The New Perimeter for Securing Access from any User or Device
Over the last decade, the workforce experienced a phenomenal transformation. This shift, commonly called digital transformation, made it more difficult than ever before to enable secure access to corporate resources. Changes in workstyles, devices and apps—and how end users expect to interact with productivity tools—exacerbated the problem.
In the past, in order for end users to be productive, all work-related tasks had to be done from a company-purchased Windows desktop or laptop with a locked down corporate image. Today, end users work on multiple devices, with various form factors and operating systems. Many of these devices are not managed by IT, so IT cannot trust the device.
With the diversity of devices, end users now need access to Software-as-a-Service (SaaS) apps, native mobile apps, Windows apps and internal web apps, along with legacy and virtualized apps. In fact, we’re at a point where there are more non-Windows apps than Windows apps. With the proliferation of SaaS apps, more and more application resources move outside the walls of the corporate network, and into the cloud.
The workforce has also changed. In the past, organizations only thought of employees and how those users accessed corporate resources. But organizations now need to think about contingent staff, business partners and in some cases even customers.
In 2015, contingent workers on average made up 18% of the total workforce, yet that number is expected to increase to 40% in 2020.
IT needs to think about how to enable secure access to corporate resources for end users not bound by an employee handbook. More than ever before, IT needs to transform how they think about access control and evolve how they solve for these fundamental shifts in the way people work.
IT Needs a New Access Control Layer
At VMware, we invest a lot of time and effort into thinking about how to enable diverse workstyles that span a broad range of devices and apps. Existing systems for securing access to corporate resources focus on legacy controls: network access control lists, domain membership and only trusting devices with a corporate image. We believe the industry needs to evolve to focus on controlling access based on a new access control layer.
This access control layer is designed to look at the whole picture:
- Who are you?
- What do you have access to?
- Under what conditions will I allow that access?
- Do I trust the device you’re on?
- Should I ask for more information?
- Can I give you limited access to resources?
By looking at the whole picture, IT has peace of mind knowing that access control decisions will be made at the perimeter. Only authorized users will access corporate resources under the conditions that IT has set. This access control layer works across device ownership models, whether the device is corporate-owned, shared or personal.
The VMware Solution to Unify Access Control
At VMware, we have taken to heart this new approach with VMware Workspace ONE. Workspace ONE is a single solution that brings together application access management, unified endpoint management and real-time application delivery into the industry’s only solution for delivering secure digital workspaces to any user on any device.
In order to unify access control, we focus on four core areas:
- Contextual access control: With Workspace ONE we realize that access control decisions must be dynamic, based on context. We built a powerful access control engine based on data across users, devices, applications and network location. That information is then used to make contextual decisions on what a user can access and under what conditions. Based on context, IT can also decide to elevate security (perhaps by asking for a second factor of authentication) or management (by asking the end user to enroll in additional management).
- Complete visibility into device posture: We take access control decisions to new heights when we combine our access control engine with the information that is delivered by VMware AirWatch. AirWatch, the market-leading enterprise mobility management solution that is part of Workspace ONE, enables us to understand the posture of a device. For example, we can look at whether or not a device has a management profile, a device passcode, the right OS version, application whitelisting and whether it has been jailbroken/rooted.
- Step-up authentication: Because we baked in VMware Verify, a two-factor authentication (2FA) solution in Workspace ONE, organizations can configure 2FA to all corporate applications or more commonly, to specific applications containing sensitive corporate information. As an example, that means that IT can require 2FA when an end user launches Salesforce on a mobile device from an untrusted network. And with new support for mobile-push authentication to an Apple Watch, that second factor is just a touch away!
- Support for any app and any device: It’s imperative for users to access all of the apps they need to be productive, on the device of their choice. This is critical as end users receive new devices over the holidays, or students start using new devices to start the school year. This also includes having a single portal to access the various app types they need to do their job. That is also why with our latest release, we announced the new VMware Unified Access Gateway that will now support legacy apps that use Kerberos and HTTP headers.
When we bring all of these pieces together, IT benefits from a single, powerful solution that enables secure access to digital workspaces. They have a single access control layer for enabling and configuring access, with the controls necessary to make contextual decisions based on a broad range of criteria.
End users also get a seamless, award-winning experience that drives adoption. The end result is that IT can provide a consumer simple experience without sacrificing security and control.
To learn more about Workspace ONE, check out the links below:
Because you liked this blog: