Webinar Recording

Creating Secure and Unified Next Generation Workspaces


Log in and watch the full video!

Identity Management, Endpoint Security, Mobile Device Management and Access Management, are still considered to be isolated disciplines. This can make administration and governance in these areas complex. Having a holistic approach to the administration and supervision of all types of users, end user software and devices can foster efficiency, agility and security in many organizations.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Good afternoon or good morning, ladies and gentlemen, welcome to this cooking co webinar, creating secure and unified next generation workspaces. This webinar is supported by VMware. The speakers today. My name is Matthias Hein. I'm senior Analyst with cooking Cole. And later on, I will be joined by hway font, senior product line marketing manager at VMware. Before we start some information about a coal, the usual quick housekeeping, and a look at our today's agenda. First few words about a coal. A coal was founded in 2004. It is a headquartered in Germany with a team of international analysts spread across the world, including the us, UK APAC and central Europe. We offer neutral advice and expertise in various areas to, to companies, to corporate producers, to integrators and software manufacturers. We started out with identity and access management being the original starting point. We are now working in all areas regarding information security, governance, GRC security, cloud security.
And generally we speaking, we cover all the topics relevant concerning the digital transformation, our business areas very quickly areas in research, we provide a wide range of strategic documents and reports, including our leadership, where we compare lenders and market segments and various other documents. We do events and we will have a look at that on the next slide very quickly. And the third area is advisory there. We provide vendor independent market expertise to customers and users and vendors, and that ranges from roadmap advisory, product and technology, selection, maturity assessment, and all kinds of strategic advisory.
Back to the events we are facing two main events this year, actually it's four. We, we are coming close to the European identity and cloud conference that will take place in Munich in may. And that is the main European identity event where you have to be. And for a few months ago, we executed the first installment of the consumer identity world in, in Paris. And it was very successful. So we decided to embark on the consumer identity world tour this year. And we will cover Singapore, Seattle, and Paris for APAC USA and Europe this summer and fall some guidelines for this webinar very quickly. The participants all are muted centrally. So you don't have to mute unmute yourself. We control that we will record this webinar. So the podcast recording will be available most probably tomorrow alongside with the slides and all links that are related to that.
We will have a questions and answers session at the end of this webinar. And you can ask the participants, enter questions anytime using the questions feature in the go-to webinar control panel. And in the third part of this webinar, I will pick up these questions. And so we can get to the answers that you require from these, from this today's session. So this is the agenda. First of all, I will start out with a introductory part that is called beyond the organizational silo, efficiency, compliance, and governance and workspace delivery, which gives a, a background and the basis where Hostway can build upon when he starts with his part improved end user experience by delivering secure and unified workspaces to any device. And you see where he puts his main stress on end user experience. And I think that is an important part here. The third part as mentioned before, is questions and answers.
And please make sure that you answer your questions so that we can use them later on to have a good discussion later. So that's it for the introduction, hope that was not too long. So I start now with my part when it comes to efficiency, compliance and governance and workspace delivery. So to start out, I, I give a short view on business application management. What I think is within a changing world. And I look at these changes from two different perspectives. The first is that the actual application landscapes are changing. So we have in today's organization, which are changing as well, a lot of parallel co-existing application landscapes, and they range from the traditional legacy corporate application backbone systems on mainframes think banks. And on the other hand, we have these shiny new cloud based applications delivered as software as a service. And we have everything in between from the traditional desktop based on windows with office and PowerPoint, where, where Excel, we have client server applications of various currents with dedicated clients and with the web browser as the generic client and lots of backend frontend components around, we have very new, although it's also seven to eight years now, we have the mobile application ecosystems, mainly Android and iOS and people are used to using their apps and want to use that also within the business perspective.
