Microsoft 365, Salesforce, ServiceNow and a dozen others… the browser is where work happens. But most organisations are still guarding the perimeter of a building their people deserted years ago. With hybrid work, AI in everyone’s hands and rising compliance, the browser is your biggest security blind spot.
By Stuart Couchman, CEO, Enablis
For years, the VPN was the cornerstone of remote access security. Connect to the VPN, join the network and reach the data center. It made sense when that's where everything lived.
Today, people go straight to core business platforms online, often without corporate visibility or control. The security perimeter still exists on paper, but the data it was built to protect moved to the cloud years ago.
Cloud migration has been a genuine decade-long effort and most organisations have made it. The problem is that security strategy hasn't kept pace.
At a recent executive briefing, we put a question to the room: if you could only use a browser in your business, what couldn’t you do? About 90% said they could still do everything.
While there are still legacy platforms, for some Australian organisations, everything that matters – email, finance, HR, CRM and project management – runs in the browser. Their security model was built for an era when data lived on-premise, people worked from the office and IT controlled the device. None of that holds today.
Work happens everywhere
People work from home or anywhere on personal devices, contractors access systems from their own machines and field workers update records from their phones. The corporate-controlled device is no longer the logical place to draw the line.
Tightening governance and compliance
Most organisations – especially highly regulated ones such as finance, government, healthcare or NFP – need to demonstrate real control over how sensitive data is accessed and shared. Data loss prevention (DLP) has moved from best practice to baseline requirement, and the consequences of getting it wrong have grown.
AI moves faster than security policies
Whether sanctioned or not, your staff are using AI tools like ChatGPT, Copilot and many others in their work. The browser is where that’s happening, and without browser-level visibility, organisations simply can’t see it.
While secure browsers have been around for years, the market has been slow to catch up. The concept of making the browser itself the control point is now capturing the attention it deserves.
Palo Alto Networks led the charge a few years ago, acquiring enterprise browser maker Talon, and in January 2026, CrowdStrike announced the purchase of browser security company Seraphic Security for $420M. When two of the world's largest security vendors make significant bets on the same category, it's not a coincidence. The shift to SaaS is what changed the equation.
When your entire operation runs in the browser, securing it is now a core expectation. What we find when working with organisations making the transition is that the reality is far less disruptive than most expect.
Traditional security guards the perimeter. The secure browser moves it to where work happens.
The solution Enablis deploys is built on Chrome, so staff keep using the same browser and most never notice the difference. What changes is everything underneath.
Organisations today rely on a patchwork of controls (e.g. firewalls, VPNs, endpoint tools, CASB and DLP) each designed for a different era, each with its own blind spots. The secure browser consolidates that complexity into a single control point, with visibility in both directions: what comes in and what goes out.
This shift is gaining momentum. Recent moves across the security market reflect a growing recognition that the browser is no longer just a productivity layer, it’s now a primary security surface.
Because control sits at the browser rather than the device:
For example, one healthcare organisation replaced the process of shipping VPN-equipped laptops to GPs with a simple browser download. Doctors now access patient records securely from their own machines, with the provider controlling exactly what they can see and do.
This model marks a shift away from device‑dependent security.
Historically, organisations relied on managed laptops and VPNs to enforce control — an approach that is costly, difficult to scale and increasingly misaligned with flexible working and third‑party access.
A browser‑centric approach governs access through policy instead. Control is applied consistently across managed and unmanaged devices, without changing how people work or forcing a trade‑off between usability and security.
Deployment doesn’t have to disrupt workflows. You can deploy a secure browser with no restrictions for a few weeks to analyse which applications and AI tools people are using and where data is going. From there, policy decisions are grounded in real behaviour rather than assumptions.
While Gartner estimates fewer than 10% of organisations have deployed a secure enterprise browser today, they expect that number to reach 25% by 2028*.
To talk through how a secure browser approach could work for your organisation, contact the Enablis team.
Stuart Couchman is the CEO of Enablis, a managed communications and security provider helping organisations cut through complexity and grow with confidence.
* Gartner, 25% of Organisations Will Use Secure Enterprise Browsers by 2028, 2025