Cyber security in theory should be simple – attack surface expands as software and cloud workloads complexify, new vulnerabilities and attack vectors form, and cybersecurity companies emerge to fill in the gaps. Unfortunately for CISOs and enterprise security teams, for every net new vulnerability, the number of attack vectors it creates tends to be tenfold. For CISOs, this has translated into a continuous cycle of buying and/or replacing security vendors, patching new vulnerabilities, and evaluating their security design. How we work is due for a shake-up; a deconstruction of followed by a powerful rebuild, and it’s hard to think of a better place to start than the center of virtually every modern workplace: the web browser.
In some ways, the evolution (or lack thereof) of the browser’s role in enterprise security has occurred exactly as you’d expect: ground zero for cloud-native solutions like SASE, CNAPP, and API security and gateway for existing security solutions to plug in their offering (e.g. CASB, DLP, and VDI). Still, it’s hard not to wonder: Why hasn’t the browser progressed beyond it’s role as gatekeeper? Why don’t we think of it as a critical security layer the same way CISOs think about network, endpoint or even perimeter?
Restarting with Island
When we met Mike and Dan for the first time and heard their vision for building a Chromium-based browser with enterprise policies built in it sounded too good to be true. After hearing the how, why and why now, two things were clear: 1) the time was now and 2) if there ever were two Founders to execute on the size of the opportunity, they were Mike and Dan.
Their idea was elegantly simple: build an abstraction layer between Chromium – Google’s open-source browser project – and Island’s code, giving them the reigns on everything from proxy to last mile visibility & control of all browser based workloads.1,3 In doing so, Island allows security and IT teams to have unprecedented visibility and control of the browser, allowing them to orchestrate everything from basic data exfiltration protections within web-apps (e.g. copy/paste, download/upload, screenshot) to advanced security controls and governance (e.g. DLP, Zero Trust, PAM). Island’s tech can be installed directly on their customers’ existing browser, meaning there’s no need for additional installations.
We were lucky enough to lead the A round when Island was still operating in stealth as Zero Abstraction – code for their ability to abstract the browser from both the network and the device.
In less than 9 months since we initially invested, Island has gone from technology to horizontal category creator. With Island’s Enterprise Browser, CISOs can reimagine their security design across a growing number of enterprise use cases, including securing critical SaaS and internal web applications from data leakage, safe access for contractors and BYOD workers and full governance over privileged user accounts. It can also reduce virtual desktop infrastructure (VDI) dependency while supporting built-in safe browsing, web filtering, web isolation, exploit prevention, smart network routing and Zero Trust access.
The Island team is just getting started, and we couldn’t be more excited to be along for the ride and double down.