If you’re reading this post, you’ve probably already heard about “unified endpoint management”, “enterprise mobility management”, the “digital workplace”, and other related buzzwords. However, the way we provide a work space to employees hasn’t significantly changed in the last decade. It still mainly consists of some mix of the following approaches:
- Corporate-owned PCs: providing a managed corporate laptop/desktop (typically a domain-joined Windows PC) and making sure users only have the minimal permissions to access corporate apps that they need for their work.
- BYOD: allowing employees and external users to use their personal/3rd party unmanaged devices to access corporate apps via VPN, cloud web apps, or VDI/published apps. In some cases these devices are partially managed or enrolled in endpoint management systems (e.g. MDM/MAM/…). This can apply both to mobile devices and PCs.
- Thin clients: some organizations are adopting a full VDI strategy and provide employees with thin client devices that only connect to remote virtual desktops running in the data center.
- App portal: regardless of the device being used, users can be provided with an app portal through which they can access all enterprise apps (either cloud/on-prem/legacy Windows apps). This approach is typically combined with SSO and sometimes with a Zero Trust approach.
Most enterprises have already adopted one or more of the technologies above to create their end-user computing environment. Regardless of the selected technologies, access to enterprise apps still boils down to either running apps locally (e.g. a local browser to access cloud apps, or a local native app) or to running apps remotely (e.g. via VDI or published apps).
This binary choice is not ideal, especially in our current COVID-19 age in which the vast majority of users are working from home with “77% of Remote Employees Use Unmanaged Personal Devices to Access Corporate Systems”. Running enterprise apps locally provides a great user experience but exposes these apps to local threats on the device (e.g. if access is being done from a personal/3rd party device). Running enterprise apps remotely can help secure access to these apps, but is very expensive (can reach ~$100/user/month with VDI/DaaS) and still provides a challenging user experience.
The rise of the remote workforce with COVID-19 combined with the fast adoption of cloud apps and the new wave of collaboration/productivity apps (e.g. Zoom, Teams, Slack, …) has made this dilemma even worse: where should enterprise users access these cloud apps? If we ask them to run locally, including on non-managed devices, we pose a significant risk to enterprise cyber security. If we force them to run these apps via VDI or even via a corporate VPN connection (to inspect the traffic), we run into cost, scalability, and user experience challenges.
It’s time to rethink our digital workspace and BYOD approach. Can we eat the cake and have it too? Can we have the security benefits of VDI/DaaS without the heavy toll on user experience, cost, and lacking scalability?
We believe it’s possible. Even the cheapest laptops have the hardware features necessary to run optimized local virtual machines. Furthermore, virtualization is now a built-in default feature of all modern operating systems, including both Windows 10 and macOS.
In response to the COVID-19 crisis, we’ve created Hysolate Workspace. We’ve leveraged these advances in hardware and OS technology to instantly create a hardware-isolated local virtual machine on the user’s laptop, without the traditional management and performance overhead of virtualization. This virtual machine looks to the user just like yet another desktop on their machine (similar to macOS spaces and Windows 10 multiple desktops) but has strong cloud-managed isolation policies attached to it, including fine-grained clipboard, USB, networking, and other security policies. Enterprises do not need to build or manage a full virtual machine OS image, it just works out of the box as a turnkey solution.
This approach allows enterprises to break out of the vicious binary choice of either local insecure apps or remote secure apps. For organizations looking to quickly adopt a BYOD program, Hysolate Workspace instantly creates an isolated corporate VM on the user’s device that will be used to access all of the enterprise productivity apps, without being impacted by security threats on the user’s device. For organizations that are still using corporate-owned devices, Hysolate Workspace can instantly create an isolated “unlocked VM” on the user’s device that will be used to access potentially-malicious content and apps that are not yet certified by the enterprise. All of the above without any backend infrastructure costs and with an approach that is scalable by design.
This approach fits nicely into unified endpoint management (UEM) strategies and extends it. Whether you’re already using Microsoft Endpoint Mobility Management/Intune, VMware Workspace ONE, or Citrix Endpoint Management, you can add Hysolate Workspace to allow users to get a better and more secure user experience while slashing costs associated with VDI, DaaS, and other endpoint security/isolation solutions.
To learn more about Hysolate Workspace and how you can start improving productivity in the work-from-home environment without compromising on security, check out the recording of our webinar, “CISO- It’s Your Time to be the Work-From-Home Productivity Hero” to learn more.
*** This is a Security Bloggers Network syndicated blog from Blog – Hysolate authored by Tal Zamir. Read the original post at: https://www.hysolate.com/blog/is-it-time-for-work-2-0/