Making the Unsafe Safer: Zero-Trust Web Access Using Remote Browser Isolation

This paper explores the potential of Remote Browser Isolation (RBI) technology configured as a reverse proxy to protect organizational web applications from untrusted clients. RBI technology is marketed to protect client browsers from compromise when browsing the unsafe Internet. RBI technology may provide additional security protections to web applications accessible through zero-client browser-based remote access in a zero-trust architecture. This paper uses research to conclude that RBI technology would present practical mitigations to many common web application vulnerabilities that can be exploited by an authenticated session on an untrusted client or network. Since these mitigations provide a middle ground between outright blocking or allowing native access, RBI could serve a useful purpose in a zero-trust architecture that must continue to operate for organizational purposes despite security risks.