The evolution of secure web browsing: VPNs to remote browser isolation

A padlock resting on a keyboard.
(Image credit: Passwork)

The concept of Virtual Private Networks (VPNs) dates back to the 1990s. Over the decades, as online services and activities expanded, VPNs became increasingly popular. By 2020, the COVID-19 pandemic had drastically accelerated digital transformation, making remote work the norm, and VPNs evolved into essential tools for secure remote access.

Craig Lurey

CTO and Co-founder of Keeper Security.

VPNs fall short

Yet, VPNs are not without their limitations. While they effectively encrypt internet traffic and mask IP addresses, they are limited in their ability to address several modern cyber threats. Recent research from Keeper highlights that phishing and malware are becoming more prevalent attack methods. In the same report, 40% of survey respondents reported experiencing insider threats, where attacks originate from employees. VPNs are not a comprehensive solution for all online security, despite some organizations operating as if they were.

High-profile breaches and cyber attacks further illustrate the inadequacies of VPNs. For example, on May 24, 2024, Check Point reported attempted breaches on VPN networks, with attackers targeting remote access VPN devices to gain unauthorized access. Similarly, a breach at Nissan that exposed the personal information of over 53,000 employees involved exploiting an external VPN, exfiltrating data from local network shares, shutting down certain non-production systems and demanding a ransom.

Beyond these security concerns, VPNs also present operational challenges. Their complexity, high maintenance costs and potential latency issues can undermine productivity and operational efficiency.

The rise of enterprise browsers

Given these limitations, what alternatives exist for enhancing web security? Over the past few years, enterprise browsers have emerged as a sophisticated alternative, offering a more controlled and managed browsing environment. These specialized browsers surpass VPNs with capabilities such as controlled access to web applications, robust user activity management and advanced tools designed to prevent data breaches.

However, the adoption of enterprise browsers can introduce its own set of challenges. The integration of new technologies may disrupt workflows and create user friction, potentially complicating the transition and impacting overall productivity. When these integrations aren’t simple and easy, adoption rates will be low, leaving organizations vulnerable and exposed.

Remote browser isolation: A better approach

For many organizations, particularly those with constrained resources, Remote Browser Isolation presents an advantageous alternative. Remote Browser Isolation solutions isolate web browsing sessions from end-user devices by hosting them in a secure, remote location. This approach addresses several key needs:

Secure access without a VPN: Facilitates secure access to web resources without relying on VPNs, safeguarding against threats from non-hardened sites.

Zero-knowledge security: Provides full control over network communications between the user's device and the target websites and applications.

Recorded web sessions: Enables comprehensive compliance and auditing through session recording and monitoring, without exposing the full operating system.

Controlled web browsing: Allows access to a curated list of URLs within a secure environment, with precise control over allowed websites.

Secure and simplified web browsing: Enhances security while mitigating risks associated with compromised devices.

Password autofill: Automates the entry of login credentials in isolated sessions, eliminating the need to transmit sensitive information to the user's device.

Addressing third-party contractors

In today’s interconnected business environment, third-party contractors often require access to internal systems and data. VPNs, while providing a secure tunnel, can still expose the network to risks if the contractor's device is compromised. They also provide broad access to systems without the ability to limit what users can access. Remote Browser Isolation contains the browsing activity of third-party contractors in a remote environment and allows you to have full control of what they can access, thus ensuring that any potential threats are also contained and cannot reach the internal network. This not only enhances security but also simplifies compliance with data protection regulations by providing detailed session recordings and activity logs.

Other various use cases

Remote Browser Isolation can be particularly effective across a range of web applications:

Operational Technology (OT) systems: Protects industrial control systems from cyber threats by isolating their web interfaces.

Administrative panels: Secures management interfaces of websites and internal systems.

Routers and firewall UIs: Shields network device management interfaces from unauthorized access.

Cloud applications: Safeguards access to cloud-based services and platforms.

Internal hosted applications: Protects custom web applications hosted within the organization.

Support tools: Ensures secure access to IT and customer support tools.

Social media sites: Manages shared access and controls posting capabilities without having to share credentials.

The future of secure web browsing

Remote Browser Isolation offers a sophisticated solution for organizations seeking to blend the strengths of both VPNs and enterprise browsers while mitigating their limitations. By leveraging Remote Browser Isolation, organizations can secure internal web-based applications, cloud apps and Bring Your Own Device (BYOD) environments, effectively prevent data exfiltration and manage browsing sessions with comprehensive oversight.

As the digital threat landscape continues to evolve, Remote Browser Isolation is rapidly becoming the preferred choice for organizations aiming to enhance security and streamline management with a more secure browser.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Craig Lurey is CTO at Keeper Security