Subscribe to receive notifications of new posts:

Browser Isolation for teams of all sizes

2021-03-23

4 min read
This post is also available in 简体中文, 日本語, 한국어, Español, Indonesia, ไทย and 繁體中文.

Every Internet-connected organization relies on web browsers to operate: accepting transactions, engaging with customers, or working with sensitive data. The very act of clicking a link triggers your web browser to download and execute a large bundle of unknown code on your local device.

IT organizations have always been on the back foot while defending themselves from security threats. It is not a question of ‘if’, but ‘when’ the next zero-day vulnerability will compromise a web browser. How can IT organizations protect their users and data from unknown threats without over-blocking every potential risk? The solution is to shift the burden of executing untrusted code from the user’s device to a remote isolated browser.

Bringing Remote Browser Isolation to teams of any size

Today we are excited to announce that Cloudflare Browser Isolation is now available within Cloudflare for Teams suite of zero trust security and secure web browsing services as an add-on. Teams of any size from startups to large enterprises can benefit from reliable and safe browsing without changing their preferred web browser or setting up complex network topologies.

Remote Browsers must be reliable

Running sensitive workloads in secure environments is nothing new, and Remote Browser Isolation (RBI) technologies have existed for many years. This begs the question, why are remote browsers not a common technology used by everyone?

The answer is — historically flawed execution. Everyone relies on web browsers for the majority of their work and any impact to user experience or performance can at best mean productivity losses and at worst outright rejection of the solution.

Unreliable rendering and poor performance in legacy browser isolation solutions has led IT organizations to reserve the enhanced security posture only for highly targeted users or activities. Much like trusting networks through the castle-and-moat model, assuming some users or websites are not phishing or malware vectors leaves an open door to attack.

Cloudflare Browser Isolation is built on top of Chromium (the same engine that powers other popular web browsers such as Google Chrome, Microsoft Edge and Brave Browser). This, combined with our novel Network Vector Rendering technique, ensures that web pages are safely and consistently rendered even as web technologies evolve and become more complex.

Remote Browsers Must Be Fast

Legacy browser isolation solutions are hamstrung by their fundamental technology or the network they operate on. These old solutions rely on high-latency and bandwidth-heavy pixel pushing, or fragile content-disarm and reconstruction techniques that degrade performance, break websites, and might miss a malicious payload in the process.

Network Vector Rendering allows us to deliver a safe view of a remote webpage without high bandwidth usage or degraded image quality, but it is one part of the solution. By leveraging our global network we position remote browsers close to everyone connected to the Internet. This allows us to deliver a responsive, low latency stream of the webpage regardless of where you are physically located.

Running a web browser on powerful servers connected to the backbone of the Internet introduces a powerful performance benefit. By sending minimal draw commands over the last mile wire, users with low bandwidth Internet connections enjoy a faster more responsive Internet.

Combine a massive, smart, distributed network with our patented super fast, lightweight Network Vector Rendering technology, and the result is remote browsing technology liberated from legacy constraints — providing crisp isolated pages to any user, on any device, anywhere in the world.

One of the advantages of using Browser Isolation is it reduces the local web browser’s burden downloading modern web pages. According to the FCC nearly 30 million Americans do not have access to broadband Internet (source). Modern websites are not optimised for low bandwidth connections typically requiring the download of hundreds of objects. Cloudflare’s remote browsers are connected to the backbone of the Internet and able to consistently download websites at broadband speeds, leveling the field for users on low-bandwidth Internet connections.

Here’s an example of a web page loading on a slow Internet connection compared with and without Browser Isolation. We are excited to see Browser Isolation bridging the digital divide and making the Internet faster for under-served Internet users.

Note: Timing is measured from the start of web page download until the webpage has triggered it’s on-load signal.

Remote Browsers Must Be Easy to Use

Browser Isolation products are typically implemented either as add-on network appliances (such as a virtual machine or firewall box) or by changing the user’s preferred browser. As an add-on network appliance, IT teams need to piece together multiple disparate solutions (even when offered by the same vendor). This leads to unnecessary complexity within the network and disparate interfaces for controlling policy configurations and monitoring threats.

Cloudflare Browser Isolation integrates natively into Cloudflare for Teams, delivering a consolidated view of all network and isolated traffic. Just like how you can use Gateway to allow / block traffic based on content categories, or security threats you can also define Isolation policies to dynamically isolate websites based on identity, security threats or content.

The Future of Internet Browsing is Remote Browsing

Local webpage execution poses a huge threat to businesses and organizations around the world. The solution is simple: shift the burden of executing untrusted code from the user’s device to a remote isolated browser.

Secure, fast, simple Remote Browser Isolation is now possible. Today we’re excited to announce that Cloudflare Browser Isolation is available as an add-on for Cloudflare for Teams. You can now protect your business from browser-based security threats without changing your web browsers or networks. To get started, sign up for a Cloudflare for Teams account, and add on Browser Isolation to the Teams Gateway or Teams standard plans. Contract customers can have Browser Isolation added to their Cloudflare for Teams plan by requesting access at this form.

From the day Cloudflare started, our mission has been to help build a better Internet and democratise the technologies that were only previously accessible to the large companies with sophisticated networks, dedicated IT teams and the budgets to support them.

Like a not-too-distant past when HTTPS encryption was reserved for “sensitive” login pages and eCommerce checkouts, we believe that trusting arbitrary website code will seem just as archaic creating the new paradigm of Zero Trust web browsing. The time for reliable and responsive Remote Browser Isolation technology is NOW.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Product NewsZero Day ThreatsCloudflare OneSecurity WeekSecurityRemote Browser Isolation

Follow on X

Tim Obezuk|@obezuk
Cloudflare|@cloudflare

Related posts

October 24, 2024 1:00 PM

Durable Objects aren't just durable, they're fast: a 10x speedup for Cloudflare Queues

Learn how we built Cloudflare Queues using our own Developer Platform and how it evolved to a geographically-distributed, horizontally-scalable architecture built on Durable Objects. Our new architecture supports over 10x more throughput and over 3x lower latency compared to the previous version....

October 23, 2024 1:00 PM

Fearless SSH: short-lived certificates bring Zero Trust to infrastructure

Access for Infrastructure, BastionZero’s integration into Cloudflare One, will enable organizations to apply Zero Trust controls to their servers, databases, Kubernetes clusters, and more. Today we’re announcing short-lived SSH access as the first available feature of this integration. ...