Why DOD Modernization Starts with the Browser

Enabling mission partner environment, control, visibility, and governance over data and applications supporting Warfighters

8
 min read
Aug 1, 2024
|
Updated: 
Nov 26, 2024

Scott Montgomery

,

VP, Federal at Island

Consumer browsers like Edge and Chrome weren’t designed initially as mission support applications. At their core, they are simply vehicles to render web content. In the mission context, they have rudimentary settings that are centrally controllable but lack sophisticated policy to protect mission applications, the underlying data, the personnel in mission departments and agencies, or mission partner environments (MPE). 

Unsure of this? 

Just examine the Joint Regional Security Stack (JRSS) surrounding the typical browsing experience. Organizations continue to deploy a complex and expensive series of technologies around these browsers that are challenging to manage and frustrating to work with for Warfighters, civilians, contractors, and mission support alike. 

Here are just three examples of traditional approaches to securing browser activity:

Browsing through VDI

VDI creates a complex route through which data must travel, resulting in an end-user experience that drastically lags behind the users’ actions.

Browsing through VPN

VPNs backhaul traffic to a data center or company headquarters. The further someone is from the traffic’s destination, the worse the performance. 

Using Break and Inspect to Monitor Traffic

Break and inspect is simply an approved form of man-in-the-middle attacks. It’s expensive and prone to errors.

 

Luckily, there’s a new breed of browser that naturally embeds many of the core needs of mission support into the smooth, familiar browser experience.

A New Approach: Island, the Enterprise Browser

Unlike traditional consumer browsers, Island, the Enterprise Browser, is contextually aware of the environmental factors it operates within (user, groups, geolocation, network, device awareness, etc). By using such contextual indicators, organizations gain complete control over the last mile, with the ability to govern and audit all browser behavior and customize the browsing experience to support every workflow. Browser activity data is collected and centralized, radically improving the effectiveness of the entire infrastructure. Alternatively, complete user privacy can also be enabled for Warfighter morale, welfare, and recreation (MWR). 

This approach can fill in the missing puzzle pieces of a zero-trust initiative to ensure a natural fit for mission support, MPE data enablement, and a blend of applications that live on the DOD Information Network (DODIN) or in hybrid or public clouds.

With Island, security extends everywhere it’s needed without getting in the way of mission support:

  • Data can be shared securely in a mission partner environment (MPE)
  • Software-as-a-Service (SaaS) and DODIN web apps no longer leak data to the endpoint
  • Bring Your Own Approved Device (BYOAD) and contract workers get to work without putting data at risk or adding layers of virtualization
  • Warfighter, civilian, and contractor credentials are now safe from state-sponsored adversaries, phishing, or inappropriate re-use
  • Users are protected from malicious content

Island, the Enterprise Browser, is mission support as it should be: fluid, frictionless, and fundamentally secure.

Enabling Security without Sacrificing User Experience

With the Enterprise Browser, you have complete control over this last mile. Security teams can set flexible policies that govern how the browser behaves across every user, in every scenario, from the universal level down to the finest details of an application.

By controlling what the browser presents to end users, Island becomes the most powerful ally in enabling departments and agencies to share and collaborate with mission partners safely, without risk of oversharing.

For example, using Island’s management console, you can set a policy allowing users to access only certain areas of a specific application depending on their role, nationality, work status (Warfighter, civilian government, contractor), device posture, geolocation, network connection, application tenant, and other parameters. And through this policy, you can control all types of interactions with the contents on the screen, such as:

  • Copy/pasting within or between applications, specific tenants of an application, and external destinations
  • Screen captures of critical application areas
  • Printing application pages
  • File download or upload within an application
  • Adding multi-factor authentication to certain areas of an application
  • Redacting sensitive on-screen data without any backend code changes
  • Redirecting downloads to the organization’s secure storage (e.g., OneDrive, DISA SAFE)
  • Watermarking to discourage phone or camera screen capture

Enhancing Infrastructure Integration

With Island, the Enterprise Browser, your security stack is now integrated into the browser, instead of locked out. Your entire security stack can see all user activity and data first-hand, making them instantly smarter, while making their jobs simpler. 

  • DLP makes smarter real-time decisions about which files should or shouldn’t be downloaded — before they even leave the browser.
  • Malware scanning is integrated into the browser, along with native browser isolation techniques, protecting the organization from ransomware or zero-day exploits (such as attempts to inject malicious code into the browser) at the very place they arrive. 
  • Web classification is done within the browser to block or warn about risky or inappropriate destinations. 
  • Advanced extension management gives you granular control over browser extensions to balance user productivity and convenience without compromising on security. 
  • Analytics platforms finally have a comprehensive view of everything happening inside the organization, enabling you to gain more accurate insight and make more sound decisions.

