Enterprise browsers: the new standard for security?
The market for enterprise browsers is growing fast – but are their features and security controls enough to compete with free applications?
The web browser is a vital, but largely commoditised, part of IT infrastructure. But that could be about to change with the growth of enterprise browsers.
For the last two decades or more, businesses seem to have been happy enough with the default browser bundled with their operating system, or with Google Chrome.
Almost all browsers cost nothing to use. Netscape made its Navigator browser free (and open source) as far back as 1998. That, in turn, was in response to Microsoft bundling Internet Explorer with Windows.
And Chrome, with by far the largest current market share of any browser, is a free download.
Research by YouGov round that 58% of internet users in the United States use Chrome, with its nearest competitor, Apple’s Safari, on 15%. Statcounter, a tool that allows website users to monitor visitor statistics, puts Chrome’s UK market share a little lower, at 51.8% and Safari at 30.5%, across all device platforms.
Interest in other browsers remains low. Firefox, for example, registered just 1.9% of users in August this year, and Edge 8.6%, again according to Statcounter.
The majority of browsers in use today are, in any case, based on the open source Chromium technology. This includes Google’s Chrome, but also Microsoft Edge, and Opera; Apple’s Safari is the most widely-used exception.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
These stats include both consumer and business usage – but the use of consumer-grade browsers within the enterprise is common. Increasingly, however, software vendors have launched new browsers aimed specifically at enterprise users, with added capabilities such as enhanced data security and access controls.
Gartner predicts that by 2028, 25% of organizations will deploy at least one enterprise browser in the pursuit of better security. Are enterprise browsers on the cusp of widespread adoption – and what are their chief benefits?
Enterprise browsers on the rise
The reasons for enterprise browsers are twofold.
First, the way businesses deploy and use enterprise applications has changed. Applications increasingly run in web browsers, so the browser is the front end for most day to day activities.
And organizations are increasingly concerned about security, privacy and data protection, not least because of the proliferation of generative AI tools.
The enterprise browser, its advocates argue, offers much more granular control over how users access data – enterprise browsers tie directly into data loss prevention and security tools. Unsurprisingly, some of the companies now offering enterprise browsers are, first and foremost, security vendors.
“Fundamentally, enterprise browsers offer deeper levels of security protection than the consumer grade ones used for casual web browsing,” Will Townsend, VP principal analyst at Moor Insights and Strategy tells ITPro. “This is an important consideration given the fact that generative AI applications use a browser as the interface.”
Townsend comments on the number of enterprise browsers on show at Black Hat USA earlier this year, and labels 2025 as “The Year Of The Enterprise Browser”. He flags Island, Google, with its enterprise versions of Chrome, Mammoth Cyber and Palo Alto Networks’ Prisma browser as technologies to watch.
What makes enterprise browsers stand out for Townsend is their control over data access and data leakage. “Many are architected with zero trust least privileged access constructs and deeper security provisions including identity access management and improved data observability,” he says.
But enterprises are not just using enterprise browsers to improve security. These applications are also being used as a cheaper, easier to manage alternative to virtual desktop infrastructure (VDI), especially where chief information officers (CIOs) need to manage third parties, such as contractors, on their networks. Island especially promises “virtualization-like functionality”, Townsend says.
No more VDI
This use case allows IT teams to manage just the browser, without all the other overheads of full-blown VDI, or the cost and inconvenience of issuing a physical, corporate device.
“In extreme examples, contractors would be shipped physical laptops that have the golden build on them,” Scott McKinnon, chief security officer for UK and Ireland at Palo Alto Networks, tells ITPro.
“That's obviously very, very expensive for the organization.
“Now, if you can effectively introduce a new level of abstraction and treat everybody the same from a platform perspective, you don't care whether they've got an HP or a Dell, or whether they use a Mac, or a tablet or a phone, or whether they are a contractor or an affiliate or a customer,” he says.
“You can have that kind of consistency, and treat everybody the same from that operational perspective, which streamlines things, reduces cost and helps business on the bottom line.”
At Palo Alto Networks, all company business is now done within its Prisma enterprise browser, though McKinnon adds he still uses Chrome for non-corporate tasks such as Gmail or LinkedIn.
Browsers, and plug ins
Palo Alto offers its Prisma enterprise browser as a standalone product, controlled via a cloud portal. This allows IT and security teams to use isolated profiles and policies for Prisma.
But the real benefit, McKinnon suggests, comes when enterprises steer all their web traffic from the browser to Palo Alto Networks’ secure access service edge (SASE) platform. This provides data loss prevention and data plane isolation in a way that is simply not practical with third-party browsers.
But standalone enterprise browsers face competition from enterprise versions of regular browsers, and from extensions that add security features to control how browsers handle data.
“From the enterprise browser standpoint, here, we've two elements,” explains Oliver Madden, an enterprise browser specialist at Google.
“One is a core element which allows you to manage some policies, configurations, and generate reports. And then we've the premium piece that allows you to set zero trust, access controls and threat intelligence directly into the browser.”
The advantage here is that users can continue with the browser they know, but IT teams can add additional controls. For example Paul Stringfellow, CTO at IT consultants Gardner Systems, tells ITPro that security teams looking to sandbox malware or malicious websites are turning to enterprise browsers.
“What I am seeing increasingly from cybersecurity vendors is the deployment of browser agents, which allow them to enforce granular controls on users accessing the internet. This ensures that users always have consistent controls applied to their devices.”
Whether enterprise browsers become mainstream will depend largely on whether those security and data access controls are enough to overcome the existing browsers’ vast installed base.
-
Unlocking technology value: the essential role of TBM in modern IT managementManage spend, optimize costs, and drive greater value from your technology investments with TBM
-
UK government to fund regional tech programs up to £20mnews Local and regional partnerships invited to bid for support for established or developing projects
