Island has launched a new Secure Access Service Edge (SASE) architecture that brings more security checks closer to users and reduces reliance on cloud proxy backhaul.
Island positions the launch as a response to changing access patterns, as employees and software agents increasingly use Software-as-a-Service tools, web applications, and AI services. They argue that this change exposes the limitations of SASE designs that route traffic through far-flung inspection points.
The architecture is designed to allow up to 90% of sessions to connect directly without backhaul and can be deployed to managed and unmanaged devices in as little as five minutes, Island said. It also avoids SSL/TLS interruptions and inspection of browser traffic, reducing latency and limiting the impact of outages, the company said.
proxy model
SASE is commonly used to combine wide area networks with network security features such as secure web gateways and zero-trust access. Many implementations rely on proxy-based inspection in the cloud, often decrypting and re-encrypting sessions before applying policy controls.
Island argues that this model is responsible for performance issues and operational complexity, and that network-level inspection has difficulty capturing user activity within a browser session. That gap is widening as employees use AI tools and organizations begin deploying AI agents that call other tools and services on their behalf.
Island’s architecture is built around what the company calls a “perfect packet” approach, which analyzes and protects traffic at the most appropriate point on the device or in the cloud. This differs from designs that default to backhauling traffic through a proxy service for policy enforcement.
Implementation points
With Island’s approach, policy evaluation can occur at the user experience layer on the workstation. It also uses cloud points of presence for inspection and routing as needed, across the Google Cloud Platform, Microsoft Azure, and Amazon Web Services networks.
Island’s enterprise platform includes an enterprise browser, extensions, and desktop components. Evaluate identity, device state, geolocation, application context, and user activity during interaction. Most traffic takes a direct path and enters Island’s network only when value is added through inspection or routing, the company said.
According to Island, the architecture uses two separate network stacks for resiliency and failover.
Unmanaged devices
Island also targets long-standing challenges for security teams. Contractors, partners, and bring-your-own-device users often rely on unmanaged endpoints where organizations cannot install security agents or certificates. In these cases, traditional SASE rollouts can be difficult, especially if traffic inspection relies on device certificates and agent software.
Island says its approach supports both managed and unmanaged devices. It also says that bypassing the default SSL/TLS break and inspection of browser traffic reduces session drops and certificate errors, improving end-user experience and security operations.
AI governance
Much of our product messaging focuses on AI usage and AI agent workflows. Island argues that network enforcement focuses on connections in transit rather than user intent, while prompts, uploads, tool calls, and AI-generated outputs occur where the user interacts with the service rather than within a network hop.
AI can be managed “at the point of intent” using user, device, and session context, and an audit trail of AI sessions can be recorded, including data type sent, target application, and user identity. According to Island, this applies across human and agent workflows.
Dan Amiga, CTO and co-founder of Island, said the market requires a different approach as the use of AI expands.
“If SASE can’t see what’s happening inside an AI session, it’s not in control of the AI; it’s making guesses,” said Dan Amiga, CTO and co-founder of Island. “We built the Perfect Packet Network because the old model of backhauling everything through proxies added blind spots and costs. If you protect data before it moves and evaluate policies in real-time, security runs at the speed of work.”
stack component
Island says the complete SASE stack is delivered through a single control plane, including private access for zero-trust access to private applications, secure web gateways, remote browser isolation for high-risk destinations, and data protection controls at browsers and endpoints.
The stack also includes a cloud access security broker that uses native APIs to provide visibility into your SaaS environment, including monitoring files, permissions, and configuration without rerouting traffic. The company says it also includes a digital experience that monitors application performance and device health.
Island said the architecture has already been deployed to Fortune 500 customers and is now being made more widely available.
