Chrome is still faster than Firefox insists Google engineer

Enterprises should have a browser strategy insists Google's Oliver Madden

The browser is now one of the most important and widely used applications and deserves a strategy of its own. That's according to Oliver Madden, Chrome enterprise browser specialist at Google.

The browser has morphed into a complex piece of software that's closer to being an operating system in itself than the simple gateway of yesterday, he told the audience at Computing's Enterprise Security and Risk Management on Thursday.

However, a request for a show of hands among those who had an enterprise browser strategy yielded precisely no hands at all.

This needs to change in the age of mobility where so many applications are cloud-based and accessed through a browser, said Madden. Enterprises are much more likely to be targets than consumers, he added, pointing to Google figures that show targeted phishing and malware are six times and four times more likely, respectively, to arrive in an enterprise inbox than in a personal one.

The rise of BYOD and the proliferation of devices all of which are accessing web-based apps increases the risk further still.

Modern browsers such as Chrome offer a variety of enterprise security features more such as whitelisting and managing extensions. In addition, some like Chrome feature warning screens when a social engineering attempt or malware attack is detected.

Madden called out sandboxing and fuzzing as areas that were pioneered by the Chrome browser. Sandboxing means that each application runs independently from others in its own tab, while fuzzing refers to the proactive of testing new builds with high-velocity attacks.

"Web browsers are complicated pieces of software that are extremely difficult to secure," he said. "In the case of Chrome, we also have to contend with a codebase that evolves at a blisteringly fast pace. All of this means that we need to move very quickly to keep up, and one of the ways we do so is with a scaled out fuzzing infrastructure."

Another issue to consider when choosing an enterprise browser is backward compatibility. With many web apps built for Internet Explorer still in use, browsers should be able to adapt seamlessly to their requirements, he said.

Madden was on slightly shakier ground when it came to privacy. He pointed to the service opt-outs in Crome available to administrators and mentioned that all data is encrypted and read by machines, not humans; he even said that Google is working on ad blockers to get rid of the most intrusive and deceptive ads.

Vulnerable third-party addons are a tricky area for browser vendors and particularly for Google with Android. "We have a certain amount of AI and machine learning that looks at these plugins and there will always be those that get under the radar, but we give admins the ability to manage this now with a full management tool within Active Directory or Google Chrome Enterprise that will enable them to mitigate this risk," Madden explained in response to a question from the audience.

A question about Firefox Quantum brought a more assured response. Mozilla has claimed that the new revamped Firefox is quicker than Chrome under most common usage conditions. Mentioning that Google works closely with Mozilla (Google has been reinstated as the default search engine in Firefox) he said: "It's been dubbed faster, but we've tested it using an [independent] speed checker we still come out on top."

In August Google launched Chrome Enterprise which integrates with Microsoft Active Directory and VMware AirWatch mobile device management software.