Every November, the media hypes "Cyber Monday" (the Monday following Thanksgiving) as the single biggest online shopping day of the year. Employees allegedly spend hours online hunting for the best deals instead of getting their jobs done. But in reality, we live in a world where users routinely interweave personal browsing with accessing the web for work reasons. Sometimes they're using the browser on their work computer to get a personal task done. Sometimes they're using the browser on their home computer to access a business app. Either way, IT professionals live with the risks associated with having their company web apps and data living side by side with users' personal browsing tabs. Viruses, trojans, man-in-the-browser exploits, session redirects, and cross-site scripting attacks are just some of the obvious vulnerabilities that can harm your business.
To make matters worse, users' personal browsing isn't confined to bargain hunting. A recent TEQWORKS report found that the vast majority of pornographic traffic and online stock trades happen during business hours. And that doesn't even consider users browsing on their own time from their own computers and then using that same machine to access company apps. The more users frequent the seedier parts of the web, the more likely they are to become infected, and the more you place your business apps and data at risk.
Unfortunately, current solutions don't seem to help much. In a world of BYOD and work-from-home employees (not to mention consultants or outsourced teams), it's no longer possible for IT to "own and control" the endpoints, networks, and gateways that are being used to access company apps. Traditional products including VPN tunnels, content filtering gateways, and client side AV software are expensive, less than effective, hard to manage and - most importantly - useless if users can circumvent them them to access company data. For instance, if my work-from-home employee accesses salesforce.com from his personal computer using a username and password that's the same as his Facebook account, then all my traditional endpoint- and perimeter-based solutions are moot.
More modern day approaches seek to limit access to apps from computing environments that are deemed "clean." The most impractical suggestion in this category has been to use a dedicated computer for one particular task, such as accessing an online banking portal. Perhaps this can work in a extremely limited use case, but it's not a feasible solution for a company looking to roll out web apps to a wide base of users. Other approaches have involved running certain applications (e.g. a browser) within a virtual machine on the user's computer, thereby insulating it from other system resources; or booting from a LiveCD into an operating system environment that is separate from the native host. Perhaps a step better, but not particularly user-friendly when you think about the need for roaming users to access business apps from any computer anywhere.
This is what led us to come up with Silo -- a radical approach to containing the risks associated with delivering sensitive business apps. Think of Silo as as an insulated web container in the cloud that's built fresh each time. It can be securely accessed from any computer regardless of its state. It connects only to those apps that the business provisions. And it is entirely insulated from the user's local computer and personal browsing. What's more, it's enabled with authentication and single sign-on so users don't have the pain and risks associated with password management. Plus it's wired with controls that let admins define policies for how their users can access apps, download company data, and more.
If that's an idea that piques your interest, we'd love to hear from you. We're meeting more businesses that see Silo as a convenient answer to regaining control over their web apps. In our next post, we'll talk about one of those companies in particular.
Until then let's have a great Cyber Monday, knowing full well that our risk profile hasn't changed a heck of a lot when we wake up on regular Tuesday.