Cloud Security

Zero trust and browser security: How they fit together


Zero trust is often thought of as network security. It's natural to see it as just a way to securely connect employee devices to company assets now that the modern enterprise has a remote workforce scattered over offices, homes, cafes, and hotel rooms. 

But zero trust means much more when you consider how employees connect with SaaS and web applications: through a web browser. 

In today's workplace, the browser may be the most important, most frequently used application installed on an endpoint. Yet it is often overlooked as a potential security risk — and zero-trust access models don't always take browsers into full consideration.

"With more employees working remotely and teams being more distributed, IT and security professionals face new challenges," Chrome Enterprise Customer Engineering Global Lead Noriko Bouffard said in a recent blog post. "They need to provide a stable and secure browsing platform for employees to use from anywhere, while also protecting the organization from security threats."

Beefing up browser security

To make up for that shortfall, the past few years have seen the rise of the secure enterprise browser, a locked-down web interface that can be centrally administered and configured by IT and security managers.

Several stand-alone secure enterprise browsers, as well as plug-ins that beef up the security of existing browsers, are trying to win market share and seat licenses. But another secure enterprise browser is hiding in plain sight in the form of the world's most widely used web browser.

Chrome Enterprise is a web-based management solution that lets IT deploy, manage, configure, and update Chrome browsers across an entire enterprise, on company-owned, employee-owned and mobile devices alike. It works on any platform that can run Chrome — Windows, Mac, Linux, ChromeOS, iOS or Android. 

With Chrome Enterprise, admins can configure hundreds of different policies pertaining to Chrome browsers. Administrators can screen, block, delete or force-install extensions — and use Chrome Enterprise’s built-in tools to get more information on unfamiliar ones. Known malicious URLs will be blocked; suspicious ones will be analyzed by Google's cloud servers and can be sandboxed. 

Chrome Enterprise also streamlines regulatory compliance by making sure that all instances of Chrome in an enterprise are up-to-date and properly configured, and by providing logs of browser settings and events.

Credit: Google

"Chrome Enterprise allows you to configure and manage browser policies, settings, apps and extensions across your Chrome browsers, and do it all from a single console — even if your workforce uses multiple operating systems and devices," Chrome Enterprise Group Product Manager Philippe Rivard. "It also gives you better visibility into the browser and browser versioning, so you can better enable and protect your end users.”

"For many organizations and the hundreds of millions of enterprise users who already use Chrome, the browser has essentially become the new endpoint, which makes it the perfect place to level up enterprise security," VP of Chrome Parisa Tabriz said in a recent blog post.

Bringing zero trust into the browser

However, enterprises can accomplish even more by applying zero-trust models to Chrome. That can be provided by BeyondCorp Enterprise, a paid offering developed from the zero-trust model Google put into place internally over a decade ago. 

BeyondCorp Enterprise leverages Chrome browser management to implement data-loss prevention by optionally restricting users from copying data to clipboards, printing out web pages or taking screenshots, either globally or selectively according to URL or device status. 

It proactively scans unknown websites for malware and signs of phishing activity, and also sends alerts, delivers reports and begins investigations of possible security incidents. BeyondCorp Enterprise is built on Google Cloud, with nearly 200 localized edge servers to deliver low-latency connections across the globe. 

But BeyondCorp Enterprise's most important component is context-aware zero-trust access management that performs checks on important signals, such as user location, user and group identity, device information, and data from third-party security firms such as CrowdStrike, Palo Alto Networks, VMware and more, before deciding to allow a user granular access to applications. 

These zero-trust policies allow secure access  to SaaS and SAML-based services, as well as web applications hosted on Google Cloud , Amazon Web Services (AWS), Microsoft Azure. Organizations can provide secure access to  hybrid apps using both on-premises and cloud servers, as well as to APIs and virtual machines hosted on Google Cloud."With Chrome, BeyondCorp Enterprise is able to deliver customers a zero-trust solution that protects data, better safeguards users against threats in real time and provides critical device information to inform access decisions, all without the need for added agents or extra software," Tabriz said in a blog post.

Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, and

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.