By 2028, 25% of organizations will augment existing secure remote access and endpoint security tools by deploying at least one secure enterprise browser (SEB) technology to address specific gaps, according to Gartner.
Threat actors frequently target employees with phishing attacks to steal credentials and bypass endpoint detection and response controls, necessitating an additional layer of visibility and control within the web browser.
“Web browsers are the primary access method for most modern corporate applications and provide an endpoint-agnostic enterprise security control point,” said Max Taggett, Sr Principal Analyst at Gartner. “Security leaders can use a SEB to reduce risk and improve the digital experience.”
Currently, Gartner estimates that less than 10% of organizations have adopted a SEB. Organizations that primarily rely on SaaS applications, with minimal branch locations or cyber physical systems to secure, need a simpler method of managing security technology than traditional security stacks. SEBs fulfill that need.
In addition, SEBs enable segmented access from unmanaged or lightly managed end-user devices and bring-your-own PC, where deploying endpoint agents would be inappropriate due to privacy or maintenance reasons.
“SEBs embed enterprise security controls into the native web browsing experience using a customized browser or extension for existing browsers, instead of adding bolt-on controls at the endpoint or network layer,” said Evgeny Mirolyubov, Sr Director Analyst at Gartner. “SEBs also enable segmented access to SaaS applications tunneled directly from web browsers, minimizing the need for full endpoint agents and tunnels.”
Organizations deploying SEBs can:
- Enforce enterprise security policies and gain web traffic visibility without requiring in-line decryption, potentially improving application performance and latency.
- Support the transition from legacy client applications to modern SaaS application delivery.
- Complement or reduce reliance on VPNs and VDIs, and desktop as a service for organizations prioritizing remote or third-party work and cloud delivery.
- Augment antiphishing and credential theft protection capabilities, such as protection against reuse of corporate credentials on unauthorized or phishing websites, on devices where browser usage is restricted to selected SEBs.
- Enhance visibility and reporting of web application usage, performance and employee behavioral analytics for lightly managed or unmanaged devices, and for organizations without a mature DEX strategy.
