2017 Year in Review: Security Across End-User Computing
In 2017, there certainly was no shortage of cybersecurity attacks that made news on a monthly, and sometimes even weekly, basis. Most IT or security operations personnel became familiar with the major cybersecurity breaches this year, including WannaCry, Equifax and Petya.
As the consumerization of IT becomes more prevalent across more organizations, the risk of security breaches occurring increases. To help mitigate this risk, organizations turn to VMware Workspace ONE to provide a digital workspace platform that gives IT the ability to securely deliver any app on any device.
Earlier this year, I wrote about some of the major advancements to Workspace ONE as it relates to security capabilities, features and integrations. Since then, we’ve introduced even more capabilities to enhance enterprise security across organizations.
7 Big Developments in End-User Computing Security in 2017
1. New apps support more secure, modern authentication.
For Microsoft Office 365 client apps, IT has a couple of options for authenticating users into Office 365. Some apps use legacy (active) authentication, which requires username/password authentication. Newer Office 365 apps, like VMware Boxer and VMware Content Locker, use modern (passive) authentication, which redirects to an identity provider (IDP).
Boxer and Content Locker can use Workspace ONE as the IDP, providing enhanced security capabilities during the process, such as multi-factor authentication (MFA) into Office 365. For more detailed information on Office 365 access control with Workspace ONE, take a look at this blog we posted earlier this year.
2. Microsoft Azure AD integration automates endpoint management and security.
Workspace ONE, powered by VMware AirWatch unified endpoint management (UEM) technology, integrates with Azure Active Directory (AD) so that Windows devices can automatically enroll and be managed by AirWatch. AirWatch supports different enrollment flows including Join Azure AD, Out of Box Experience enrollment and Office 365 enrollment.
Now, AirWatch can also automatically delete a user’s Azure AD Refresh token, which can help enforce policies in Azure AD when access tokens expire.
3. iOS 11 introduces new, enterprise-secure features.
AirWatch UEM announced same-day support for devices and apps when iOS 11 was released earlier this fall. Support for new features and capabilities included enabling/disabling of manual VPN creation for managed devices, helping discourage and prevent end users from creating their own VPN configurations and enabling secure access to corporate resources.
Administrators can now also enforce trusted TLS certificates for AirPrint for managed devices. Going into 2018, AirWatch is already compliant with the App Transport Security (ATS) requirement all iOS apps are required to have.
4. Android enterprise rolls out new security capabilities.
Google announced zero-touch enrollment for Android devices in September this year and our AirWatch UEM team immediately followed with same-day support for this capability. By enrolling Android devices into AirWatch, security policies can be provisioned without manual intervention.
We also announced support for Android enterprise on purpose-built devices, often referred to as rugged devices. Examples of these types of devices include mobile point-of-sale (mPOS) devices and handheld scanners.
5. Dell and VMware make waves in Windows 10 security and management.
Windows 10 has always been a focal point for developing Workspace ONE mobile device management (MDM) and PC lifecycle management (PCLM) capabilities. While AirWatch has been an enterprise mobility management / MDM leader in mobility, this year we were able to deliver several new PCLM capabilities for Windows 10 endpoint security and management, including:
- Windows 10 Provisioning Service for Dell devices enables secure and pre-configured Dell hardware from factory directly to a user.
- Deeper integration into Dell BIOS, supporting use cases such as remotely managing BIOS dependencies and settings for security technologies like Secure Boot.
- Patch intelligence, featuring enhanced support using Workspace ONE Intelligence, which gives IT insights into patch requirements and reporting to help with security requirements.
6. A new platform to manage virtual desktops and apps arrives, “just in time.”
Desktop and app virtualization has been synonymous with enterprise security for years because of the manner in which centralized desktop and apps are delivered. Data sits at rest inside the data center, which means risk of endpoint data loss is minimized.
To take enterprise security a step further in virtual desktop infrastructure (VDI), we introduced our JMP platform that helps IT automatically destroy and reassemble desktops on the fly. Operating system (OS) images on desktops are pristine and trusted whenever a new user logs into his or her desktop, helping eliminate malware even if it happens to enter into the data center.
7. Mobile security leaders partner to empower the digital workspace.
We have a great security ecosystem of partners, and this year, we announced 6 new MSA partners, including Bay Dynamics, Gurucul, Entrust Datacard, Intercede, Kaymera and Cipher Cloud. These partners help enhance Workspace ONE with advanced security capabilities based on analytics, authentication, mobile and cloud security.
In addition to all these security capabilities and enhancements we’ve provided over the course of the year, we’re very excited to bring together management of all major mobile and desktop OS systems—including iOS, Android, Windows 10, macOS and Chrome OS—with the Workspace ONE platform.
2017 has been a banner year for end-user computing at VMware, and we’ve been delighted to help our customers with their journey towards digital transformation by empowering the digital workspace. We’re looking forward to even more innovation and security enhancements in 2018!
Read more about end-user computing security in 2017:
- Security Update: 8 Advances in End-User Computing from VMware
- Don’t Leave Holes in Your Office 365 Access Control Strategy
- 6 New PCLM Capabilities for Windows 10 + UEM
- Jump (JMP), Radio & a Pony: Your Journey to Modern Workspace Management
- Expanding the Mobile Security Alliance to Secure the Digital Workspace