Finally, a browser that fully cooperates with the mission.

Enterprise Browser Mission Support Use Cases

By sitting at the center of mission support, Island has the potential to fundamentally solve use cases of all kinds where consumer browsers are unable to answer the need.

Mission Partner Environment Data Enablement

We don't fight alone. At the bare minimum, we fight jointly, with members of many DOD organizations planning and executing within an area of responsibility. But more often than not, we partner with the defense industrial base (DIB), NATO and member countries, and other multinational defense or drug interdiction organizations, contractor firms, individual mission partner nations or groups, and the Five Eyes and other intelligence sharing organizations. The ability to create and enforce policy for mission data sharing (while limiting spillage or oversharing), redaction, transmission, storage, and other information security and privacy considerations is essential for modern warfighting. The Enterprise Browser allows Warfighters to have least privilege data on any device they need to fulfill their mission — at the time that they need it — in accordance with modern DOD strategies.

Critical SaaS Applications

Aside from their limited built-in security controls, it’s been virtually impossible to govern and secure the data accessed inside the SaaS and internal web apps core to mission support today. But with Island, organizations finally have a closed-loop system inside which granular policies can be implemented across all SaaS, internal, and GOTS web apps, ensuring the data inside them remains fundamentally secure, without relying on break and inspect, limited and complex network controls, disparate app-specific APIs or other bolt-on solutions.

Virtual Desktop Infrastructure (VDI) Reduction

As the pandemic drove mission support to remote locations rather than the traditional military installation, many have turned to costly VDI solutions to provide browser access to critical applications for off-premises users. Island completely removes the overhead of VDI management and licensing costs for governing access to critical web applications for remote users in accordance with DOD Zero Trust Reference Architecture, while providing a significantly more fluid and familiar experience users expect from a browser.

Contractor Access

Mission support routinely requires giving outside contractors access to critical applications. But doing so has historically meant DOD issuing contractors GFE devices to make these connections. The level of visibility and control of the Enterprise Browser allows many contractors to use their own company's hardware without increasing risk on the DODIN, a sea change in how third-party work gets done. With the Enterprise Browser, you can set specific policies to govern which applications and data contractors can access from inside the browser itself. You can also audit the usage of those apps and data to make sure all activity is as it should be. And most importantly, by provisioning their work from inside the browser, all the typical IT friction is gone — positioning contractors to work quickly and efficiently.

Bring Your Own Approved Device (BYOAD)

As the use of unmanaged devices for work becomes mainstream, the risk of sensitive data leakage has become a constant challenge with no comprehensive solution, until now. With The Enterprise Browser, organizations can finally offer this level of professional freedom without compromising on security whatsoever. With Island, users work freely on any device they choose while accessing critical data via a browser designed to keep it where it belongs.

Private Apps or Semi-Private Cloud

Organizations often turn to VPN for connecting to private apps hosted in a data center or semi-private cloud. But backhauling network traffic over VPN is inefficient and can add security risks. The Enterprise Browser offers a much simpler and more secure solution for connecting to private apps or semi-private cloud. Island can make use of existing network infrastructure or augment with per-app connectors to secure traffic between private apps and the browser — all without opening the external firewall or backhauling traffic over VPN.

Privileged User Access

Most applications require accounts with highly specific privileges for organizational management needs. Yet who is watching and governing the use of these privileges? These accounts become easily prone to misconfiguration or insider threat. Island uniquely protects privileged user accounts by adding deep forensic logging on transactional events, forensic screenshots of key actions and even multi-factor authentication on top of any key action, ensuring no unauthorized action takes place — accidental or otherwise.

The Enterprise Browser Enables DOD’s Future State Now

Island modernizes mission support by embedding security and governance directly into the browser, providing a secure, efficient, and user-friendly experience. It enables DOD IT leaders to address the limitations of traditional browsers at scale — rendering the need to surround them with superfluous layers of security obsolete, and offering a robust solution for modern mission needs.

Scott Montgomery

Scott Montgomery has a tenured career building information security and privacy products, helping organizations increase their defensive posture, evangelizing to technical audiences and the greater public, and driving shareholder value. Scott loves making difficult infosec concepts more accessible to wider audiences. He has presented to numerous audiences as a lecturer and has also testified before Congress. Scott has designed, built, tested, fielded, certified, sold, and supported a wide range of information security and privacy products, notably during a ten year stint with McAfee. He has also held multiple Chief Technology Officer positions, including for private and public organizations. A native Philadelphian, Scott, his wife, two kids, and two standard poodles now live just outside Washington DC in suburban Maryland.

No items found.