Security By Product Featured VMware Workspace ONE

Driving Enterprise Security With VMware Workspace ONE

When VMware End-User Computing (EUC) introduced VMware Workspace ONE to the market in February of 2016, we attached a mission statement to the solution. That statement is “Consumer Simple. Enterprise Secure.” I’d like to spend a bit of time today breaking down what this mission really means to VMware EUC and why it’s important to the future of how work is done in highly mobile environments.

Consumer Simple

“Consumer Simple” sounds self-explanatory, and it really is. When we designed Workspace ONE, we wanted the user experience to be similar to that of the modern, mobile smartphone era.

No one needs to spend a lot of time teaching someone how to use a modern smartphone. The interfaces are typically quite intuitive, and a plethora of software is available at your fingertips via a self-service, one-click app store experience.

Workspace ONE delivers on this same self-service driven, one-click install experience for applications in the enterprise world—whether that app is a modern mobile app, an intranet web app, a cloud-based Software-as-a-Service (SaaS) app, a virtual app or a classic Windows or macOS application.

Enterprise Secure

“Enterprise Secure” is the slightly more difficult part of our mission statement to describe. On the surface, it’s clear that our Workspace ONE offering is designed to provide enterprise-grade security. However, that doesn’t do a good enough job to describe what we specifically mean by enterprise-grade security.

To be honest, the number of things that Workspace ONE brings to the table from a security point of view are too numerous to cover in just a single blog. However, let me highlight a few unique things that Workspace ONE does that deliver on this message of “Enterprise Secure.”


Single Identity Access to Resources

A very common problem affecting everyday users today is too many user accounts and passwords. The average user has well over 25 user accounts and passwords. Due to modern password complexity rules, most users default to a handful of unique usernames and passwords and re-use those same credentials on multiple sites.

What Workspace ONE does to solve this issue is provide a single user account and password that federates your authentication to third-party SaaS solutions. A user only needs a single username and password, and Workspace ONE takes care of authenticating them to all of their resources automatically.

In addition, for those sites that do not support federated identity, the Workspace ONE password vaulting feature allows you to use very complex passwords without needing to remember each one. Workspace ONE automatically fills in the complex passwords for you.

Ultimately, this means there’s no need to duplicate passwords across websites, which reduces the likelihood of a user’s password being breached on one website and re-used on other sites. VMware utilizes over 50 public SaaS applications for a single logon/password that grants access to all of them.

[Related: (Survey) Top 10 Identity and Access Management Challenges]

Per-App VPN

Traditionally, endpoint devices leveraged full device tunnel VPN solutions to bridge connectivity from the edge into the data center. The downside of a full, device-based VPN tunnel is that the VPN tunnel can be hijacked by malware to attack data center resources through the VPN. The good news is that modern operating systems like iOS, Android and Windows 10 permit a new type of application-based tunneling technology called per-app VPN.

The bad news? Malware can hijack a full, device-based VPN tunnel. The good news? There’s a new tunneling tech called per-app VPN.
Click to Tweet

Workspace ONE supports per-app VPN technologies, which changes the VPN connectivity into a secure wrapper around a specific process or app on the endpoint (rather than a device-based open tunnel allowing all apps on the endpoint to use the secure tunnel). This automatically improves security by reducing the chances of malware hijacking the tunnel. In addition, one can combine our per-app VPN tunnel with VMware NSX micro-segmentation policies to further restrict those per-app VPN tunnels and control termination onto specific hosts/ports in the data center.

[Related: VMware AirWatch 101—Per-App VPN]


The AppConfig Community is an open platform for third-party independent software vendors (ISVs) to build apps that provide enterprise-grade security within their mobile apps. AppConfig consists of nearly 100 unique ISVs—such as Salesforce, SAP, Box and other popular native mobile apps—AppConfig and the most popular enterprise mobility management (EMM) platforms—like VMware AirWatch, MobileIron, IBM, Blackberry and others.

Using the AppConfig Community’s best practices, app developers build enterprise security capabilities into mobile apps, like encryption, “open-in” restrictions, copy and paste controls and the integrated single sign-on and per-app tunnel functionality as discussed above. Learn more about (and join) the AppConfig community at

[Related: AppConfig Community Membership Soars]

These are just a few of the many ways in which Workspace ONE delivers on the future of work while maintaining enterprise security. Stay tuned for additional blogs that highlight the security benefits of the Workspace ONE platform!