Senior Security Engineer • Lyft
Securing access for contractors using unmanaged devices is a tricky enterprise security problem — you want to enforce security policy on devices you fundamentally don’t manage. Depending on the specifics of your supplier/vendor relationship, there are things you can and can’t enforce, and in extreme cases, deploying security agents on vendor devices may be off limits. Browser isolation presents an elegant solution to these problems by funneling all traffic through a remote browser, making it the single point of policy enforcement. In this talk, we present a case study of how Lyft’s corporate security team uses the Cloudflare clientless browser isolation solution to secure its contingent workforce.