Protecting the Digital Workspace: Security Measures

read -
Published 05-Jun-2017 14:27:46
Security for the digital workspace

When VMware announced the Workspace ONE platform in early 2016, it was in response to a shift in the overall technology landscape as organisations increasingly looked to create digital enterprises.

Eliminating complexity and improving convenience

As Forbes noted at the time, digital transformation was evolving. “Every part of a business is changing as a result of the rise of mobile, cloud computing, big data and analytics. In the past, companies could typical focus on one or two technology transitions at a time. Increasingly, executives across the organisation are being asked to make multiple technology decisions.”

It went on to point out that on the IT side “there are too many choices and companies are seeking convergence. At the same time, employees and line of business managers want to eliminate complexity while gaining the convenience of anywhere access to services. Vendors must respond to these changes or risk being cast aside.”

Integrated identity, device management and application delivery

VMware Workspace ONE was launched to offer a simple and secure digital workspace, integrating identity, device management and application delivery in a single platform.

Workspace ONE provides one-touch mobile single sign-on using Secure App Token Systems (SATS) that establish trust between the user, device, enterprise and cloud. Once authenticated, employees can subscribe to any of the corporation’s mobile, cloud or Windows application based on the organisation’s policies. It also enables unified management of BYO and corporate-owned devices.

As Forbes acknowledged, VMware Workspace ONE was the right product at the right time: “VMware’s aim is to reduce complexity, increase product stickiness and drive new revenue with an integrated end user computing product… The good news for VMware is its timing.” Flexibility was a key consideration as Workspace ONE was made available as both a cloud service or for on-premises deployment. 

security for the digital workspace

What Workspace ONE does

Workspace ONE, with integrated AirWatch enterprise mobility management, unifies the management of every endpoint, regardless of platform or ownership model. With a ‘consumer simple, enterprise secure’ mantra, it delivers secure access to cloud, mobile, web and Windows apps on any smartphone, tablet or laptop through a single catalogue and a consumer-simple single sign-on experience.

It also modernises Windows 10 management by enabling simple and secure user onboarding of Windows 10 endpoints, with out-of-box enrolment (OOBE) using cloud-based device and app lifecycle management.

Endpoint management can be unified using Workspace ONE’s single platform to manage all devices, regardless of ownership model, while maintaining complete employee privacy. And the platform lowers the overall cost of delivering virtual desktops and apps.

March 2017 saw some significant enhancements to the Workspace ONE. As CMSWire observed, its “upgrades make it easier for IT to deliver unified access and single sign-on experience to intranet applications that use Kerberos or HTTP headers, and richer conditional access capabilities. The updated Workspace ONE solution will enable a new single control plane across cloud, native and intranet applications and extend multi-factor authentication (MFA) to the Apple Watch.”

At the same time, VMware made it easier for customers to buy and deploy the Workspace ONE solution with new pricing and packaging options that it believes address every use case in every organisation of any size.

Unified endpoint management enhancements for 2017

As VMware explains, Workspace ONE’s unified endpoint management enhancements for 2017 include four new capabilities:

1.   Simple, secure Android for the enterprise

Android updates deliver a turnkey end-user experience, while streamlining app and device setup and security. With the updates in Workspace ONE and AirWatch, IT can easily onboard devices into work-managed mode with new deployment methods. VMware also streamlined application deployment with tighter Google Play integration, and simplified things for end users by (a) automating application permissions and configuration, and (b) introducing app-level password policies for enhanced security of work apps.

2.   Expanded support for Windows 10

In the new release, VMware created expanded OS update controls, overcoming the challenges associated with off-network patching and the rigidity of Windows Updates as a Service branching model. A new patch compliance dashboard helps IT perform compliance auditing of Windows updates, and AirWatch automatically enables advanced BitLocker configurations, eliminating the need for additional encryption management tools from Microsoft or third parties.

VMware’s capabilities therefore help IT effectively manage Windows 10 endpoints to:

  • Maintain compliance with the latest operating system (OS) software patches.
  • Protect data at rest by rendering the data unreadable to unauthorized users.
  • Distribute apps directly from a custom company catalogue or silently upon device enrolment.

3.   Support for forthcoming iOS and macOS releases

VMware developed updated versions of the AirWatch Software Development Kit (SDK), app wrapping engine, and productivity applications for forthcoming iOS and macOS software updates. The solution will support and complement the new management and security capabilities expected from Apple.

4.   On-device rules engine for purpose-built endpoints

The new rules engine for purpose-built devices, also known as rugged devices, enables IT to automate remote actions using rules or conditions set in the AirWatch console. Device conditions like battery, time, adapter, memory and connectivity status are stored on the device, making actions reliable and in real time. VMware designed this device-based rules engine for specialised industries and use cases, such as warehouses, manufacturing plants, oil rigs or hospitals.

Vohkus and Workspace ONE

Are unsupported devices being used in your business? How do you ensure data is being managed safely and effectively on mobile devices? Vohkus’s VMware know-how and expertise in remote management can accelerate Workspace ONE adoption, bringing you ROI earlier, reducing the threat of data leakage, and helping you demonstrate compliance faster.

The US National Information Assurance Partnership (established by the National Institute of Standards and Technology and the National Security Agency) validated the AirWatch solution with Common Criteria certification that enables organisations to use AirWatch with the confidence that the solution adheres to strict security guidelines.

It’s easy to try Workspace ONE. Talk to us about setting up a trial environment using VMware’s Hands-On Lab.


workspace MDM VMware Airwatch Workspace ONE Remote Management