The Schwartz Report

Blog archive

VMware Steps Up Endpoint Security and Windows 10 Migration

VMware this week fleshed out its app and device management portfolio with a new management suite that adds endpoint security, threat detection and Windows 10 image and OS migration. The company also revealed new identity management features to its forthcoming Workspace One digital workspace platform including multifactor authentication and Active Directory integration.

The move comes just a few weeks after VMware's key rival Citrix tapped Microsoft to provide tighter integration of its rival offerings with Redmond's Enterprise Mobility Suite. For its part, Microsoft is in the thick of a battle with Citrix and VMware, having made a major and unusual appearance at last summer's VMworld, where the two said they're working together to ensure Windows 10 support in the AirWatch management platform.

In its latest emphasis on endpoint security, VMware inked an OEM agreement with Tanium, which is a key component in a new tool called Trustpoint. VMware's Trustpoint is a management suite that gives administrators views of all endpoints and activities on an enterprise network. It also has a natural language search interface to provide specific information about all of the endpoints and help track use of unmanaged devices or unusual activity. In addition to using Tanium's endpoint protection and threat management tool, it incorporates VMware's "layered OS migration technology."

Why provide a unified endpoint management platform and Windows 10 migration tool in the same product? VMware claims the Image Service technology offered in TrustPoint, which is available for a one-time license fee of $75 per device, is predicated on the notion that upgrading to Windows 10 will provide improved endpoint security. But going through the migration can introduce problems if not performed properly, especially among organizations that do it at scale. VMware claims TrustPoint simplifies the process by automating migration, enabling 100 Windows 10 migrations per day by each technician using the tool's central management console.

"We saw a need for scalability and speed at really high scale," said Blake Brannon, VP of marketing at the AirWatch mobile device management division of VMware. "Because you want that agility to be able to change as the threats change and as your assets change." TrustPoint can detect unmanaged endpoints and block them from the network, ensuring every device connected is in compliance with an organization's security policy, he added.

Identifying unmanaged devices is a critical aspect of ensuring a secure environment, said Curt Aubley, Tanium's VP of global strategic alliances and technology. Many IT managers are often surprised at the scope of devices in use on their networks that aren't managed and therefore could introduce security risks. And that's especially the case for those preparing for an OS migration, according to Aubley. "People don't know what they have," he said, in an interview. "They don't know the hardware or the firmware, or other things are ready to be migrated. That's one of the things we've immediately identified through the security process, and then we can hand it off to VMware so they can do that migration."

Aubley, who recently came over to Tanium from Intel Security, points out the shift to personal cloud services, mobility and the use of employee-owned devices, has led to more dynamic computing environments. "Endpoints (laptops, notebooks, desktops, servers, virtual machines, containers, clouds) are constantly changing by being moved, created, put to sleep or retiered," he noted in a guest blog post on VMware's Web site. "To protect millions of moving targets, you need agile visibility and control at a scale and speed traditional prevention and hierarchical management frameworks are unable to provide. As endpoint security and management converge, IT leaders are taking a more holistic approach to securing and managing their environments."

VMware said it will enable what it calls "Identity-Defined Workspaces" to its Workspace One, the company's new platform revealed in February and due out next quarter, that seeks to combine enterprise system and application mobility management. Workspace One costs $8 per user for a cloud-based subscription or $150 for a perpetual license.

The new authentication capabilities are the result of updates to its enterprise mobility platform, AirWatch 8.4 and VMware Identity Manager, which aim to improve Workspace One's ability to combine the two capabilities and provide extended authentication capabilities to apps and services on any device. The new VMware Verify application offers two-factor authentication built into the platform, using employees' personal phones and tablets as tokens. An employee can authenticate by responding to an SMS notification on the device that says "verify." Workspace One also lets users access a native OS and application experience on their own devices without requiring MDM profiles, which is becoming a requirement in many circles where users don't want their phones or tablets to be registered. Instead, the user can download Workspace One, log in with a corporate e-mail address and the single sign-on capability provides access to a company's intranet and native Windows apps.

The new releases let administrators activate a feature called "Workspace Services," which enables native operating system data protection to ensure sensitive data isn't printed or copied in any other way outside of the Workspace One environment. At the same time, VMware said it protects the privacy of employees' personal data and doesn't allow administrators access to personal apps or enable a devices functions such as GPS, or place other device restrictions outside the confines of Workspace One. However, within the Workspace One environment, VMware said it has added advanced conditional access policies, device auditing, automated remediation and lifecycle management.

VMware's Workspace One unified catalog will also support the Microsoft Store for Business to simplify how IT managers and administrators acquire, distribute and manage Windows 10 apps. VMware claims this promises to reduce application delivery and lifecycle management complexity by tying its application catalog and application delivery capabilities to the Microsoft Windows Store for Business. Among the benefits this will offer is the ability to purchase apps in bulk, cache them for offline distribution, allow administrators to reassign license and the ability to roll out applications built in house.

Posted by Jeffrey Schwartz on 06/17/2016 at 2:09 PM


comments powered by Disqus

Subscribe on YouTube