Virtualization Technology News and Information
Article
RSS
Secure Web Access for the Enterprise: Amazon WorkSpaces Secure Browser Tackles Cyber Risks - VMblog QA

interview-aws-rich-burkett 

In today's digital landscape, enterprises are increasingly embracing web-delivered applications to empower their workforce. However, this shift comes with inherent cybersecurity risks, as the web has become one of the most common attack surfaces for data breaches and malware infiltration. To address these challenges, Amazon has developed Amazon WorkSpaces Secure Browser, a managed service that isolates web content from end-user devices and minimizes the risk of data exfiltration.

In this exclusive Q&A, Rich Burkett, Principal Product Manager for Amazon WorkSpaces Secure Browser, shares insights into the background and key capabilities of this innovative service. He discusses the common use cases, target user personas, and key differentiators that set WorkSpaces Secure Browser apart in the enterprise security landscape.

VMblog:  Tell me about Amazon WorkSpaces Secure Browser. Can you tell us about the background of the service? How did it get started?

Rich Burkett:  My name is Rich Burkett and I'm a Principal Product Manager for Amazon WorkSpaces Secure Browser.  We developed the service to help customers secure access to private websites, software-as-a-service (SaaS) applications, and the public internet.

Building WorkSpaces Secure Browser followed the classic Amazon working backwards process. We conducted one-on-one interviews with dozens and dozens of customers to really get to the root of their needs and brainstorm on how we could help. We learned about customers' challenges securing access to web content, and saw there was frustration with existing solutions (i.e., they were either overbuilt and high in cost, or not secure enough). They told us they needed a robust data protection solution, beyond the traditional (and generally reactive) tools like firewalls, packet inspection, or authorization/access controls. WorkSpaces Secure Browser was the result, and is a natural expansion to the Amazon WorkSpaces Family services.

VMblog:  What big challenges are customers facing that you're helping them solve?

Burkett:  Customers love the benefits of web-delivered applications. They are able to select "best of breed" apps for a broad array of user personas, including HR, finance, sales, creatives, customer support, or any other specialty. However, these customers know that the web is the most common cyber-attack surface in the world, putting their data, networks, and end-user devices at risk of compromise. 

With WorkSpaces Secure Browser, companies can mitigate these risks by hosting the browser in AWS - isolated from client devices. The actual webpage content remains securely contained within a hardened, Security-Enhanced Linux virtual machine running in an AWS data center, while end users see and interact with a pixel-streamed representation of the web page via their local browser. Since the actual data never leaves AWS, the risk of data exfiltration is minimized. Similarly, because the virtual machine actually interacts with web servers, the local device is isolated from Internet-born threats. And finally, by protecting the local device, customers reduce the risk of a trusted device introducing malware when it connects to the corporate network.

Our customers also tell us that while there are countless sophisticated security products available for the enterprise, setup and ongoing administration can be a real drag on IT productivity. Implementation is often measured in months and organizations must dedicate significant resources to keeping these services patched or updated. Happily, we have heard from these same customers that they can get a WorkSpaces Secure Browser up and running in as little as 15 minutes. And because the service is fully managed, they get to enjoy a "set it and forget it" administrative experience. Maintaining the underlying operating system, scaling, browser updates, and so on are taken care of on their behalf, letting IT teams focus on higher value work.

VMblog:  What are some common use cases for WorkSpaces Secure Browser?

Burkett:  WorkSpaces Secure Browser is receiving interest from a variety of verticals, including financial, health care, and public sector agencies that manage sensitive data. These customers are using it for internal employees, and externally to enable third parties with secure, least privilege access to their critical data. In addition, enterprises of all types, even those who don't already otherwise use AWS End User Computing services, are using WorkSpaces Secure Browser for securing web applications used by customer care, HR, sales teams, and others. Finally, organizations are using WorkSpaces Secure Browser to enable safe, isolated browsing of the public Internet for users on high security networks who are otherwise blocked from accessing the web. 

VMblog:  Can you tell me about some user personas that are a good fit for WorkSpaces Secure Browser?  

