Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.
Island today announced its security-focused web browser for the enterprise, saying the browser offers an unprecedented level of control over data in software-as-a-service applications—and can displace a number of other security products, as well.
Founded by two former Symantec executives, the startup disclosed details about its Island Enterprise Browser for the first time as it exited stealth. The Island browser is built on Chromium and has a look and feel very similar to Google’s Chrome browser. The difference, the company says, is with the browser’s numerous built-in capabilities for protecting against data exfiltration and web-based threats.
In particular, web-accessed business applications can be secured against data leakage with the ability to control functions such as copy, paste, download, and screenshots for sensitive information.
“We hope to enable a world where people are safe to work from anywhere they want, and companies know their data is safe in the process,” said Island cofounder and CEO Mike Fey in an interview.
Stopping data loss
The idea is for enterprises to set up their key software-as-a-service (SaaS) applications to only be accessible through the Island browser, Fey said. For instance, a user who tries to log into Salesforce in a typical browser could be forwarded to the Island browser, he said—in the same way that you get directed to Zoom upon clicking a meeting link.
“We can take entire systems, entire SaaS environments, and make them a closed-loop environment,” Fey told VentureBeat. “We can make sure no employee data is ever lost.”
Founded in mid-2020, Island spent more than a year developing its browser, which it says is the first to be made expressly for the enterprise. Fey previously served as the president of Symantec and as chief technology officer at McAfee. He founded Island with CTO Dan Amiga—previously the founder and CTO of Fireglass, which was acquired by Symantec.
The startup raised “almost” $100 million in funding while in stealth, with the most recent round occurring in March 2021 (exact amounts for the total funding and recent round weren’t provided). Investors include Insight Partners, Sequoia Capital, Cyberstarts, and Stripes.
Though Island has been in stealth, the startup has been offering the general availability version of its browser since September. The browser is now being used by customers “across almost every major vertical,” ranging in size from 1,000-person to Fortune 100 companies, Fey said.
One enterprise using the Island browser so far is specialty materials company Ashland Global Holdings, which is currently rolling out the browser to its 4,000 employees after trials with several teams. The initial applications that Ashland is running exclusively out of the Island browser are Microsoft Office apps, Salesforce, and Workday, said chief information security officer Bob Schuetter.
“It’s helping us feel more comfortable that we have control around our SaaS,” Schuetter said in an interview.
Browsers including Google Chrome and Microsoft Edge are based on the Chromium open source project, and Island’s user interface hews closely to that of Chrome—easily the most popular desktop browser with nearly two-thirds of the market, according to Statcounter.
For the end user, Island will feel the same as using Chrome, Fey said, “right up until the enterprise policies run.”
“The enterprise now has full control over the last mile,” he said. “So if they want to stop data exfiltration—they want to stop people from stealing data or redact customer information, you name it—they have full control over everything that happens in the browser. They can decide where it prints, what extensions run. They can decide if I could do screenshots, if I can copy and paste—and if so, where can I paste?”
All of these capabilities are aimed at enabling the “future workforce,” where enterprises can provide a work experience that’s both easier for employees and more secure from a data perspective, Fey said.
“I just want to send you a browser—like a portal—and say, ‘Here’s your portal for work,’” he said. “And I feel safe regardless of what network you’re on or what machine you’re on, that I can deliver that enterprise-required experience. So you love it, it works great, it logs you in to everything you need. But on the flip side, I can tell my regulators, my security teams, and my customers that their data is safe. And that’s what the enterprise browser allows you to do. Whereas, a consumer browser is under full control of the end user.”
Importantly, Island allows enterprises to fully customize the way that security features work in the browser, based upon their data security needs. Policies can be configured by application, with different policies for different apps. For instance, copy and paste might be allowed in all apps except for Gmail.
And, an enterprise doesn’t have to completely block copy and paste in Gmail, but could block copy and paste just for specific sensitive information—such as Social Security numbers, Fey said.
Along with capabilities for preventing data exfiltration, the Island browser also provides web security measures such as built-in safe browsing, web filtering, exploit prevention, and web isolation.