So all this is what I think is a very wide range of application landscape, which need to be combined within good business application management and delivery to the endpoint. On the other hand, we have a changing yet rapidly changing client device landscape, but still all these devices more or less are coexisting. So we have everything from the traditional corporate owned desktop computer, which needs applications and access and identities to get to the, to the right functionality that you require. And we end up with, with personal tablet, devices, and phones, which are not managed at all by the organization. And we might even have people using corporate resources from, from, from internet cafe, for example. So all these typical access methods towards the application landscape need to be covered when it comes to a strong and reliable and compliant application delivery.
Okay. And as I mentioned before, the organizations are changing as well. And I look at that from three dimensions. First is the business perspective. The relationship between organizations are changing. We have no longer the traditional monolithic organizations, but we have partner structures. We have external workforce being, being used. We have the customer and the consumer being also onboarded as users within application infrastructures. These potentially we have international staff and they, we have lots of cooperation. And mainly this is due to the fact that all businesses today are actually coping with that ubiquitous agility or requirement. And that also is reflected within the loser application interaction. Second part would be the infrastructure part. So many users today use the infrastructure with, with, with many devices. So not, not one device, which is corporately controlled, but maybe standalone desktop, a, a mobile computer, mobile phone, a tablet, and all of that requires access to the right applications and all of that in a, in the uniform manner, iden ideally these devices are potentially insecure because just think of this plethora of, of Android versions, being around with them being more or less secure, we have a range of, of applications to provide these to these different various platforms.
And of course we have also applications in the cloud and data in the cloud. So we have sensitive applications and data, both on premises and in the cloud, that aspect, of course, when it comes to sensitive applications and data is security. Many of these devices are communicating across untrusted networks, authentication of authorization. So identifying who is using this application that device and are they actually entitled to use them is a constant challenge. Providing evidence that that is done in a adequate manner is a highly challenging task for many organizations, but also on top of that on top of legal and regulatory requirements, also the protection of intellectual property is a, a key requirement when it comes to modern organizations. So enable the right access to the right people on the right device might sum it up quite well. And access is only to the right people on the right device. So very restricted, the principle of least privilege and the principle of least access at that point.
So if you look at the two main players, on the one hand, we have the view in an unmanaged environment that would lead to many logins, many application ecosystems, lots of, of friction between the different applications, manual installation, lots of work to be done by the user with believing them unproductive, at least for hours, when, if not days, license management, security challenges, privacy, privacy challenges. And of course the choice of devices, they don't know what they can use and how that is managed adequately. On the other hand, the other key players of course, are admin security, and they need to make sure that this is all covered within a managed infrastructure. So we have any device, any device that the organization decides to support, they should identify their users with a single identity, provide single sign on, assign them with the right roles and profiles, reflecting the right access at the right time.
And of course, and that, that is something that horse way will look at in more details, actually be any application in a unified platform. So no matter which end user device you are using, you can access the inform, the application that you need with a constant integration of all platforms from the end user point of view, efficiency and performance, of course, is an important factor. License mentioned, mentioned before managed security, managed compliance and governance and managed privacy. And again, privacy is an important aspect also for the organization, making sure that the privacy of their end users from employees to customers is maintained adequately.
So the benefits are quite obvious. If we have a unified application management platform, delivering applications in a unified way to different end user devices, covering all applications that you need no matter where they come from that of course has lots of benefits. And again, the main aspect and will dig into that much deeper than I do is the aspect of user experience. So all required applications on every platform, fast and efficient, convenient, and in a way that satisfies, satisfies the user, the administration of course, needs to be as efficient as possible to get to that strong goal. So ease of administration and efficiency, security, and privacy within the administration process, constant change in adaption adaptation because you know, that applications change actually the day after you've been stock. So make sure that everything is managed adequately and of course, turns to legal and regulatory requirements.
