Securing an entire collection of web browsers across an enterprise has been a sleeper product category for many years, but it’s now heating up.

That’s thanks to better management tools and an increasing awareness by information technology managers of the need to harden passwords and prevent phishing attacks. But will these things bring new life to the category? It will be an uphill battle.

Brave Software Inc., DuckDuckGo Inc., RAV Online Security from ReasonLabs Cybersecurity Ltd. and others have more secure consumer-focused browsers. Although they’re useful to have more private browsing experience, that isn’t completely what enterprises need.

More enterprise-oriented browsers are available from many providers, including Mammoth Cyber’s (formerly Appaegis Inc.) Enterprise Web Access Browser, TalonWork from Talon Cyber Security Ltd., Advanced Browser Security from Perception Point Inc., Silo from Authentic8 and Island Technology Inc.’s Enterprise Browser.

And they’re continuing to advance. Today, for instance, Island announced what it says is the first password manager built natively into an enterprise browser, improving password management and security.

But before diving in, enterprises should consider three important elements about these products.

First, the browser should include a robust and granular collection of security controls that is centrally managed, isolating the user’s session by controlling the movement of data from the browser to the endpoint, detecting malware and phishing attempts, and applying data leak controls such as blocking and filtering ads, URLs and screen sharing.

This is the core technology that will motivate businesses to use these products. But the basic blocking and tackling covers a large surface area — which means that there is still a small chance a hacker could slip through the defenses.

One way that the enterprise products — and some of the consumer ones such as Brave — work is by doing a sleight-of-hand trick. When the browser is fired up, the user is transported to the vendor’s data center and runs a virtual session, or a complete Linux virtual machine, so that any phishing or malware attempt can’t touch the endpoint.

Second, the browser should integrate with an enterprise identity platform, ideally supporting a single-sign-on manager, a password manager and a virtual private network. This is easy to state but harder to implement, especially because users will require more hand-holding as they encounter issues with using the more secure products. There will always be tradeoffs between usability and security, and the secure browsers are very much at the tip of this spear when users get confused or frustrated because of some unexpected response during their browsing activities.

Identity issues are often subtle and can torpedo any secure browser rollout. For example, Appaegis doesn’t enable multifactor authentication by default when a user brings up a browser session, something that should be required. It’s great that Island includes its own password manager in its latest version, but it could conflict with other identity tools already deployed.

Finally, the browser should also support a variety of packaging options, including native Windows, iOS, Android and MacOS applications and support using a “thin client” from a managed cloud service. It should also support a variety of browser plug-ins or extensions.

There are differences in terms of security coverage across these packaging options. For example, a browser extension doesn’t necessarily provide isolation from a piece of malware, as we found out last week with this research. So it’s important to evaluate a potential product under all of these conditions.

That is a lot of features to handle, to be sure, and one of the reasons why enterprise-grade secure browsers haven’t taken off in the past decade they have been available. The devil is in the implementation details, and until vendors offer a more usable and management-friendly solution, the vast majority of business users will continue to load their regular and insecure browsers to get their work done.

Image: Kreatikar/Pixabay