Securing the Digital Workspace: A New Perspective
As the digital workspace becomes more mainstream, the traditional model of IT security no longer serves businesses well. Today’s IT reality is a globally networked digital ecosystem where users access apps and services on multiple devices, from widespread locations, and expect seamless productivity. This new world demands a fundamental shift in how security is delivered, and businesses that fail to adapt will fall behind on costs, agility, productivity, and security.
As more businesses embrace the digital workspace, the company-secured device and pre-approved corporate catalog of apps and services are giving way to employees using multiple devices to access mobile and SaaS applications. Employees and business units simply don’t have the time to wait for things to be delivered top-down, and they value the flexibility and agility of choosing exactly what they need.
“The days of being able to secure data sitting on a machine are long gone,” says Dave Grant, vice president, Product & Technical Marketing at VMware. “Even if you could ensure all devices were properly secured and adhere to corporate standards, you need multiple different toolsets to manage across the different platforms. It’s too complex. Security needs to follow the user, so it can adapt to their context of use—not be tied to individual assets.”
Responding to these challenges has driven VMware to adopt and promote a fundamentally different approach to security where user authentication, rather than device protection, becomes the starting point.
The VMware Response
At VMware, the adoption of the digital workspace platform, VMware Workspace ONE™, allows for a user-authentication centered model across the company. “We have a unique ability to combine the up-front user authentication with security that’s adapted to the context of access,” says Grant. “That gives us the ability to see who is using which device, from where, and create conditional access.”
Conditional access ensures individual users are granted access to certain apps but not others, depending on how, where, and from which device they log in—even down to the level of certain fields within the Salesforce app, for instance. When combined with network security measures, a business can grant access via secured tunnels, micro-segmentation, that ensures a user sees only a specific slice of the data center.
“If that user is compromised, the attack vector can be limited, and with integrated identity solutions, we can do real-time threat analysis and create more context for the breach: are we dealing with an attack network, or a phishing website, for instance. That means much faster identification, isolation, and containment of threats,” says Grant.
In effect, as VMware’s CISO has shared, VMware is leading the way in shifting the security stance from “prevent” to “detect and respond.” Prevention is complex, costly, and increasingly futile. User authentication combined with conditional access allows a business to focus instead on reducing the time it takes to detect and respond to a breach—mitigating existing threats rather than trying to second guess undefined threats.
The changing stance on security provides obvious benefits in the form of increased visibility and threat surface reduction, but the advantages also extend beyond security.
As Grant explains, productivity gains for VMware have been tremendous. “Our Workspace ONE profiles include sign-on for all of the apps we use. I sign in to twenty apps every morning with my thumbprint. When you repeat that across a company, the amount of time saved and the massive reduction in password reset issues is profound.”
Authenticating users and granting conditional access also creates the flexibility to quickly introduce new apps and services as they are needed, allowing the business to be more agile in its response to changing conditions and opportunities.
VMware’s security approach is designed for, and driven by, the expanding digital ecosystem. Other vendor solutions are easily integrated to provide context and visibility via a unique single dashboard, and by “playing well with others” Workspace ONE allows customers to grow their infrastructure without resorting to costly and disruptive rip and replace options.
As digital ecosystems continue to expand and the digital workspace becomes more mainstream, businesses will need to adapt security processes to harness the strengths and meet the challenges of a more networked environment. By providing a ubiquitous software layer across the application infrastructure and endpoints, VMware is giving IT professionals deep visibility into the interactions between users and applications, and the context to understand it. As Grant puts it, “VMware is redefining the industry.”