With browsers often in the middle of many corporate activities, it’s no wonder that they are now subject to many of the same challenges encountered on desktops, smartphones and other hardware-based endpoints. Many IT pros wouldn’t consider browsers to be a critical network endpoint, but those pros would surely place importance on mobile devices, laptops, desktops and servers. Given the valuable role browsers play in accessing enterprise applications and information, it’s time to rethink how we classify them and, more importantly, how we manage and secure them.
Mobility and cloud computing are taking over today’s workforce, and the browser’s significance is trending. The majority of office applications -- such as Microsoft Office 365, Salesforce CRM, and the Zoho One business suite -- run in the cloud and are accessible via browser. These kinds of applications allow users to work from anywhere, at any time, using their laptops, smartphones and other browser-enabled devices.
As a primary work tool, the main concern for browsers is sensitive corporate data being leaked. Unfortunately, this concern isn’t often put into policy -- meaning most browsers aren’t monitored, don’t meet corporate security standards, and can compromise sensitive data. What’s more, employee education is typically lacking, leading to unsafe browser usage.
Another concern for browsers is the attack surface growing with the number of extensions installed. Many browser extensions can read all the data exchanged between the device’s browser and the back-end server, leaving users’ companies at risk of data loss and malware attacks. Additionally, extensions, plug-ins and add-ons can contain vulnerabilities, so they need to be kept up to date to prevent any exploits.
To address the concerns organizations have with browsers, IT teams need to manage browsers as if they are endpoints. Teams also need to apply critical browser controls and harden browsers, which can be done by whitelisting trusted websites, blacklisting known threats, and tweaking configurations to increase privacy and security. And of course, the activity of browsers and browser extensions needs to be secured and managed to prevent any data leakage.
Lastly, IT teams need to allow corporate data access from trusted devices and restrict usage of untrusted devices for corporate purposes. The use of personal computers and devices to do company business continues to become more commonplace, but these devices often don’t meet company security standards. Does the computer have antivirus protection? Is the device protected by a strong password? Is all the software updated?
Rethinking how we look at browsers is critical for protecting corporate data. A browser isn’t just another application used to conduct business but rather the hub of corporate collaboration, communication, and business operations. As such, browsers now require heightened management and security.
Rajesh Ranganathan is a product manager at ManageEngine, a division of Zoho Corp. In his 17 years with the company, Rajesh has held key roles on several teams, including the endpoint management and security product team. When he isn't working, you'll find Rajesh watching a movie or playing with his children. For more information on ManageEngine, the real-time IT management company, please visit manageengine.com; follow the company blog at blogs.manageengine.com, and on LinkedIn at linkedin.com/company/manageengine-, Facebook at .facebook.com/ManageEngine and Twitter @ManageEngine.