The Schwartz Report

Blog archive

VMware Boosts Employee Privacy and IT Security in AirWatch Update

VMware's acquisition of AirWatch two years ago for $1.54 billion remains the company's largest buy. The company is now giving the popular mobile device management a boost that looks to improve employee privacy and IT security at the same time.

Company officials maintain AirWatch remains as a separate business unit but they also describe it as a core component of the VMware stack. Instead of calling it AirWatch by VMware, the company is calling it VMware AirWatch. Structural and naming issues aside, the company has tied the new VMware AirWatch 8.3 release more closely with its NSX network virtualization platform. This integration will allow administrators to set policies and app-level VPN access to native mobile apps, which allows administrators to restrict what a mobile user and the app can access, said Blake Brannon, VMware AirWatch's VP of product marketing.

Brannon said without this integration, "it puts organizations at risk where you've got a connection coming into the datacenter that sort of has the full flat level network access." AirWatch integrated with NSX provides the ability to "micro-segment" applications within the datacenter or cloud infrastructure. "I can have an administrator roll out a brand new application, spin up a new service on the back end to host that application out to the users and have the software layer open up the applicable connections to those back-end services through the networking software layer without ever involving IT, without ever involving a network admin and it can be solely done via the AirWatch console, so it greatly improves the overall security."

At the same time, Brannon argued that it provides more agility and automation by making it simpler for businesses to roll out new apps internally with the flexibility of moving them or their associated workloads to a cloud-hosted datacenter. Asked why this makes apps more secure, Brannon explained that it ensures a user's device and the app are isolated and can only connect to a specific app server within the network. Hence it restricts access to other components in the network."

The new release also aims to make employees feel more comfortable in letting IT manage user-owned devices. One way it does so is with a new FAQ Web site that shows what administrators can do to your device (i.e. with regard to accessing private data or remotely wiping personal photos or other content).

Also new in AirWatch 8.3 is single sign-on support, which includes the ability to log in without using a password using Microsoft's Passport for Work functionality built into Windows 10 Pro and Enterprise editions. Microsoft describes Passport for Work as "an enhanced version of Microsoft Passport that includes the ability to centrally manage Microsoft Passport settings for PIN strength and biometric use through Group Policy Objects (GPOs)."

AirWatch 8.3 lets administrators configure Passport in a Windows device without having to join it to an Active Directory domain to set up group polices and other configurations, Brannon said. This is especially important for organizations with devices that are in the field. "It's a struggle in general to join them to the domains. In some cases the EMM approach to managing them is just a cleaner, lighter more agile way to manage the device to begin with as opposed to having to deal with joining it to a domain, and having it have a network requirement connectivity challenges for updates to it," he said. "Obviously Passport for Work gives you security benefits with credentials using a different way to sign in to these applications as opposed to using passwords."

It's noteworthy that Microsoft and VMware worked closely to provide this integration, having talked up their pairing back in August when Windows Enterprise Executive Jim Alkove became the first Microsoft executive to appear on stage at VMware's annual confab.

At the same time, Microsoft considers its own Enterprise Mobility Suite (EMS) as one of its fastest growing products. Microsoft Corporate VP Brad Anderson has argued on numerous occasions that organizations don't require a third-party EMM suite when using EMS.

Posted by Jeffrey Schwartz on 02/17/2016 at 1:21 PM


comments powered by Disqus

Subscribe on YouTube