Sophos launches ‘workspace protection’ to secure hybrid work and govern shadow AI

New browser-centric suite offers a lightweight alternative to complex SASE.

Cybersecurity leader Sophos has officially expanded its security portfolio with the launch of Sophos Workspace Protection, an integrated suite designed to secure remote and hybrid work environments without the cost and complexity of traditional SASE (Secure Access Service Edge) frameworks. Announced on January 20, 2026, the solution specifically targets the growing "Shadow AI" crisis, where employees use unsanctioned generative AI tools without corporate oversight.

The centerpiece of the launch is the Sophos Protected Browser, a hardened enterprise Chromium browser developed in partnership with Island, the industry leader in enterprise browsing technology.

Securing the "new desktop": The browser

As 85% of the modern workday now takes place within a web browser, Sophos is shifting its defense strategy away from backhauling traffic through centralized data centers and instead embedding security directly where the work happens.

Powered by Island, this browser allows IT teams to manage application usage, enforce local data controls (like blocking copy/paste of sensitive info), and filter web content directly within the user’s interface.

Zero Trust integration

The suite includes Sophos ZTNA, providing secure, posture-based access to private applications. This ensures that only authorized users on compliant devices can connect, keeping internal apps invisible to the open internet.

Shadow AI governance

With more than half of global employees reportedly hiding their use of AI tools from employers, Workspace Protection provides organization-wide visibility into which AI services are being used and what data is being shared with them.

A unified, four-pillar defense

The Workspace Protection bundle is managed entirely through the Sophos Central cloud platform and consists of four modular components:

• Sophos Protected Browser: The primary gateway for secure SaaS and web app access.

• Sophos ZTNA: For secure access to hosted and private web applications.

• Sophos DNS Protection: A cloud-delivered service that blocks malicious domains at the Windows endpoint level.

• Email Monitoring System: An add-on for Google and Microsoft email services that provides advanced phishing and threat detection.

The end of "heavyweight" SASE?

Sophos is positioning this launch as a "pragmatic shift" for small and mid-sized enterprises (SMEs) that find traditional SASE and SSE (Security Service Edge) solutions too expensive or difficult to deploy. By using the browser as the security "agent," Sophos eliminates the need for complex cloud infrastructure and traffic routing.

"Sophos Workspace Protection is an easy, effective, and affordable way to protect remote and hybrid workers," said Joe Levy, CEO of Sophos. "By combining Island’s enterprise browser technology with our security capabilities, we are helping organizations govern AI use and protect critical data with a solution that is significantly easier to manage."

The new suite will be generally available to customers and partners starting in late February 2026, with early access currently open for existing Sophos Central users.