Bring your own device (BYOD) is here to stay. Modern organizations are acutely aware that allowing employees to use personal devices for work delivers flexibility and productivity benefits—benefits which have been on full display during the shift to remote work caused by the global pandemic. When an on-premises employee has their managed device break in some way, IT is just a short walk away for a fix or a replacement; but, if a managed laptop breaks while working from home, users typically have to turn to their personal endpoints to remain productive. Some users even leverage their own devices by default merely because they feel more comfortable and efficient when using them.
In addition to BYOD, it is important to remember that other unmanaged devices belonging to third-party organizations (like channel partners or technology partners) regularly require access to IT resources, as well. Complicating the picture further is the adoption of SaaS and the fact that users are accessing cloud applications that now exist outside of the traditional, on-premises environment. So, what does all of this mean?
Security technology woes
With off-premises users accessing off-premises applications through mobile endpoints that aren’t managed by IT, there is more room for data leakage than ever before. Legacy tools focused on the data center are a poor fit for remote employees using SaaS applications. Additionally, the standard approach of installing security software, or agents, on endpoints used to access data is a poor fit for personal and third-party devices where seizing control in this way is typically infeasible.
As a result of the above, organizations need agentless security designed to protect SaaS applications during unmanaged device access. With the rise of cloud access security brokers (CASBs), their reverse proxy deployment modes became the standard method of accomplishing this. Unfortunately, organizations have soured on reverse proxies in recent years due to their frequent breakages, limitations around which apps can actually be secured, and adverse effects on employee productivity. In other words, organizations still need an appropriate solution to secure BYOD access to SaaS applications.
Browser isolation
Browser isolation is the technology that organizations the world over have been waiting for; specifically, agentless browser isolation that can easily secure traffic stemming from unmanaged endpoints. This kind of solution virtualizes cloud app sessions in an isolated environment and streams only pixels to the endpoint. This means that unmanaged devices are granted access to SaaS but are prevented from downloading, copying, pasting, or printing the sensitive data therein. In other words, with agentless browser isolation, enterprises can embrace the productivity and flexibility gains of unmanaged devices (and remote work and SaaS applications) without compromising data protection.
To learn about the ins and outs of unmanaged devices and the various security considerations surrounding them, listen in on the conversation between the experts in the video below.
For further information about Zscaler Cloud Browser Isolation and how it can secure your apps and data, read our at-a-glance. To take an in-depth look at Zscaler Data Protection as a whole, watch our recent webinar with the SANS Institute.