I’ve been in the IT industry long enough to remember the start of the “browser wars,” when Internet Explorer took on Netscape in the late 1990s. Product names such as Mosaic, Netscape, “IE,” and Mozilla (and its next iteration with Firefox) were all part of the browser market development. Safari came along for Mac in 2003 but never really got into the ring because it was solely targeted as an Apple product for Apple devices. The launch of Chrome in 2008, and the cross-platform support of version 5.0 released in 2010, transformed the browser market, seemingly ending the browser wars, as Chrome’s speed, simplicity, and extensibility surpassed what all other browsers were doing and customers were quick to adopt it.
Chrome’s success further changed the browser landscape, because Chrome also introduced Chromium, the open source version of the popular browser. Yes, Mozilla has its open source project, which created browsers such as Pale Moon or the infamous and highly secured Tor, but Chromium changed the browser market, because as Chrome user adoption increased and web app teams shifted their development focus to be compatible with Chrome first, Chromium-based browsers shared in that compatibility. Even Microsoft changed the engine for the browser it provided with Windows to run off Chromium.
Now, in 2022, a new set of challengers has entered the browser arena, only the target isn’t the consumer but rather the IT and security pros tasked with deploying and securing business applications, which are increasingly delivered through the humble browser. Enterprise browsers bring additional controls and security functions not found in commonly deployed browsers, without a host of extensions and add-ons, and because they are designed for enterprises, not consumers, they provide centralized configuration and reporting. This means that enterprise browsers are easier to deploy, manage, and troubleshoot and do not require lots of end user training, since it is just another application.
In response to the need for enterprise browsers, all the leading browsers — Chrome, Edge, and Safari — all now offer centralized policy controls, but the difference here is that these new enterprise browsers have features and back-end services that are lacking in those browsers. As an example, take data masking. This has been an existing function of websites — the ability to hide sensitive information such as passwords or account numbers so that they’re not exposed to prying eyes. What if the web app you want to extend to an anywhere worker doesn’t have this function? Enterprise browsers can add this function even if the web app doesn’t provide this protection. This is just one example in a list of functions that enterprise browsers can support either per site or per user/group. What about unmanaged devices? Controlling the leading browsers just got more complex, because the methods of control that have been used with managed endpoints, device policies, or unified endpoint management solutions don’t apply. To work around this, you can sometimes make local changes to the device to get the browser enrolled, but with enterprise browsers, you just deliver the app, and control and management of the browser happens when the user logs into the browser, not the device.
With bring-your-own-device and contractor access to business applications becoming normal, and those applications being delivered within a browser, the browser that you use is more important than ever.
The market for these enterprise browsers is still nascent but gaining interest and momentum. As more business applications and anywhere-work access move into the browser, attacks on the browser have picked up, and you now need to ensure that you’re not only protecting the delivery end of your applications — the servers — but also the receiving endpoint — the browser. My latest report, Securing The Browser In The World Of Anywhere Work, reviews the concerns and opportunities for enterprise browsers.
Feel free to schedule an inquiry with me if you want to discuss enterprise browsers!