Unmanaged web browsers may not provide all the data-protection safeguards that modern enterprises need. Many organizations have turned instead to secure enterprise browsers that can be centrally managed with enforcement of company policies.
Among the easiest, least expensive and most robust secure enterprise browsing options is Google's Chrome Enterprise.
"Businesses are increasingly reliant on web and SaaS apps, and with more employees working remotely and teams being more distributed, IT and security professionals face new challenges," says Noriko Bouffard, Global Lead, Chrome Enterprise Customer Engineering. "They need to provide a stable and secure browsing platform for employees to use from anywhere, while also protecting the organization from security threats."
Chrome Enterprise combines the built-in security of Chrome with Google's cloud-based management capabilities. These capabilities let administrators manage extensions, enable secure access for remote workers, and set and manage hundreds of group policies across Windows, Mac, Linux, ChromeOS, iOS and Android systems regardless of whether devices are roaming, remote or on-premises.
Alternatively, admins can deploy similar on-prem controls using Active Directory Group Policies on Windows, managed preferences on Macs and JSON files on Linux, as well as stand-alone solutions like Microsoft Intune, Workspace One and Jamf Pro.
Companies seeking even more controls and safeguards can use Google's BeyondCorp Enterprise, which offers agentless zero-trust access controls, a global network of local access points, data-loss prevention and real-time phishing and malware protections.
The basics of Google Chrome
Chrome already provides users, whether at home or in the workplace, extensive security safeguards that include automatic updates, blocking of known malicious websites, and security notifications. The latter two features fall under Chrome's Safe Browsing program, which is enabled by default.
Users can also use Enhanced Safe Browsing (ESB), which can screen pending downloads, spot malicious URLs that aren't yet on public block lists and notify the user of email addresses involved in data breaches. (Data-breach notification is also an option in regular Safe Browsing.) Enhanced Safe Browsing users get 20-35% more protection than if they were just using Safe Browsing.
However, the end user of an unmanaged browser often retains the ability to fully install, delete and manage browser extensions, as well as to customize browser settings.
That can be considered a risk for an enterprise. While extensions can support end user productivity, they can also request permissions that an administrator might want to block. The end user can also turn off Safe Browsing entirely, removing barriers to known malicious websites and downloads.
"Companies that do not manage their browser[s] may struggle with challenges like lack of visibility into what's happening with their browsers, inability to customize policies based on business needs [or] missed opportunities for added security controls that could be protecting their users," says Bouffard.
The security of the managed browser
To solve these browser security problems, Google offers free centralized management of Chrome browsers, either through OS-specific on-premises mechanisms or via its cloud-based management solution.
Chrome Enterprise covers Chrome browser installments on all devices registered to a specific domain, and is managed from the Google Admin console, which also manages Google Workspace and ChromeOS devices. (Setup instructions here.)
With Chrome Enterprise, organizations can block, force-install or delete extensions; assess new or unknown extensions for potential risk; force browser updates; force Enhanced Safe Browsing; provide secure access to company resources for remote workers; selectively block URLs and sensitive file transfers; provide visibility into individual browser settings, versions and usage, simplifying compliance; and leverage hundreds more policies, listed here.
Most of these policies can also be implemented using OS-specific on-prem solutions such as a Windows Active Directory Group Policy. However, Chrome Enterprise goes off-prem by allowing control and supervision of browsers on remote and even personal devices, enrolled through tokens distributed from the admin interface or through organizational credentials.
"Chrome gives users the same great, familiar browser experience many use outside of work, while Chrome Enterprise provides hundreds of policy controls, such as blocking Chrome extensions, managing updates, and other critical settings," says Parisa Tabriz, VP of Chrome. "It also offers reporting and visibility into an enterprise Chrome fleet across desktop and mobile devices on and off the network."
A 2023 Forrester Consulting study commissioned by Google found that organizations that implement Chrome Enterprise could expect to see a 20% reduction in time spent testing applications, a 30% reduction in service-desk ticketing, and a 75% reduction in the time spent testing and updating Chrome browser instances — all within six months. The report also estimated the total economic impact of using Google Chrome Browser Cloud Management: a 10% reduction in overall security costs, and $2.6 million in savings from improved security.
"Managing the browser from the cloud ensures that updates and policies pushed out from IT will be deployed as soon as users open their browsers, and that optimizes both user experience and organizational security," notes the study report.
Forrester researchers interviewed four managers in different industries who said that "their organizations enjoyed more employee and IT team productivity as well as improved security" after taking on Chrome Enterprise.
BeyondCorp Enterprise: Agentless zero-trust in the browser
For companies that need even more protection, especially those that have most of or all their assets and applications in the cloud, Google offers BeyondCorp Enterprise, a commercial implementation of the zero trust, perimeter-free access model that Google itself adopted over a decade ago.
BeyondCorp Enterprise comes in two tiers: one standard version that costs $6 per user per month, and BeyondCorp Enterprise Essentials, which runs to $4 per user per month. Each offers everything in Chrome Enterprise, plus zero trust access for SaaS applications; active malware scanning and phishing protection; data-loss prevention; and security alerting, reporting and investigation.
The more expensive version adds managed, context-aware access for web applications hosted on Google Cloud Platform (GCP), on other cloud platforms or on premises, as well as for APIs and virtual machines hosted on GCP.
We’ll explain BeyondCorp Enterprise in greater detail in our next article.
