The Technology of Web Virtualization

Web Virtualization is a cloud technology that sits between you and the internet or your intranet delivering an interesting set of security, compliance and experience enhancing applications.

Imagine accessing the web via an intelligent proxy server that had the ability to look into, analyse, filter and even change the content you are browsing before the content hits your device. For end users you would like this server to provide you with a safe, and maybe even enhanced, browsing experience. Your computer would be protected from drive-by malware attacks, spam, black-listed sites or content, and would maybe even anonymize your web access. For parents you might like to protect your children from violent or pornographic material. Businesses might like to see protection for their data, preventing leaks of confidential information. For compliance or security reasons, businesses might also like to monitor, audit, and even automatically flag access to or redact sensitive content.

Some of these capabilities can be provided by means other then a Web Virtualizer, for instance by using services such as OpenDNS, or through browser extensions. But most cannot, and it would be difficult to deliver all of these experiences consistently, and for access from all of your devices. A proxy server providing these services, on the other hand, would be able to do so uniformly, consistently and with an enormous amount of flexibility.

Armor5 – The World’s First Web Virtualization Solution

A Web Virtualizer is a proxy server that can do all of these things and more. I’ve had the great pleasure of seeing first hand what the world’s first web virtualizer can do. Armor5, a company out of Santa Clara, California, has introduced web virtualization to the enterprise market to protect business content. Armor5’s Web Virtualization protects devices, provides zero-leak access to corporate data behind the firewall or hosted with SaaS providers, and enhances the corporate browsing experience. They do this consistently no matter what device you are using, and with the benefit of Armor5 managing the solution to make sure it works and is up to date.

Armor5 is sold as a 100% cloud-based solution for enterprises to provide enhanced and protected access to corporate data. How it works is that employees connect to the web via a company-specific URL, for example the company Fish On Fire would be given the URL http://cloudspace.armor5.com/fishonfire. This URL accesses a proxy server where Armor5’s Web Virtualization Engine (WVE) is running. The WVE is a smart browser instance running in a secure container, and it preprocesses and sanitizes content before it is passed down for mirroring in your browser.

The WVE proxy server provides a home page with links to an enterprise’s major assets that include SaaS providers and the corporate intranet. Authentication tokens and cookies are managed by the WVE and encrypted. Access to the corporate intranet is cleverly done via existing VPN tunnels, which are also used to authenticate corporate users. Every connection is promoted to use SSL, with better end point certificate verification then is available in a browser.

Performance is suprisingly good and in some cases it seems improved. This is partly due to network topology, but also because VPN functionality has been moved from the device to Armor5’s stable server environment.

Preventing Data Loss

Web preprocessing involves breaking pages down, rewriting links, filtering content and feeding the pages to the browser over a secure socket connection in such a way that pages are built in browser memory rather then being cached on the device. The javascript running on the web page is run in the WVE rather than on the device, so the javascript can’t take advantage of security flaws on the device, or use social engineering to get access to contacts or other mobile APIs.

By preprocessing pages, Armor5’s WVE is able to detect and transform content such as PDF and Microsoft Office documents into HTML5. Armor5 includes a best-of-breed document viewer as part of their solution. In fact this is one of the points of having a cloud based web virtualizer: let someone else take care of assembling a best of breed solution.

Armor5’s document viewer provides what is referred to as Data Leakage Prevention, or DLP. Documents are never downloaded (leaked) to the device, and potential document-based malware is not able to take advantage of the expanded attack surface that results from opening external viewers. Armor5 also watermarks documents to provide an additional theft disincentive (just in case audited and alarmed access to sensitive content were not enough of a deterent).

Data Loss Prevention is important because tens of billions of dollars in mobile devices are lost or stolen each year. And when a personal device is used for work purposes you can’t control what software is on the device, or who is using the device. Agencies such as The Alcohol and Tobacco Tax and Trade Bureau (TTB) have concluded that:

The primary TTB BYOD lesson learned is to avoid allowing data to touch the personal device. Having all data, settings and processing in a central location and using the BYOD device simply as a viewer significantly simplifies the legal and policy implications.

Enhancing the Web Browser

Many of us run local Firefox or Chrome browser extensions to provide added functionality such as password management or filtering. With Armor a company can assemble these enhancements in the WVE on behalf of employees.

Armor5 has enhanced browsing beyond just providing the previously mentioned in-browser document viewer. You can print to corporate printers right from your mobile device, or you can save documents to an enabled network drive, or a company-sanctioned cloud storage service such as Box.

Armor5’s WVE also enhances the authentication experience. Sessions are managed in an encrypted store that is only accessible by the employee upon successful authentication with the corporate network. The session store allows for fast reconnect and easy authentication across corporate services.

One of my favorite WVE features is what Armor5 has done to make previously buried network drives accessible. Armor5 comes bundled with a network drive manager and browser that allows corporations to easily expose network drives, and employees to access those drives from any device. Gone is the need to put your content in the cloud in order to make it accessible from the cloud.

The web is mostly for consumming content rather then editing content, but yet if you are on your iPad and viewing a Word file on your corporate intranet, why can’t you edit it too? Armor5 has made that possible. By combining network drives (or any other document source) with a Microsoft-licensed document editor, Armor5 allows you to now click to edit and save any Microsoft Office document on the web. How cool is that!

Summary

Let me ground our discussion again in what is the essence of this solution: the Web Virtualizer. This is a web browser in the cloud that sits between you and the web sites you are accessing. It preprocesses and sanitizes content, preventing data loss and protecting devices from malware. Your browsing experience is enhanced with extensions and plug-ins that are managed for you, and that deliver advanced viewing, editing, collaboration and protection features. Think of how many browser extensions there are, and what they enable. Now imagine the green field of opportunities to turbocharge browsing experiences by managing these features in the cloud.

Web Virtualization isn’t just for Enterprises. Telcos can provide Web Virtualizer for their data plan customers. Consumers might also see benefits, whether it be for managing sessions regardless of what device you are using, the potential for anonymous access, spam and ad blocking or other reasons. There are currently no Web Virtualization services directly available to consumers. This could be an opportunity for Armor5 or other companies to fill.

Comments