Security through the browser

Opinion by Dan Raywood

The concept of securing data is one that has been present this year with a number of new names in encryption, and one that will continue to be a key area for business.

The concept of securing data is one that has been present this year with a number of new names in encryption, and one that will continue to be a key area for business.

Talking this week with Ed Macnair, CEO of SaaSID, he said that the area to add security was in the browser as ‘everyone has a browser'. He said that as everything is now done in the cloud, be it application or even platform, that cloud-based security was ‘not a pipe dream, it is happening'.

He said: “It not possible to secure devices any more because the form factor is changing so rapidly. The only area of commonality you have is the fact that users access applications via a browser. Securing email and web browsing is easy to do using proxy servers.

“However, if you're looking to secure web applications, then the proxy server approach doesn't work as all the manager sees is a URL, not what has actually been accessed by the user on the application. This is especially the case with modern single page interface applications.

“The point of control needs to be next to the user, not at a proxy level.”

Macnair who was previously CEO of Overtis, said that when a user uses a proxy, the manager does not see their web activity, just the URL they visit and that could be any application. “If you are not monitoring or controlling the user, you are not seeing the whole picture,” he said.

“We're different; we are in the browser so we see what the user does.” SaaSID provide a solution that helps organisations use of public, private and hybrid cloud-based models, but also combines authentication, management and auditing solutions to help organisations address the productivity, security and compliance issues associated with the growing use of web applications.

The company won the cloud category at the inaugural Tech Trailblazer awards this week, while SaaSID has also landed contracts with the Government's G-Cloud initiative and customers such as Groupon. Macnair said: “How do you secure customer data within applications? Groupon are using our technology for business intelligence on who can use what and with which applications.

“There is no solution to manage multiple identities. You have got to provision access across the system to de-provision access from it.”

He said that the three benefits of its browser-based technology, Cloud Application Manager are: to use single sign-on for any application; do granular access control; and to monitor what a user did on an application.

Macnair said that on average, its customers use seven different types of application from the business-focused to social networks, and asked if all of users need access to them all of the time? Arguably not, but how do you prevent that happening? One way is with privileged user access management, but if these applications are in the cloud, how do you control it?

This year we have looked at the concept of encrypting data that is stored externally, and this has seen the likes of CipherCloud, CertiVox and Vormetric be spoken of.

However if the issue is one of being in control at all, then it may be down to granular control. Macnair said: “If you control browsers, you can control everything. You are getting control of what is important and people are only waking up to it now.”

At the end of 2012, where we have learned about the future of data management being less about device and more about the application and what it transmits, the future is within the browser. Just remember when and where you heard this first.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events