Security magazine sits down with Dan Amiga, Co-Founder and Chief Technology Officer (CTO) of Island, to discuss how to find a balance between providing end user privacy and protecting company data.
Security: What is your role and background?
Amiga: I am the co-founder and CTO of Island. I’ve been in the cybersecurity space for over 20 years, beginning as a software security innovator in the Israeli Intelligence Corps. Since then, I’ve served as Chief Software Architect of Schneider Electric and led the software security department for the Microsoft Technology Center in Tel Aviv. I also invented web isolation technology as co-founder and CTO of Fireglass, which was eventually acquired by Symantec, and was a founding investor of Axis Security, Cycode, and Build.Security. I also frequently present at security conferences and lecture as an adjunct professor of advanced high scale cloud computing at the Reichman University (IDC). I see all these incredible experiences as critical steps along my journey to co-founding Island.
Security: We’ve been having these conversations about privacy in the context of 3rd party cookies and browser tracking, but we’ve always ignored the issue of employee and workplace privacy — feeling as though privacy was forfeited the moment you sit down to work. Why is it important this issue isn’t ignored?
Amiga: The common understanding at work has always been, in order to keep work secure, employees must forfeit their right to privacy. And because of it, a feeling of distrust has built up over time between employee and employer.
This was never intentional though. The technological approaches to securing corporate data made it impossible to provide employee privacy at the same time. Work always needed to be done on managed devices, where endpoint agents, proxies, and firewalls were used to monitor and inspect all behavior — whether work related or not.
The result? Employees were made to feel awkward and uncomfortable every time they get to work. A feeling that inevitably leads to workforce productivity and retention issues across the organization.
And with privacy at the front of people’s minds in the rest of their digital worlds, the lack of employee privacy at work has become a glaring pain point — an unfair byproduct of the workplace that has no parallel outside of work. And it’s time we addressed this issue.
Security: What is the key to unlocking employee privacy?
Amiga: The key lies in rethinking our approach to securing critical data in the workplace. What if instead of intruding on employee activity using invasive security tools, we simply took control over the work environment itself — i.e. the browser? By having work done on an enterprise browser, organizations can enforce fine-tuned policies around how employees access and use corporate data. So instead of blindly breaking and inspecting all browser behavior, they can choose which apps and activities to monitor and which to leave private.
By gaining visibility at the pre-encryption stage, companies fully protect their data and assets without invading the privacy of their employees when it comes to everything else.
Ironically — a corporate-managed browser gives employees privacy that they never would have enjoyed using a typical consumer browser and network security solutions.
Now, a true separation can be made between personal and corporate activity in the workplace, which means employer-employee trust can finally be restored.
Security: How can organizations find a balance between providing end user privacy and protecting company data?
Amiga: Until now, that kind of balance was unattainable. Organizations were forced to choose security of their data and assets of privacy of the employee. But enterprise browsers make it possible for organizations to decide which apps, sites, interactions, and behaviors to monitor and which to leave completely alone. This type of granularity simply wasn’t possible with our traditional network and endpoint security tools. But now, that balance of enterprise security and employee privacy is not just attainable, it’s built into the work environment itself.
Best of all, with an enterprise browser, employees can easily check their privacy status at all times and know exactly when their browser behavior is being monitored and when it’s totally private.
It’s really a best of both worlds scenario, and we’re excited to see how the enterprise browser space enables a more trusted environment for employees to reach their full potential.