Sophos is expanding beyond endpoint and network protection with Workspace Protection. It is a browser-centric security suite designed to secure hybrid work without the overhead of traditional SASE. Built around the Sophos Protected Browser built on work done by Island.io, the solution aims to control shadow IT and shadow AI while offering zero trust access to apps and data.

Sophos announced Workspace Protection as a new addition to its security portfolio, shoring up support for browser-based work. With 85 percent of the workday now happening in web browsers, the company argues that traditional SASE and SSE approaches introduce too much complexity for many organizations. It’s a good time to be focusing on it for other reasons, too: the browser is increasingly the attack vector of choice for threat actors.

The solution centers on the Sophos Protected Browser, a Chromium-based enterprise browser powered by Island.io’s enterprise solution. It integrates directly with the Sophos Central platform to provide visibility and control over application usage, local data handling, and web filtering. Organizations can enforce policies within the browser itself rather than backhauling traffic through centralized infrastructure.

Alternative to SASE complexity

Traditional hybrid work security often relies on SASE and SSE solutions that require significant infrastructure investment and specialized expertise. Sophos positions Workspace Protection as a simpler alternative that secures the workspace directly, reducing operational overhead while protecting users and data wherever work takes place.

The Protected Browser supports SSH and RDP access for remote administration alongside integrated Zero Trust Network Access (ZTNA) for private web applications. This allows organizations to provide secure access without exposing applications to the internet. Yet it remains to be seen whether this approach can truly replace the comprehensive coverage that established SASE providers deliver. At any rate, with remote work not going anywhere, security vendors will need to drill down on these novel endpoint scenarios without generating dissatisfaction from users due to overbearing security practices.

Governing Shadow AI usage

As generative AI tools proliferate in the workplace, shadow AI has also emerged as a significant concern. The risks posed generally focus on potential data leaks by sharing confidential information with unsecured chatbots. This data may be picked up by attackers or get into the hands of AI vendors – in the case of executives or legal teams inside a major corporation engaging in such acts, the effects can be enormous. Sophos research shows more than half of employees globally now use AI tools at work, often before formal policies exist. Workspace Protection provides visibility into these tools at the workspace level, enabling organizations to assess risk and govern AI adoption.

The suite includes several components beyond the Protected Browser. Sophos ZTNA delivers posture-based access to private applications, while DNS Protection blocks malicious domains at the Windows endpoint level. An Email Monitoring System adds phishing detection alongside Google or Microsoft email services.

Browser security converges with SASE

Sophos CEO Joe Levy noted that many SASE and SSE solutions add complexity while leaving gaps in visibility and control. “By combining Island’s enterprise browser technology with Sophos’ security capabilities and the Sophos Central platform, we are helping organizations govern AI use, protect critical data, and secure hybrid workforces with a solution that is easier to deploy and manage,” Levy stated.

Mike Fey, co-founder and CEO of Island, emphasized that the integration allows customers to protect data and secure application access through the browser without sacrificing productivity. The partnership brings Island’s browser controls into the Sophos ecosystem, managed through a single platform.

Sophos customers and partners will gain access to Workspace Protection starting in February 2026. Organizations can deploy the components together or individually based on their security and operational requirements, providing flexibility in how they address hybrid work security challenges.