Ericom’s New ZTEdge Web Application Isolation Addresses Security Concerns Associated With Third-Party Contractor Application Access

Enables organizations to provide simple, secure access to the private and public cloud or Web-based corporate apps that workers using unmanaged devices need for their work.

May 17, 2022

5 Min Read



Ericom Software, a leading provider of Zero Trust cloud cybersecurity solutions and developer of the ZTEdge™ SASE Platform, today announced the introduction of ZTEdge Web Application Isolation, an innovative cloud-delivered security solution that addresses a critical access security issue facing nearly all organizations that embrace the flexibility enabled by 3rd party workers. Specifically, these businesses must provide contractors, who typically use unmanaged devices (e.g. personal laptops or PCs provided by their employers), with access to corporate applications, while ensuring these systems will not be compromised by malware and that sensitive data cannot be mishandled or stolen.

The 3rd-Party Access Challenge

Flexible work environments and outsourcing have transformed the modern corporate workforce. Leveraging 3rd party specialists brings efficiencies and expertise to organizations but also introduces risk to their data, applications, and networks. The personal BYOD devices or laptops provided by the firms that 3rd party consultants work for are typically not managed by the contracting organization, and as a result, pose very real risks since they typically lack the up-to-date security controls present in organization-managed devices issued to employees. If unmanaged devices are compromised, they could upload malware to an application, potentially leading to downtime, breaches, or ransomware attacks. Additionally, sensitive data that is downloaded or copy-pasted onto unmanaged devices for legitimate use, or cached in a device’s web browser, is at risk of intentional or inadvertent exposure. Unfortunately, once users have logged in, dangerously little data security control or malware prevention is provided by the reverse proxy-based solutions within CASBs or WAFs that are currently used to control unmanaged device access.

Web Application Isolation

ZTEdge Web Application Isolation enables organizations to provide simple, secure access to the private and public cloud or web-based corporate applications that workers using unmanaged devices need for their work, regardless of whether they are 3rd party contractors or employees. Leveraging remote browser isolation (RBI) and easy-to-set granular, user-level policies, ZTEdge Web Application Isolation works with other systems to control which applications each user can access and, once in, which actions they can complete.

For instance, an employee may be allowed to edit a file within Office 365, but not to download it onto their unmanaged device, while a contractor may be limited solely to viewing the data. Policies can also be used to control what content – if any – can be uploaded to organization networks or web or cloud apps, and by whom. Content disarm and reconstruction (CDR) can be applied to ensure that all content and files from unmanaged devices are free of malware and threats prior to upload. Additionally, data loss prevention (DLP) can be used to safeguard against exposure of confidential material and PII in downloads.

To protect against credential misuse or theft, SaaS and web application access may be restricted to logins originating from the organization’s Web Application Isolation tenant dedicated IP address. Additionally, built-in IAM capabilities enable quick onboarding of employees and contractors – and makes it equally simple to cancel access privileges when contracts end or employees leave.

The Power of Remote Browser Isolation

ZTEdge Web Application Isolation is the latest innovative solution to use Ericom’s core Remote Browser Isolation (RBI) technology. In addition to Web Application Isolation, Ericom RBI-based solutions include:

  • Web/Email Browser Isolation – RBI protects endpoints from advanced malware, ransomware, and other threats targeting devices from the web and email, intelligently categorizing websites/URLs and isolating risky ones in the cloud, remote from devices. For additional protection against phishing attacks, websites are presented in “read-only” mode to prevent credential theft.

  • Instant Messenger (IM) Isolation – RBI protects users of popular IM platforms like WhatsApp by scanning end-to-end encrypted traffic – a blind spot for traditional Secure Web Gateway (SWG) products – to prevent malware delivery and data exfiltration.

  • Virtual Meeting Isolation – This patent-pending Ericom solution brings the power of web isolation to secure web-based virtual meetings like Zoom and Teams. Users experience a completely standard virtual meeting experience, yet endpoints and networks are protected from malware hidden in links and other shared media and IT can enforce sharing controls to protect data.

“Web Application Isolation is the latest example of Ericom tackling big security challenges and successfully delivering solutions that are simpler and more effective than current approaches,” said David Canellos, CEO of Ericom Software. “Our Web Browser Isolation, Instant Messenger Isolation, and Virtual Meeting Isolation solutions address use cases that Secure Web Gateway and Secure Email Gateways could not handle, and Web Application Isolation is now doing the same for existing WAF, CASB, and ZTNA solutions. I’m excited to see the dramatic positive impact our innovative solutions are having on the security posture of our customers.”

Ericom’s isolation solutions can be licensed individually or as part of its ZTEdge SASE platform. Learn more at

About Ericom Software
Ericom Software is a leading provider of cloud-delivered, Zero Trust cybersecurity solutions that protect today’s digitally distributed organizations from advanced security threats. The company’s ZTEdge™ platform is the industry’s first Secure Access Service Edge (SASE) solution developed specifically for midsize enterprises and small businesses. Ericom solutions leverage innovative remote browser isolation, application isolation, micro-segmentation, and virtualization technologies, and are delivered on the Ericom Global Cloud, a distributed high-availability elastic cloud platform. Ericom’s cybersecurity solutions protect thousands of businesses and millions of end users worldwide. The company has offices around the world and a global network of distributors and partners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights