Secure Browser vs VDI
I work for a start up. We’re looking to become SAQ C-VT compliant. We have agents that take credit card numbers and input them into carrier portals, this is all done in the browser.
My question is, would a secure browser actually make us compliant?
The secure browser will prevent copy/paste, sensitive information masking, enforce conditional access, 2FA, and introduce water marks over sensitive data.
These users work from home, on their own ISP, on a workgroup windows device, using a local account.
The alternative is a VDI. I’ve used Omnissa in the past and had an awful experience with it and the MSP providing the desktops, plus I’d like to avoid spinning up a ton of infrastructure if possible. Curious if anyone is in the same boat utilizing a secure browser or might have some insight into what auditor might say about it.