Consolidating the Alphabet Soup of Cyber Protection

By Mishel Mejibovski, Head of Operations and Strategy, SURF Security

One of the most significant challenges for CISOs in the current climate is the complexity of the cybersecurity landscape. The rapid pace of technological advancement and the growing sophistication of cyber threats make it increasingly difficult for CISOs and IT teams to keep up with the various ways in which their organizations need protection. This complexity is further compounded by the need for a diverse set of tools and software to safeguard against different types of attacks.

As a result, organizations may struggle to maintain agility and efficiency in their operations while also ensuring adequate protection against cyber threats. The shift to remote work brought about by the pandemic has further exacerbated this challenge, making it increasingly difficult to maintain security without disrupting the flow of business.

Employees expect flexibility and the ability to work wherever, and whenever they want. This means having access to company data from private and public networks across a myriad of devices (laptops, desktops, cellphones, tablets, etc.). In the quest to keep threat actors from accessing company data from these unprotected points, the cybersecurity stack continues to expand. Not only does this keep IT teams too busy to focus on other important tasks, but the cost of management and licensing is starting to bust budgets.

Virtual desktop infrastructure (VDI), was once considered a viable solution for corporations looking to provide their teams with the flexibility to work remotely while maintaining central management of data. However, as VDI usage has increased, it has become clear that the technology has limitations that can negatively impact productivity.

A report by Gartner in 2020 found that while VDI is a popular solution, organizations are facing challenges such as network congestion, high costs, and performance issues. Furthermore, VDI’s capabilities can be limited when it comes to accessing cloud and software as a service (SaaS) applications.

A Forrester research report from 2020 also highlights the need for organizations to consider other options such as Remote Desktop Services (RDS) or Windows Virtual Desktop (WVD) depending on their requirements and use cases.


Virtual private networks (VPNs) have become a popular solution among consumers looking to protect their online browsing. However, when used in a professional setting, the effectiveness of VPNs can vary.

According to a 2020 report by Cybersecurity Ventures, the use of VPNs increased by 75% during the COVID-19 pandemic as more companies adopted remote work policies. However, the report also found that many VPNs used in the enterprise lack proper security measures and can leave corporate data vulnerable to attacks.

In fact, the Cisco 2020 Annual Cybersecurity Report found that 43% of data breaches involved remote access. This highlights the need for organizations to carefully evaluate and implement VPN solutions to ensure they provide adequate protection and to monitor their performance continuously.


Remote browser isolation (RBI) is a cybersecurity solution that aims to protect organizations from web-based threats by isolating web browsing sessions on a remote server. However, despite its potential benefits, there are several downsides to using this technology. One of the major drawbacks is the high cost associated with implementing and maintaining an RBI system.


According to a report by MarketsandMarkets, the global Remote Browser Isolation market size was valued at USD 59.7 million in 2019 and is projected to reach USD 164.3 million by 2024, at a CAGR of 22.5% during the forecast period. This can be a significant concern for organizations with limited budgets and may make it difficult for them to justify the investment. Additionally, the complexity of setting up and managing an RBI system can be challenging for some organizations.


Centralize the Solution

Managing the complexity of the cybersecurity stack can be a daunting task for CISOs and IT teams.One effective approach to addressing this complexity is to consolidate the various software tools into a single control point. By centralizing the management of security tools and solutions, admins can gain a better overall view of the organization’s security posture, identify potential risks and vulnerabilities more easily, and respond to threats in a more coordinated and efficient way.

The enterprise browser is one way forward because it removes the need for multiple tools by implementing security, data governance, and identity access management directly into the browser. Features such as DLP, web filtering,phishing protection, malware scans, and anti-spam systems are all built into the software directly so that you don’t require multiple solutions. This easy-to-use solution also frees up IT teams. The onboarding process is super simple and takes only 15 minutes. There is no training as the user experience is nearly identical to existing consumer browsers. All users need to do to begin using the enterprise browser is download it to their devices and login using corporate credentials and it will be all set. By making the browser the first line of defense, enterprises have better security, agility, and management.

A secure corporate browser protects company data by authenticating and validating the user and device, every step of the way. Enterprises can filter access based on user and receive alerts when company policy is breached. The browser functions independently from the device it’s on, ensuring increased security from malware, no matter where company data is being accessed. By utilizing a Zero-Trust architecture, the enterprise browser ensures full agility, control, security, and privacy.

Mishel Mejibovski is Head of Operations, SURF Security, which provides a zero-trust secure enterprise browser.