VMware has launched cloud-based technology that can replace the VPNs companies use to provide home workers with secured access to virtual desktops and applications powered by the vendor's Workspace One.
The new Secure Access, which the company started rolling out last week during its VMworld virtual conference, is the entry point to VMware's software-defined WAN (SD-WAN) fabric. The network comprises thousands of gateways deployed on more than 100 points of presence worldwide. Once on the network, a remote worker can access Workspace One whether it is on a public cloud or the corporate data center.
Secure Access is VMware's latest service modeled after the Secure Access Service Edge (SASE) concept defined by Gartner in 2019. The analyst firm initially predicted enterprise adoption by 2024. However, enterprises started adopting the security model this year to provide home workers access to corporate data during the pandemic.
The SASE model protects data wherever it resides through a combination of SD-WAN, secure web gateways, cloud access security brokers and zero-trust network access.
Within the Secure Access architecture, Workspace One lets companies implement a zero-trust security model to ensure the authentication of employees and their devices. The product maps users to policies that define the corporate applications they may access.
"[Zero trust is] a more granular way, a more powerful way of controlling who can get access to what applications," said Gartner analyst Lawrence Orans.
VMware touts Secure Access as a replacement for the VPN programs companies deploy on enterprise data centers and employee devices to secure remote workers' traffic. VPNs have lower performance and higher latency than Secure Access, VMware said in a product overview document.
The higher latency is due to traffic first crossing the public internet to the data center, where a VPN concentrator creates an encrypted tunnel to send the traffic back out over the Internet to its final destination. The last stop could be a SaaS application or software running on a public cloud. Secure Access, on the other hand, is the single gateway to the more efficient VMware SD-WAN fabric, according to VMware.
VMware has started offering Secure Access in the U.S. first. The firm will make Secure Access available globally in the first quarter of 2021.
Other VMworld announcements
VMware also introduced at VMworld two Workspace Security products that combine features from the company's Carbon Black cloud security platform with Workspace One. Workspace Security VDI will handle virtual desktop management, while Workspace Security Remote manages Windows 10 and macOS laptops. Both products are available now.
The Workspace Security products combine Workspace One information about a device, like when it was last patched, with Carbon Black threat tracking, said Renu Upadhyay, vice president of product and technical marketing at VMware. The offerings provide a way to do such things as apply policies and track malware from a central location.
VMware announced remote-work-focused improvements for its Workspace One Intelligent Hub and Workspace One UEM as well. The company said its digital workspace product, Intelligent Hub, now has an onboarding process that starts when a company hires people, before their official first day. The feature covers filling out HR paperwork and accessing corporate directories. On their start date, IT expands the worker's access to encompass everything needed to do their job.
To further streamline the starting process, VMware said it had expanded its Workspace One UEM factory-provisioning support. The software helps IT configure computers with necessary applications and settings, and then has them shipped directly to a worker from the manufacturer. Previously limited to Dell, the program now includes HP and Lenovo.
"It was definitely something that was important before, but even more so now with people getting hired [remotely]," said Forrester Research analyst Andrew Hewitt.
VMware has also improved its Workspace One Intelligent Hub support for employees using personal devices for work. New features include unmanaged (or third-party-managed) Windows 10 device access to single sign-on and remote support.
Hewitt said there are many cases where it doesn't make sense for a company to manage a device. For instance, contractors may work for multiple companies and find enrolling with several management products cumbersome or impossible. With this change, he said, such workers could access necessary Intelligent Hub features through their unmanaged devices.