cloud access security tools, provide a framework for risk management.

However, one urgent risk remains underappreciated: No matter how many security tools you wield, you’re still deeply vulnerable if you continue to use conventional web browsers.

Why the Consumer-Focused Web Browser Creates Massive Enterprise Risk

Web browsers have become an essential cog in the wheel of business technology. Many of the productivity applications and SaaS platforms that organizations use today are highly dependent on browsers.

The truth, however, is that they are not truly intended to be used as such. Because they were designed for advertising, tracking and search optimization, they offer minimal control over “the last mile” – the space where users interact with data and applications within the browser.

This means that a user can compromise security through printouts, screen grabs, copying-and-pasting text or even taking a photograph of the screen – and an organization may never realize it because conventional browsers also offer no visibility into how users have acted in the past.

That absence of control is a huge problem – one that organizations have often attempted to address by placing severe restrictions on how workers can use applications or devices. Unfortunately, this is not only ineffective, but it also constrains how businesses operate, and alienates workers.

Fortunately, there is a simple change you can make to avoid this risk: Start managing “the last mile” via an enterprise browser.

Last Mile Control and the Enterprise Browser

Consumer-grade browsers gush data because they don’t allow you to implement security policies. An enterprise-grade browser solves this long standing problem by offering a centralized management console for policy enforcement to govern activities such as downloading, saving, cutting-and-pasting or screen grabs within critical apps.

This gives organizations the ability to give workers much more latitude in terms of how they interact with applications and data.

That’s not the only benefit:

  • An enterprise browser extends the practice of role-based access to provide a governance layer in areas that have always been inaccessible.
  • This means it closes a cyber-risk blind spot, vastly strengthening your security posture.
  • An enterprise browser is highly scalable and delivers exceptional ROI.
  • It also significantly reduces resource use.

Ultimately, by merging the speed and seamless UX of a consumer-grade browser with last mile controls, the enterprise browser represents an urgently needed innovation – and one of the most exciting new product categories in years.

Read a more in depth editorial brief on this topic by Brian Kenyon, Chief Strategy Officer at Island, by clicking the title: Enterprise Browser Management – The Last Mile Challenge.

The next chapter of enterprise work. Introducing The Enterprise Browser.

The next chapter of enterprise work. Introducing The Enterprise Browser.

Mike Fey
Dan Amiga
February 1, 2022

We began our journey in enterprise security with a single goal in mind: to build a truly secure-by-design environment. Where work could thrive because security is naturally woven into the enterprise.

So we teamed up with some amazing people. Built anti-malware, DLP, proxies, CASB, firewalls, and many other enterprise security products that became industry standards. Even invented brand new technologies like browser isolation that carved a new path towards a safer enterprise. We were fortunate to build products that truly mattered.

But as the enterprise evolved in ways we couldn’t even imagine, the industry’s approach to securing it stayed more or less the same. An upgrade here. A plus-one there. These improvements were effective. But that’s exactly it - they were merely improvements - on an ecosystem designed years ago for a very different world.

Today, the most precious parts of most organizations live in the cloud. Our employees work in offices, coffee shops, living rooms, and beach chairs. And they use whatever device they want. Let’s face it - even the best versions of yesterday’s security tools weren’t meant to handle the size and scale of today’s modern enterprise. And as long as we were playing by the old rules, that vision of a secure-by-design work environment couldn’t become reality.

The teams we were privileged to lead solved some of the biggest challenges in our industry. Yet, the narrative hadn't changed. And it was becoming painfully obvious why. The one place where basically all our work takes place - where our users, apps, and all underlying data meet - that place was still fundamentally not in our control.

The browser.

The browser is the one application enterprises use more than any other on planet earth. By far. And yet, ironically, the browser isn’t even an enterprise application. It was built for consumers and advertisers. Optimized for content distribution and consumption. Organizations and employees? They were never part of the picture.  

But we knew this already, and we chose the consumer browser for work anyway. Its value to the enterprise was so immense that we ignored the fact that it was built for consumers. We embraced it for its amazing speed, rendering power, universal compatibility, and near flawless user experience. And we learned to live with the tradeoffs - the lack of control, visibility, governance, or privacy - the core elements of a safe work environment.

We accepted this as reality.

A reality where the centerpiece of our workplace wasn’t designed for work. Which meant the one place nearly all our critical data lived was the very place we couldn’t protect or even see.
And this reality forced us to treat our browser like a caged animal - surrounding with an endless stack of heavy, expensive, and inefficient tools just to keep it from working against us.

It’s not the browser’s fault. It just wasn’t designed for the enterprise.

Well, what if it was?

It was such a simple question. One that deep down we’ve all wanted to ask. What if there was a browser specifically designed for the enterprise? A browser that put the organization in complete control over how its users, apps, and data interact? A browser that let the enterprise in instead of shutting it out? A browser that integrated into your infrastructure instead of fighting against it?

And suddenly it hit us - That was it. The goal we’ve been working towards our entire careers, right before our eyes.

The ideal enterprise workplace. Security, visibility, and governance built right into the work experience, without getting in the way of work itself.

That vision of secure by design - finally realized.

Why hadn’t it been done before?

It seemed almost too obvious. Why hadn’t someone built this yet?

Three stars needed to align for the enterprise browser to seem like a viable idea.

  1. The SaaS revolution. As work migrated to SaaS, work categorically shifted away from desktop services and towards the web-first experience. Critical apps were now available anywhere all the time, making the browser the center of enterprise work.
  2. The Chromium effect. When the Chromium open source browser project was introduced - all major browsers suddenly became standardized. All fueled by the same technology, all providing the same powerful, yet enjoyable user experience. Which made it possible to build the core needs of the enterprise into the browser, while retaining the consumer-grade experience users have come to expect.
  3. The rise of the endpoint. With widespread adoption of the remote workforce, the shift to SaaS and cloud services, and the explosion of network encryption, the endpoint suddenly became the best place to anchor our security operation. This new work reality not only brought about a greater need to secure the endpoint, but it created a major opportunity to leverage the endpoint to secure our critical data right where it was being accessed and used.

All the pieces were finally in place. The only thing left was to build it. So we did.

And we call it Island. The Enterprise Browser.

The Enterprise Browser fully integrates the browser into the organization, providing complete control and visibility over everywhere work happens. All while delivering the same smooth, powerful, nearly flawless experience users have come to expect. It’s work as it should be -  fluid, yet fundamentally secure.

And with it, the possibilities are endless. SaaS and internal web apps truly live anywhere without leaking data everywhere. Contractors and BYOD workers work freely while organizations keep the data they access fully secure. Consumer or risky apps can be safely introduced into the enterprise without compromising security posture. Users are naturally protected from the inherent dangers of the web. And this is all just the beginning.

For years we had one goal - to design the place where work naturally belongs.

Island is that place.

Welcome to the next chapter of enterprise work.

The use cases

Fully govern how contractors interact with your data by setting highly specific policies around which apps and data they access and what they can do with them.