As the number of security tools in use by enterprises soars — a recent survey from Trend Micro found large companies using an average of 46 security products — Island wants to both improve security and also “simplify the security stack,” Fey said.
In other words, the capabilities that the Island browser provides might enable enterprises to lower their reliance on products such as data loss prevention (DLP), web filtering solutions, and virtual desktop infrastructure (VDI), he said.
Currently, many customers turn to VDI, DLP, and other tools providing data security with software-as-a-service applications, but “the reality is we can take all of those controls and run them pre-encryption right in the browser,” Fey said. “It simplifies the stack both for IT and security.”
For instance, it’s “easy” to do web filtering when there’s no encryption involved, he said.
“It’s our goal that nobody ever redirects a piece of traffic back to a central scrubbing location,” Fey said. “Web filtering at a central spot is just not required if you have control over the last mile.”
As it turns out, once you have that control, “you can do all of these things very simply” that until now have required “massive” hardware and cloud infrastructure, he said.
“We’re just simplifying the environment and giving control,” Fey said. “And when we do that, there’s a lot of redundancy, and there’s a lot of extra effort, that isn’t needed anymore.”
At Ashland Global Holdings, the introduction of the Island browser immediately made some security tools being used by the company redundant, such as certain network layer controls, DLP, and desktop agents, Schuetter said.
With the Island browser, “the big win here is that I don’t need to add in more controls. I don’t need to add in more tools,” he said. “It’s natively creating an infrastructure in which the tools already exist. And I just have to turn them on.”
This approach to security is unique because “it fundamentally changes how you think about solving problems,” Schuetter said. “It’s so much simpler. And there’s a lot you can do with it now, because the security is embedded in.”
For instance, Ashland expects to gain the ability to more quickly adopt new SaaS applications through using the Island browser. Because of the built-in security, the business “can get new capabilities up and running immediately,” Schuetter said. “We can let the business go as fast as they want to go. They’re not waiting on security.”
Ultimately, “there are so many different ways to get value out of the tool. I think that’s the big change here,” he said. “It’s not a tool for one use case—it’s a tool for a lot of use cases.”
According to Fey, one of the popular uses for the browser so far is for enabling bring-your-own-device (BYOD)—without the need for any other infrastructure. In that scenario, customers can enable their contractors or employees to use their own devices for work, “but ensure no data is left behind, because it’s a safe environment,” Fey said. “That seems to be a very big home run for us.”
Along with providing browser features for securing data, Island has also invested heavily in developing the management capabilities used by IT and security teams. The management console is quick to install, and users can typically learn how to configure policies and get everything running within a half hour, Fey said. Polices are “point and click, and very seamless to implement,” he said.
Managing security policies is notoriously difficult for enterprises—and making this part of the process easy for Island customers has actually been the bigger engineering challenge for the company, Fey said. “Getting it very simple, very efficient, and very clean was the hard work,” he said.
‘Security by design’
Fey said Island has the benefit of learnings gleaned both at startups and major vendors in the cybersecurity space.
After Symantec acquired Fireglass, Amiga served as a vice president of engineering at the company from 2017 to 2019. Meanwhile, Fey served as Symantec’s president and chief operating officer from 2016 to 2018, following the company’s acquisition of Blue Coat Systems, where he’d held the same titles. Earlier, Fey spent seven years at McAfee, including two years as CTO and executive vice president.
Island is based in Dallas and operates its research and development in Tel Aviv, Israel. The startup has 104 employees—75 of which are engineers. The Island browser is available in both Windows and Mac versions.
Ultimately, the browser is unlike other security offerings on the market because it’s not just the “next version” of a capability that’s previously been available, Fey said.
“We think this is the first time we’ve really seen ‘security by design’ playing out,” he said, referring to the concept of building a product that is secure at a foundational level.
“Additive security hasn’t worked—we’ve got thousands of security companies proving that,” Fey said. “But what if we’re secure in the design posture itself? And now we finally are.”