And that leads to benefits for all involved. The main key players, the user, the admin, and compliance and security. And if we look at what that means for the user, if he gets his device or the device is onboarded and rolled, the application should be instantly personalized applications should be pre-installed everything that is needed immediately. And they can choose from a wide range of additional apps from their local app store as related to their local platform to their device. But mainly all applications look the same across platforms across source platforms and across target platforms. The admin of course, benefits from that as well because self enrollment will make sure that they don't have to do it because end users do this enrollment process for themselves. So there is less or no administrative interaction. There are instant changes, and ideally there is no down times for maintenance because this is all done in a managed way.
And this is all backed with strong backend service systems for compliance and security. Of course, all of that leads to a well controlled and well monitored environment. So in such an application delivery system, you can make sure that the key compliance and security requirements are implemented adequately, sorry for that. So you can enforce corporate policies when it comes to security, you can have secured email and collaborations, so make sure that there is no way of information leaking. And of course, again, you can make sure that the privacy of the employees is maintained in an adequate manner. Of course, scalable and automated deployment is something that is also of importance for compliance and security to have a well documented process here.
And the reality, getting to such a global approach as that is corrected here with my benefit argumentation might be very difficult because many it organizations and many organizations in general are still very oriented or we're very kept in traditional operations paradigms. And that means many of this information that that is needed for getting to a unified application management system relies or resides in different organizational silos. And when I say silo, that sounds a bit diminutive, but nevertheless, if you look at today's organizations, there typically is something like an identity management silo. There is a team taking care of identity management data, maybe communicating with HR or the CRM systems, but this is a very, very focused team, very, very effective, but very, very narrow in their, in their, a way that they are oriented with service delivery. Application management is another team typically, or could be another team.
And there's little communication between the identity people and the application management people. The same is true for the access management. Although we all say identity and access management in one sentence, but the definition of roles and policies might be within the hand of, of, of other teams, which are actually looking at policy frameworks at defining roles in the role lifecycle mobile device management is most probably a separate team. And these are people that take very much care about defining the right profiles. So hardware profiles and software profiles to end user devices, but getting them all together might be a bit different and goes on with network security, being a different team and maybe compliance and governance just actually being no it team, but nevertheless, all this needs to be combined when it comes to getting to a unified application management as described in today's webinar.
So many organizations are as of now, not yet well prepared for changes in application delivery to getting to what we discussed as of now. So delivering next generation, digital workspaces is a major challenge, and that is my final slide before I hand over to Causeway. So from my point of view, and from the perspective of an Analyst necessarily a a, a double challenge, the first challenge is of course the technological challenge. And that means getting all information together, having a overall overarching implementation concept and an overall deployment concept when it comes to using the information as provided by the identity management, the access management, the identity and access governance, making sure that everything is done adequately device management, everything that is in the right Bo in the left box to make sure that this is all put together in an adequate manner to have an overall strong implement implementation platform and a strong concept for getting the right solutions out there.
But the other part, and this is the organizational challenge is the direct result of my former slide. You need to make sure that your organization and your teams are actually working in a way that make this overall application delivery possible by leveraging existing organizational knowhow across roles, across identity management, across device management, so that you bridge the potential gaps, which might be there that you enable and create new ways of communication and inter operation within the organization. And that includes redefining redefining application delivery and operations processes. So the, the, the target that we are discussing today is very promising and very efficient and effective, but it may needs to make sure that the organization is ready and that the technology and the platform is ready. And at that point I would like to hand over to sway. But first of all, again, I want to remind you to provide your questions through the questions panel and the go to webinar software so that we can pick them up later in the Q and a session. But for now, I want to hand over to sway, and I'm really looking forward to his presentation.
Thank you very much Matthias. And, and thank you for setting context on what we're seeing in, in this space. And, you know, I thought it was very interesting in the sense that, you know, you talked about these ch organizational challenges that we see, and you're so correct in the sense that when we talk about delivering digital workspaces, it really touches every area of it. And that's because at the end of the day, we're really taking what has typically done in silos and really bringing that together to deliver a unified experience for end users. But we definitely think that there's a lot of value in doing that. And I think, you know, when we look at what has changed over the last 10 years, you know, our lives are going digital in the sense that, you know, no longer are, are we thinking about a very I'll call, a static experience?
