Most of the action in the remote browser isolation (RBI) industry is happening in the enterprise market and the vast majority of enquiries that I see come from large businesses. This makes sense because large businesses have more value and assets to protect than smaller ones, "their cost of failure is higher" we like to tell ourselves.
There is certainly a lot of truth to this, I got my start in browser isolation almost a decade ago working with the National Nuclear Security Administration, specifically the labs who directly handled the US nuclear arsenal. In their case they not only have weapons of mass destruction to protect, but also some of the biggest science anywhere, NNSA labs build all the worlds biggest supercomputers. They arrived at the conclusion that they needed to isolate their users browsing activity a long time ago, so that they could get in front and ahead of browser based cyberattacks.
Important Organizations Already Isolate Their Browsing
Organizations like these have a lot to protect and a very high cost of failure, but when this is the case they probably already have some kind of browser isolation solution in place. The NNSA and many other governmental, financial, judicial and strategic organizations already have a remote browser isolation solution of some sort in place (typically virtualization based) and are now looking for a way to increase the scale and lower the cost of their existing remote browser isolation solutions.
More than half of the large organizations I speak to already leverage remote browser isolation technology in some way and those that do not see the importance of physically isolating their users browsing activity away from their networks. The enterprise space has completely woken up to the obvious truth that their browsers should not be directly embedded in the middle of their IT infrastructure. Gartner predicts that more than 80% of them will adopt some kind of browser isolation solution over the next three years and judging from the interest, the enterprise space is in a rush. Remote browser isolation use cases are everywhere you look.
High Cost Of Failure?
When it comes to the enterprise space and cyberattacks, the cost of failure is not actually that high. When was the last time you heard about a major organization going bankrupt after a major cyberattack or data breach? The last time I checked the organizations who were the victims of the biggest data breaches of the 20th century are all still in business. Marriot, Equifax, Adobe, JP Morgan, Uber, Yahoo, Target, Ebay, Sony, RSA and countless others are all still operating and I do not even remember reading about any of their senior executives losing their jobs or going to jail.
In that context you have to ask yourself, exactly how high is the cost of failure for an enterprise when it comes to their security being breached and their data leaking?
Usually it is their customers who bear the cost of their cybersecurity failures...
When we tell ourselves that the cost of failure is higher in the enterprise than in a small business, we are perpetuating a lie. The real high cost of failure when it comes to cyberattacks and data breaches can be found in the small business market and while small businesses are probably not responsible for the personal data of millions, or strategically important technology, their cost of failure in the event of a cyberattack can be catastrophic when compared to a much larger enterprise business.
If a small business falls victim to a cyber attack, becomes infected with ransomware, or loses its business data, it can be fatal for the business over the short, mid and long term. Most businesses who fall victim to a cyberattack fail because of it, according to the SEC 60% of SMBs who were victims of cyber attacks did not recover and shut down within 6 months. In the cybersecurity space, the cost of failure is clearly higher in the small business market, their employees, customers and entrepreneurs. People lose their livelihoods when a small business falls victim to a major cyberattack, something that almost never happens in the enterprise space.
SMB's Are The Most Vulnerable Segment Of The Market
Take a ransomware attack for example, the vast majority of attacks on small businesses are ransomware attacks. Most large businesses have cyber insurance in place to mitigate the costs of a cyberattack and the resources to pay a ransom, they are also less likely to fall victim to a ransomware attack because they probably have security systems, training and process in place. For a small business though, it's a jungle out there, ransomware has been on the increase for as long as anyone can remember.
A small business will often lack the resources, expertise and insurance coverage to properly recover from a cyberattack, let along defend against them effectively.
Most small businesses will be lucky to have one or two people in their IT teams, who may or may not be experienced when it comes to cybersecurity. The vast majority of small businesses do not have an IT team and this is the primary reason why they are the most vulnerable segment in the cybersecurity market, not only is their cost of failure catastrophically high, they lack the resources to manage the threat landscape.
Remote Browser Isolation Is Still Too Expensive For SMB's
In the remote browser isolation space the small business market is almost being completely ignored, with the current market leaders not even talking to businesses unless they have more than 1000 employees. For a small business who wants to embrace remote browser isolation there is really only one place that they can go, WEBGAP, where you can sign up for a remote browser with your credit card on their website.
I talk to a lot of people about remote browser isolation and I often hear others express their frustration with the expense of the existing (virtualization based) remote browser isolation solutions in the market. I also hear the frustrations of prospects in the market who find it difficult to even get a price from many of the vendors in the space, the bigger vendors will not even talk to a small business which can be incredibly frustrating.
Part of the reason the small business space is being ignored is because they lack the cybersecurity budgets required to finance expensive virtualization-based remote browser solutions. According to Gartner's Desktop TCO report, the average business spends between $44 and $68 per year, per user on endpoint security. In this context it is no wonder that SMB's cannot afford to protect themselves with remote browser isolation and not a surprise that the virtualization based vendors will not talk to them.
Lack Of Awareness & Education
The small business space has not really woken up to the protection that a remote browser can bring yet. Most infosec practitioners know that the majority of attacks begin with the browser, but the small business market doesn't. They may know that they need anti-virus software installed, but they probably do not know that they should be isolating their web browsers completely. A lot of education is needed before the small business space starts to buy remote browsers online like they buy web hosting.
A big part of the challenge when it comes to unlocking mass adoption of remote browser isolation solutions is raising awareness of the model among the small business and consumer markets. The hundreds of millions of users that will adopt remote browsers over the next ten years will predominantly come from these markets, because most large organizations will already a browser isolation solution in place.
For transparency purposes I am the co-founder of WEBGAP, an RBI startup focused on solving the real problems in remote browser isolation, cost and scale. Our proprietary WEBGAP platform lowers the cost of remote browsers to single digit dollars per user and puts the protection of remote browsers within the financial reach of the countless small businesses who really need that protection the most.
My team and I are focused on developing a remote browser platform for the many, rather than just the few who can afford it. We plan to unlock mass adoption of remote browser isolation over the next five years and you can start using a remote browser today, for just five dollars per month, by signing up on our website with a credit card.
If you want to learn more about remote browser isolation, check out our learning center by clicking on the link in this sentence. I have written a number of explainer guides which will take you through the basic concepts of browser isolation cybersecurity.
I also wrote a comprehensive remote browser isolation white paper detailing the different technologies and approaches to solving the same problem. If you have any further questions about the subject, come find me on twitter and ask me there.