Brave Software for privacy across the Web
Secure data, technology, and people
Brave Software committed to providing privacy across the Web
Is it reasonable to expect speed, privacy, and security from your Web browser? That is exactly what Brendan Eich set out to accomplish in 2015 when he partnered with Brian Bondy to create Brave Software. They shared a common vision of creating “the best privacy-oriented browser online.” Their ambitious goal included a rather unique combination of privacy-on-the-Web coupled with a new blockchain-based digital advertising platform.
Brave’s millions of global users share the goal of wanting to keep their information private with the safest browser ever made. The browser blocks privacy-invasive ads, trackers, third-party cookies, IP address collection, and also provides protection from fingerprinting.
From humble beginnings, Brave has grown exponentially with more than 55 million current monthly active users worldwide, who benefit from a private, speedier Web experience. There is upside across their Web ecosystem as creators are enjoying increased revenue share, and advertisers are seeing higher conversion rates. Brave currently features more than 1.5 million verified creators.
Eich and Bondy turned the traditional Web ad ecosystem on its head by offering users an opportunity to opt in or out of privacy-preserving advertising. Those who have interest in experiencing advertising and have opted into advertisements are rewarded by Brave with Basic Attention Tokens or BATs, based on the number of adverts they choose. These tokens can then be converted for things the users want to buy, or contributed as tips to publishers and content creators alike.
Key results:
- Strong security for remote workers
- Phishing-resistant MFA
- Easily deployed, company-wide
A female CISO with a history of cutting-edge security practices
Yan Zhu, Chief Information Security Officer at Brave, joined the fight for privacy back in 2015 when the company was small in size, but big on vision and clear in its mission. Zhu was an early adopter of YubiKeys. “I have been using YubiKeys for at least seven years. I think I was one of the earlier users. Since they first came out, everyone has been very excited about them,” said Yan Zhu, CISO, Brave Software. She first encountered YubiKeys at a security conference she attended many years ago and was excited to bring a couple of them home after stopping by the Yubico booth. Understanding the value of keeping the Internet safe, Zhu began using her first YubiKeys to protect her own online accounts.
At one point, Zhu created a “second factor” for unlocking her Lenovo Thinkpad using a YubiKey. This was somewhat novel at the time, as it was before Apple had added TouchID to their MacBook Pro line. Zhu’s initial use of YubiKeys in her personal life made it second nature for her to bring them into the workplace at Brave. “Around 2017, we started mandating YubiKeys for all employees. We started purchasing them as part of our employee standard technology package for everyone who joined Brave, and we still do,” said Zhu.
“I have been using YubiKeys for at least seven years. I think I was one of the earlier users. Since they first came out, everyone has been very excited about them.”
Commitment to security by providing all employees with YubiKeys
Despite the fact that the YubiKey is highly intuitive and fast and easy to use, Brave is mindful of the fact that as it grows, not everyone is equally comfortable with new technology. Therefore, in order to ensure fast user adoption of modern security to combat ever-evolving cyber threats, the Brave security team sets up internal training meetings to walk new employees through the YubiKey setup process. This enables them to take advantage of strong multi-factor authentication (MFA). The company has long required two-factor authentication (2FA) for their main accounts and strongly encourages employees to take advantage of their YubiKeys.
“As we seek to protect our senior VPs, engineers, managers, and executives, YubiKeys are required for at least one of our 2FA requirements, which provides a strong level of protection for our top employees. We provide YubiKeys to all of our employees and we encourage their use for work access as well as in their personal lives,” said Zhu.
For senior leaders at Brave who are likely targets for malware, phishing, and other bad actor attacks, Zhu has senior Brave executives using an advanced protection system, which includes support for hardware security keys such as the YubiKey. Users must use their YubiKey for one or both of their strong MFA requirements.
With the introduction of YubiKeys to all internal users at Brave, the organization has futureproofed their security investment and ensured protection for sensitive systems and data in today’s world, while ensuring that the company stays protected against evolving threats. Their privileged access approach is an example of the company’s dedication to strong security for their employees and executives, along with the safety and privacy they offer all Brave browser and search users.
“Around 2017, we started mandating YubiKeys for all employees. We started purchasing them as part of our employee standard technology package for everyone who joined Brave, and we still do.”