Browser security key focus in age of remote working

In today’s fast-changing digital world, securing the workplace of the future is more important than ever. 

High-speed internet access and an increasing emphasis on work-life balance have resulted in hybrid work becoming the norm around the world.

For example, since December last year, Singapore employers have had to consider flexi-work arrangement requests from employees, who may choose to work remotely.

What makes remote work possible is the evolution of the browser, from a static web browsing tool to a portal to software-as-a-service (SaaS) and a widening range of capabilities.

These capabilities include artificial intelligence (AI) connectivity, workspace awareness, and live feeds.

To subscribe to the GovInsider bulletin click here.

Menlo Security’s Senior Vice President, International Sales (APAC & EMEA), Stephanie Boo, noted that next-generation browsers enable remote employees to access their work primarily through cloud-based tools and applications, such as OneDrive, Teams, Zoom, and Salesforce.

As a result, protecting the browser is paramount since it is the primary means for users to access their workspaces. In the wrong hands, it can be used to inadvertently download malicious content or connect to compromised websites – allowing attackers to infiltrate the organisation.

For example, Microsoft Edge and Google Chrome, have over 500 CVEs (Common Vulnerabilities and Exposures) per year, which are zero-day vulnerabilities that need to be patched regularly.

These vulnerabilities can be exploited by attackers to gain access to the workspace and compromise the organisation.

A zero-trust approach to security

There is a need to secure access to the cloud-based, browser-centric workspace using zero trust principles, said Boo.

Menlo offers a solution that seeks to address these security challenges using a proactive approach to threat mitigation that aligns with the principles of zero trust.

A zero-trust approach can help address evolving threats by verifying user identity, device posture, and access privileges before granting access to resources, said Boo.

The Menlo Secure Enterprise Browser mitigates threats before they reach endpoint devices by isolating web content in a secure cloud environment instead of relying solely on perimeter defences and endpoint security measures, Boo added.

The browser integrates security directly into mainstream browsers like Microsoft Edge and Google Chrome.

The Menlo browser addresses the limitations of legacy security controls like network firewalls and endpoint detection, which lack context and visibility into the browser-based workspace and cloud-based applications.

The browser also leverages AI and machine learning (ML) to detect and prevent advanced attacks, going beyond just relying on user training.

This allows enterprises to establish a consistent browser security policy and maintain control over how employees access and interact with cloud-based workspaces and AI tools.

The problem of shadow AI

The browser also protects users against threats like phishing, data loss, impersonation attacks, and the uncontrolled use of AI tools that are embedded in websites and applications.

“While organisations may have approved and governed the use of certain AI tools like ChatGPT, Copilot, or Gemini, employees are also using a wide range of other AI-powered applications and services without the organisation's knowledge,” Boo noted.

This "shadow AI" usage happens across various websites and online tools that employees leverage for productivity, translation, content creation, and other tasks.

Most organisations have limited visibility and control over the AI tools their employees use, she added.

Boo noted that Menlo's Secure Enterprise Browser solution integrates AI monitoring and detection capabilities directly into the primary interface.

This allows organisations to identify the presence of AI tools, even those that are not part of the sanctioned IT ecosystem and apply appropriate controls and policies.

Menlo's solution can dynamically control the level of user interaction allowed with unsanctioned AI tools, Boo said.

For example, it can restrict file uploads, limit the length of text inputs, or completely block certain AI applications, mitigating the risks of data loss and security breaches, she adds.

Flexible approach to AI adoption

Menlo's solutions aim to enable a flexible approach to AI adoption, where the organisation can allow controlled and secure use of both sanctioned and unsanctioned AI tools, rather than resorting to a blanket ban that could hinder employee productivity.

“By providing this comprehensive AI governance framework, integrated with the Secure Enterprise Browser, Menlo aims to help organisations maintain visibility, control, and security over the use of shadow AI tools within the next-generation workspace,” Boo said.

The Secure Enterprise Browser allows organisations to establish policies, set usage guidelines, and maintain visibility over the AI interactions and data flows, mitigating the risks of data loss and unauthorised access.

This helps organisations maintain control and visibility over access to the workspace and the use of AI-powered applications, regardless of the user's device or location.

Menlo Secure Enterprise Browser aims to deliver a comprehensive security solution that is tailored to the unique challenges of the next-generation workspace, providing integrated protection, governance, and control while enabling the productivity benefits of cloud and AI technologies, added Boo.

To understand more about how to protect the next-generation workspace sign up for the live webinar happening on January 22, 2025: 2025 Predictions: Securing the Next-Gen Workspace.