cloud security

The browser is an integral element in the corporate Cloud strategy. The broad take-up of web technology with standardized languages and protocols has resulted in the browser taking on the role of a universal client for end-user access to web-based and cloud-based resources. Browsers are free, and everyone knows how to use one. Pretty compelling arguments when budgets are tight!

But is using an industry standard browser really a zero-cost proposition for the enterprise? Let’s take a look at some of the issues.

Consumer-driven technology. The browsers we’re all familiar all obey one fundamental design principal: they must be as easy to use as possible for the greatest number of users. They must not hinder the user’s interaction with the web and the sites they want to visit – no matter what content those sites are hosting. In response to the Web 2.0 drive to increased user interactivity with rich internet applications, the browser transparently downloads and executes “helper” applications (Ajax, Flash, Java, ActiveX for example). In other words, the configuration of the browser is unstable and unmanageable. Is this really what you want from a key element of the corporate information infrastructure, the user interface to business critical applications?

Insecure design. Security professionals are increasingly aware that browsers are inherently insecure. The problems are threefold: (i) the browser, like any complex software environment, will always be exposed to bugs and vulnerabilities; (ii) the browser, connected to the internet, is inherently more exposed to external threats than software operating primarily locally on the machine, with local data; (iii) the browser’s self-modifying architecture (via plugins, for example – see above) multiplies the two preceding security risks.

No protection for confidential data. The end user connecting to enterprise Cloud services from home or from a cybercafé using the locally-installed browser is a threat to the enterprise. Business-critical processes and data may be exposed, via the browser, to a PC over which the enterprise has no control. Even if the user is sufficiently security-aware (and technically competent) to clear the browser cache and history at the end of each session – and how many of your users are? – sensitive data may still be stored locally (Flash cookies, to give just one example, without going into spyware and other threats).

If corporate IT management is to take full control of the cloud computing environment, we need to rethink the client-side connection. A new browser architecture is needed, secure by design, protecting corporate IT resources against web-based threats.

For more about the security issues of the browser and the Cloud, take a look at our White Papers.

The latest release of Virtual Browser introduces several new features (like every new release — with thanks to Mathieu’s team!). One of these new features in particular adds a whole new dimension to the Virtual Browser solution. Virtual Browser now supports delivery of ICA and RDP remote desktop clients, alongside our already familiar browser support (IE, Firefox, Java, Flash, etc). With this release the end-user now has access not just to web-based applications but to any application which can be virtualised, as well as full-featured virtual desktops.

It’s worth taking a few minutes to understand where we’re going with this. Release 1.3 offers a single, secure, platform-independent client delivering installation-free end-user access to any web-based or virtualised application without the need to worry about (i) the configuration of the end-point device; (ii) the compatibility of end-point browser configuration and the target application/server; or (iii) the appropriate network configuration (VPN, etc) to access the remote application. The objective is to position the Virtual Browser solution as the universal client for access to cloud-based services.

The “Cloud” and “Cloud Computing” are still relatively new terms and there are varying definitions of what they comprise. For us, they cover the full set of web-enabled or virtualised applications, hosted in the enterprise (the private cloud) or by third-party service providers (SaaS). What we’re seeing today is enterprises migrating step-by-step to cloud computing models, with the infrastructure becoming decentralised — some of it moving to virtual environments (Citrix and others), some of it onto the Intranet, and some moving to the Internet, taking advantage of Cloud offerings vendors like Google, Salesforce.com and other SaaS providers.

In positioning Virtual Browser as the universal client for cloud access, we’re facilitating enterprise migration to cloud computing by resolving three key management issues:

1. Security: encrypted traffic between the VB client and server, strong authentication, and support for multiple isolated user environments: Internet, Enterprise (internal) applications, on-line (cloud, SaaS) services, on both enterprise (managed) end-points and non-managed end-point devices.
2. Single point of management and maintenance — configuration, updates, patching — of the client environment, on a centralised server environment, clustered for redundancy and scalability.
3. Platform independence and compatibility: No matter what type of device the end-user is using or where they connect from, the application sees the same browser, eliminating compatibility issues and facilitating application development and support.