You know, many of us could probably remember in the last 10 or 15 years, when we wanted to do work for a company, we were provided a work laptop or a work desktop, and any work that we wanted to do, had to be done from that machine. The idea of doing work from a tablet or a phone even, or so even a personal device was literally unknown at the time. But now we have all of these digital experiences where end users are saying, I wanna be productive regardless of the device that I'm on. And obviously for many organizations there's value when your end users are saying that when they want to be productive anywhere they're located. So as we think about this with digital transformation, which is really this transformation from kind of that static structure to a digital experience, we're now able to support, you know, modern workforce experiences.
One of the things that's very interesting that we've seen over time is whereas previously organizations thought about employees now, more than ever before, we're seeing an increase in contingent staff, whether that is contract workers, whether that's temporary workers, that modern workforce is changing, the applications they use as Matthias brought out is also changing. Before we only thought about windows applications, our client server applications. Now we have to think about native mobile apps, SAS apps, virtualize applications, the workflows themselves are changing. You know, typically when a business workflow required an action, you sent someone a link to a website. And when they had time from their managed computer, they went to that website and completed the workflow. Now those same workflows are being mobilized. So all of these things are changing, which at the end of the day will also change the delivery models. Again, no longer client server apps, but also cloud services and applications.
So we really think at VMware that this type of new digital workspace concept can really take many of the benefits that we see in consumer applications, but bring them into the enterprise with security and control. And this is where workspace one really comes into play. And for many of you that are on the line, VMware workspace, one is a new platform from VMware that we introduced last year, but it's not a new platform in the sense that, okay, you know, this is a set of version one technologies, no it's actually taking in products that we've had available for quite some time at VMware, it's taking the identity management technologies that have been part of identity manager, and it's also taking the market leading AirWatch enterprise mobility management technology. And it's really brought all of those together into a platform that enables us to deliver secure digital workspaces, to end users.
Now, one of the things that's most important and, and Matthias referred to this is that when we think of digital workspaces delivery to end users at the end of the day, what does that mean? That means that a end user has the applications and corporate resources available for them to do their job on any device anywhere. But that doesn't mean that it is sacrificing enterprise security and control. In fact, we believe that having a strong enterprise set of technologies that allow it to secure access to corporate resources is really a core tenant of delivering digital workspaces. At the same time, though, we have to balance this with consumer simplicity, and I think more so than ever before, we're seeing a real shift in the way it and end users really work together to make sure that the right solutions are in place. And this is important because what we've seen in the past 20 years, and especially with the advent of cloud services, is that when solutions aren't simple, it leads to whether it be business units or end users trying to go around it.
And we've seen this there's even a term for it called shadow it where either business units and or end users say, you know, the solutions that I'm being provided by corporate, it just aren't working for me. So I'm gonna go and look for my own. And the reason for that is because those legacy systems and solutions have not been easy to use. So what we're doing with workspace one is saying for it, we're gonna give them very strong security and control capabilities, but for end users, we're gonna deliver these solutions as simple as any type of consumer app in the Mar in marketplace today.
So as we kind of think about, okay, how do we do that? Really workspace one is designed and, you know, this ties so well with what Matthias was, was talking about designed to bridge silos across organizational structures to enable any application on any, on any device. And it really starts with supporting any type of application and any device. And when we say any type of application, think of not only the applications that you would access on a desktop, and I use that term desktop loosely in the sense, a windows, or let's say a Mac operating system on a desktop or a laptop, you know, there's certain types of web apps and, you know, kind of client server applications that you would use on those devices, but then expand that to mobile platforms, whether it be Android devices, iOS, even windows 10. Now you have native mobile apps.
