Enhancing browser security through collaboration between Google and Okta

Enhancing browser security through collaboration between Google and Okta

In today's digital landscape, browsers have become primary work portals for accessing corporate applications and sensitive data. However, the practice of using personal profiles for work access in enterprise browsers poses significant security risks.

1. Credential Leakage Personal profiles often lead to credential leakage, as employees save work passwords in personal password managers. This can result in unauthorised access to corporate logins if personal accounts or devices are compromised.
2. Insecure or Unvetted Extensions Personal profiles allow employees to install any extensions they want, including potentially malicious ones. These extensions can request powerful permissions, such as reading site data, capturing keystrokes, and accessing local files. Since these extensions are installed outside of corporate oversight, they can create blind spots for IT security, making it difficult to prevent data exfiltration or session hijacking.
3. Policy Evasion and Shadow IT Using personal profiles can lead to policy evasion, as employees might bypass corporate security policies by using unauthorized applications or services. This can introduce shadow IT—unauthorized IT systems, devices, or software—into the corporate environment, further increasing security risks.
4. Data Integration and Privacy Concerns Personal profiles often integrate with other personal services, collecting extensive user data. This integration can lead to privacy concerns, as business data may inadvertently get mixed with personal data, potentially exposing sensitive information when personal accounts are compromised.

To address these concerns, managed browser profiles offer a solution. They enforce corporate policies, support the identity stack, and provide visibility for security teams. Managed browser profiles offer clean separation between work and personal use, consistent policy enforcement across desktops, improved observability for security teams, and a smoother, less disruptive user experience.

Okta and Google have partnered to simplify the rollout of managed browser profiles across managed and unmanaged Windows, macOS, and Linux devices. Google's managed Chrome profiles can be easily configured via the Google admin console and federated with Okta. Once users sign in to the managed Chrome profile with Okta, they receive single-click access to work apps with all policies and approved extensions applying automatically.

Admins can also enforce device assurance policies using Chrome Device Trust Connector for Okta, including password restrictions, safe browsing, and site isolation. Okta FastPass enables phishing-resistant authentication with minimal user disruption, and can be supported by configuring the LocalNetworkAccessAllowedForUrls policy.

To learn more about Okta's Chrome integrations and device assurance policies, visit the Adaptive MFA webpage. Karthig Balendran leads strategy and execution for Device Assurance, FastPass, and Okta Verify on Okta's Access Management team, while Cynthia Luu is a Principal Product Marketing Manager of Okta Workforce Identity Cloud, covering solutions for devices and security.

Treating the browser session as a managed, secure workspace is one of the most effective ways to protect identity, data, and access. By implementing managed browser profiles, businesses can mitigate the risks associated with personal profiles and ensure a secure and seamless sign-in experience.

[1] Source: Okta Blog, "The Risks of Personal Profiles in Enterprise Browser Settings" [5] Source: Okta Blog, "Data Integration and Privacy Concerns in Personal Browser Profiles"

1. Multi-Factor Authentication (MFA) Implementing MFA alongside managed browser profiles can further enhance security, requiring users to provide an additional verification factor, such as a biometric identifier, a one-time code, or a security token.
2. Cloud Solutions Okta's Cloud solutions offer a comprehensive and scalable approach to customer identity, access management, and compliance. By integrating Okta with various cloud applications, businesses can reduce the need for multiple passwords while maintaining a high level of security.
3. Access Management Okta's Access Management features offer centralized control over user access, ensuring only authorized individuals can access sensitive corporate data. This can help businesses achieve compliance with industry regulations such as GLBA, HIPAA, or GDPR.
4. Zero Trust Approach Adopting a zero-trust approach to security means verifying every user, every device, and every application before granting access. Okta's Zero Trust model assumes that breaches are inevitable and focuses on minimizing the impact when they occur.
5. Passwordless Authentication To improve the user experience and eliminate the risk associated with passwords, Okta offers passwordless authentication options. These can include fingerprint recognition, facial recognition, or one-time verification codes sent via SMS or email. By eliminating the need for passwords, businesses can reduce the risk of unauthorized access due to password leaks or compromises.

Read also: