Long Term Goals
Encourage secure use of the Internet by enterprises and individuals by performing risky activities in well-controlled, monitored, and actively defended environments.
Background for Long Term Goals
Organizations have been implementing virtualization as a mechanism for implementing security and compliance processes for years. Virtualization enables efficient hardware use as well as the opportunity for centralized management, monitoring, and control of enterprise workflows.
Virtualization did gain a lot of momentum in the past decade. However, experience with virtualization often found that the user’s experience was lacking, often due to performance issues arising from network overhead, excessive local compute overhead, or excessive virtual host overhead.
One emerging trend is to virtualize individual applications. However, this poses challenges as it may not be sufficient to virtualize a single application, and it can be rather complex to deploy multitudes of virtual applications for a single user instance.
One can think of the Web browser as a platform for cloud applications. As such, it is neither a point-application solution nor an entire desktop environment. It is a happy median between those two extremes.
Web browsing activity is a favored attack vector for criminals and nation states. As such, the browser is a high-value target. Moreover, the browser is the gateway to cloud applications. Compromising the browser enables compromise of what are often end-to- end ‘protected’ cloud applications. In addition, the browser is also a gateway to the enterprise network, as that is the physical location of the browser. It has access both the Web and, if compromised, the enterprise network.
In addition, while particular applications may protect against compliance process violations, such as redacting personally identifiable information (PII) or rendering a particular screen as not selectable or un-printable, browsers rarely have such controls or if they do, they are often easily circumvented.
It is our long-term goal to foster the adoption of isolated, hosted Web browsers as a mechanism for improving the security and compliance of enterprise networks and data.
Intermediate Term Objectives
This project will measure the potential benefits of isolating the Web browser through virtualization technology. We will measure the impact of using a virtual Web browser along the following axis:
- Computational resources used at the endpoint (including desktops/laptops and mobile devices)
- Network resources used by the endpoint
- Cost comparisons of benchmark licensing, support, and training
- Impact on level of security delivered (e.g., compliance audit and reporting, insurance premium reduction, etc.)
- Secondary impacts, such as the ability to use last-generation hardware or avoiding hardware upgrades to support modern applications, acceleration of the adoption of cloud- based applications, retirement of obsoleted products such as VPNs or VDI
Citrix sponsored a non-academic report by Forrester Research looking at the economics of VDI. Many of the principles that apply to VDI apply to virtual Web browsers.
Capital-intensive utilities often price their services based on the average cost of providing the service. However, while individuals may be consuming only a tiny fraction of a percent of the utility being delivered, many utilities have large step-function increases in fixed cost when the current supply of the utility being delivered is at capacity. For example, it can cost billions of dollars to build a new power generation facility. As such, it is in a power utility’s interest, as aggregate usage approaches capacity, for them to provide incentives for their customers to conserve power. Putting off a billion-dollar capital investment project can offset the reduced usage (and respective revenue) from a conservation campaign. Enterprise connectivity follows a similar pattern. The jump from 10Mb/s to 100Mb/s to multiple 100Mb/s or 1Gb/s connectivity is often large increments in cost. Being able to put off bandwidth expansion could save considerable resources.
Schedule of Major Steps
- Measure computational and network resources for identified use cases
- Measure computational and network resources for identified use cases using virtual Web browser
- Report based on measurements and analysis