Burkett:  Support agents are the most common persona, whether they are providing front-line support to customers, or working in the back office.  They are increasingly adopting private browser-based web applications to perform tasks like reviewing customer account details, verifying information, and resolving disputes.  One of the biggest challenges customers face is ensuring support agents handle data in a way that meets their compliance requirements - which leads to challenges with device management. Customers might not be in a position to deploy software directly to these support agents' devices if they're provided by an outside consulting firm or employee owned. With WorkSpaces Secure Browser, they can deploy a consistent and managed experience, customized for the agents and the web applications they need to provide support, without compromising on security. 

Another common persona is line of business users who need authorized access to sensitive data without risking data exfiltration. With WorkSpaces Secure Browser, organizations can enable their employees and customers to access secure data and analytics environments. This use case cuts across the enterprise and includes workers like lawyers, researchers, and line of business users that need to safely access sensitive data in a tightly controlled environment. Customers can ensure the isolation of sensitive data by blocking use of clipboard, printer, file transfer, and reduce the risk of data exfiltration.

For users in areas of the public sector like Law Enforcement, Department of Defense, or Intelligence, they leverage WorkSpaces Secure Browser to provide safe browsing on the internet. Their browsing traffic originates from an AWS NAT gateway IP, instead of an IP that can be associated with their organization. Risky connections and Interactions on the web are isolated from both high-security networks and from user devices. At the end of the session there is no data at rest - the instance is terminated and recycled, there's no persistent state like cookies, browser history, or browsing data cached on client devices.

VMblog:  What decisions do customers need to make to get started with WorkSpaces Secure Browser?

Burkett:  Before getting started, customers need to ensure all their content is supported by the most recent version of Chrome on Linux. This isn't a challenge for most modern SaaS apps, but some legacy websites might have dependencies that aren't compatible with the Chrome browser. 

Since WorkSpaces Secure Browser is cloud-native, customers can use their existing SAML2.0 identity provider for user management and authentication. The service allows you to federate directly with your SAML provider (like Okta or Ping) and define service-provider and identity provider initiated authentication flows with single sign on (SSO), without managing users in a new application. You can add the WorkSpaces Secure Browser portal to your SAML2.0 application dashboard, and an authenticated user can launch a session with a single click.

Last, you'll need a Virtual Private Cloud (VPC) with 2 private subnets in your desired region that has a connection to your private web applications and/or the internet. If you're already running your apps in a VPC, you can re-use the same VPC and have a fully private environment, or you can route to the internet via a NAT Gateway. 

VMblog:  How does this solution stand out from competitors? What are your differentiators?

Burkett:  WorkSpaces Secure Browser benefits from building upon a 20-year AWS legacy of customer-centric obsession with security. Built atop robust, battle-tested components like Amazon EC2, the service is secure at its roots. On top of this strong foundation, we deliver a managed experience that ensures our customers are always utilizing the latest, most-secure versions of the underlying operating system and browser application. Our research shows that on any given day, upwards of 20% of browser users are running on a legacy browser version, despite the fact that major version updates routinely include multiple security fixes. With WorkSpaces Secure Browser, those risks are eliminated. Finally, we take a lot of pride in our customer obsession. We meet with customers every single day and their inputs are absolutely integral to our roadmap planning. We work to deeply understand their needs, build innovative solutions on their behalf, and iterate quickly via an active beta program that ensures nothing is lost in translation.

VMblog:  If there's one thing you want our readers to take away regarding WorkSpaces Secure Browser, what would it be?

Burkett:  WorkSpaces Secure Browser provides a simple and straightforward way to increase the security of sensitive data delivered to users in private web content. You don't have to be a virtualization or cloud expert. Customers tell us they can get a proof of concept up and running in under an hour.  You can try it today, at no charge, for up to 30 users for 3 months by visiting our pricing page and adding the free trial to your account: https://aws.amazon.com/workspaces-family/secure-browser/pricing/

##

Published Tuesday, October 01, 2024 7:30 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2024>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789