For years, companies have contested their employees’ phones with mobile device management (MDM) software, but they haven’t been able to exert the same control over their workforce PCs. That’s about to change, according to Venn Software.
The company on Wednesday announced proprietary technology to secure remote work on any computer that uses a lightweight application to establish a secure enclave on a computer. Data within the enclave is encrypted and applications that operate in the enclave run securely.
“It’s a radically simplified and less expensive new alternative to virtual desktop infrastructure,” Venn co-founder and CEO David Matalon said in a statement.
With Venn, the company controls a secure enclave installed on the user’s computer. All work activity takes place in this enclave, all data is encrypted and the company manages access. Similar to MDM software, but for laptops, work apps run locally within the enclave where business activity is isolated and protected from personal use on the same computer.
Matalon explained to TechNewsWorld that only the enclave should be secure rather than securing an entire laptop. “The work is done enclave and the user sees a blue border around those specific application windows,” he noted.
“You’re not forced to work in a virtual desktop environment that is prone to latency and frustrates users,” he added.
He noted that companies no longer need to issue laptops to employees; employees can use their own. In addition, the company can ensure the security of your data and meet its compliance responsibilities.
virtual pain in the buns
Along with the patent announcement, Venn disclosed $29 million in Series A financing, led by NewSpring, to support its product development, growth and customer demand.
“In 2019, before the pandemic and the onslaught of remote work, David and his team recognized the trends and growing issues associated with a distributed workforce,” Hart Callahan, a partner at NewSpring, said in a statement.
“Prior to Venn,” he continued, “the team helped hundreds of financial organizations overcome remote worker security and compliance issues. Through this work, it became clear that traditional VDI technology was not up to the challenge of an evolved workforce.”
Virtual desktop infrastructure (VDI) can give an organization more control and protection of its data in the hands of employees, said Matthew Psencik, director of endpoint security at Tanium.
“But,” he told TechNewsWorld, “historically, they’re underprovisioned with resources and configured in a way that they’re a huge pain for employees to use.”
“When faced with poor performance or roadblocks, such as not allowing copy and paste, many employees will take the path of least resistance and attempt to circumvent VDI controls using their personal devices or by inadvertently leaking corporate information through third-party sites” , said. saying.
“The benefits of this approach rarely outweigh the negatives, even before considering the impacts on employee sentiment due to a frustrating work environment that could lead to employee retention issues or, worse, a disgruntled employee. that does everything possible to hurt the business,” he added. .
Trouble Ticket Generator
One benefit of using a virtual desktop is that all builds are often based on a single image that can be updated quickly and tightly controlled, observed Erich Kron, a security awareness advocate at KnowBe4.
“If a virtual machine is infected with a virus, it can often be quickly destroyed and recreated, allowing employees to get back to work in a short amount of time,” he told TechNewsWorld.
“Virtual desktops often have limited capabilities and network access, which can reduce the potential for damage from malware or other threats from endpoints,” he said.
However, he added that virtual desktops can be less customizable and, if not configured correctly, can be a bad experience for users, leading to trouble tickets and complaints.
Persuading an employee to install a company-managed tool on a private device is a challenge for any management solution, said Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel.
“Employees should feel confident that the software won’t degrade their experience and that the company won’t eavesdrop on their personal use of the device,” he told TechNewsWorld.
Matalon noted that Venn designed its PC management software with performance in mind. “There is no latency,” he said.
go down easy
Another benefit of the Venn solution cited by Matalon is its ease of firing employees. “It is very effective for organizations with high employee turnover. You can push a button and do a remote wipe of the enclave,” he said.
“The ability to remotely wipe and monitor the status of remote PCs, especially mobile ones like laptops, is certainly an important tool for many organizations, especially now that remote work is becoming much more prevalent,” Kron observed.
To effectively manage the security risks of remote desktops and laptops, administrators must have continuous visibility and control over those devices, added Tanium’s senior director of technical account management, Shawn Surber.
“You can’t leave them in a state where they’re only managed when connected to a VPN or checked once a week or even once a day,” he told TechNewsWorld. “Remote PCs are highly vulnerable and need effective real-time threat management tools such as patching, software deployment, vulnerability management, and incident response.”
Although Venn claims that its new offering is filling a gap between PC and mobile device management, the gap may not be as wide as it suggests.
“Most of these MDM solutions have evolved into unified endpoint management platforms,” said Paddy Harrington, a senior analyst at Forrester Research.
“These solutions can handle most, if not all, of the PC management functions for the variety of PC-style devices (Windows, Mac, Chromebook) that many companies are implementing for remote workers,” he told TechNewsWorld.
PC platforms have had computer security risk management solutions for decades, added Roger Grimes, defense evangelist at KnowBe4.
“Microsoft allows its customers to manage devices through group policy, registry edits, PowerShell, or through other scripts,” he told TechNewsWorld. “MDM solutions are not as powerful as their PC-based counterparts.”