You have internally developed enterprise apps, but you still have those legacy applications. You need to expose any type of application to any device. And as we kind of think about, okay, how do we do this? What we really have to do this by taking advantage of a variety of different technologies across the stack. Obviously it starts with applications and identity management and, you know, really being able to provide a simplified experience as end users login and access applications. It starts with being able to manage desktops and mobile devices and then bringing management and security so that we can manage and secure that entire stack. So as we kind of think about workspace one, because it brings in so many different technologies, it's allows a organizations to really take advantage of a variety of different. We could call them it initiatives that workspace one is really gonna help them out with.
Now, the one that we're gonna focus on today is simplifying access in application management. But when you look at the other three here, these are ones that we're seeing as major it initiatives that workspace one can ha handle unified endpoint management to really think about how do I manage all of the different endpoints that are accessing my corporate resources, windows, 10 management. We know that that's a critical it initiative for many of you and virtualizing desktops and apps, which as many of, you know, with our VMware horizon set of technologies, being able to virtualize desktops and applications for access by end users has been just something that we've, we've been focused on for many years. But as I mentioned, we're really gonna focus on simplifying access and app management as one of the key it initiatives. That's part of moving forward with a, with a digital workspace project.
So what can a digital workspace do for you when we're thinking about application and access management, these are some of the key benefits that we've seen and it's all starts with which devices can access my organization. And typically when we talk about devices, you know, in the past, you know, as I mentioned before, when you had that window desktop or laptop, you had to provision a corporate image onto that device. And that required a lot of it work well, that idea of a corporate image no longer applies to mobile devices. So now as an end user, perhaps gets a new iPad or a new Android tablet as a gift, and they want to turn it around really quickly. They wanna turn it around from, you know, I just unpacked it from the box to now, I need to be productive on that device. Being able to have a set of mobility management technologies that enables you to provision that device and onboard an employee is super important.
Second, it's the access policies. You know, now that I've provisioned that device, I wanna make sure that they get, I really like the term that Matthias use, you know, the right user, you know, to the right set of services on the right device. Right. And that really starts with the right access policies that we could unify to make sure do I know who the user is? What does the user handle the rights to? And are they on the type of device that I would like to allow to access my corporate resources? And then now we bake in a set of end user capabilities, which is all designed around simplicity. It's designed around, perhaps some of you on the line have heard of something called a mobile moment. And a mobile moment is really taking tasks that you would do on a mobile device. And the entire focus is to simplify and reduce the time it takes to complete that task or that workflow.
So now, you know, kind of really shrinking that to allow you to spend time on more important things, to think about ways in which you can, self-service do things such as password resets in order to lower help desk costs. So at the end of the day, as we bring this all together, I wanna talk about kind of three core benefits that would be important for, for your organization. Number one is just getting easy access to any application within workspace. One, we support the whole portfolio of applications, whether you're talking about native mobile applications, whether you're talking about internally, develop mobile applications, virtualized applications, perhaps you're using horizon for applications or a VDI desktop, whether you're talking about a legacy client server application that uses curb bros or HTB HTTP base head, regardless of what those are. We want to enable that into a single unified catalog.
And within that catalog, I can now enable end users to have what we call one, touch mobile single sign on really at the end of the day, that means a password list experience on any device that's using certificates of install on the device to enable that really simple access experience. And we also enable integrated multifactor authentication. And what that means is that for it, if there are specific applications where you would like to really elevate the authentication, what we call step up authentication, you can do that. So if a user launches Salesforce from a untrusted network, you can easily specify that you're going to request a second factor of authentication all of these technologies on any of these mobile devices, whether you're talking about the catalog, single sign on multifactor authentication, they're designed to be consumer simple, but for it, and this is, you know, very, very powerful is this access experience is really delivered with a powerful contextual policy engine that takes into account a variety of different elements.
It takes into account user information. In other words, who are you, what do you have access to? It takes into account applications, which applications do you have access to under what conditions takes into account data? What data are you accessing? Where is it takes into account location? Where are you coming from? Are you coming from a unmanaged network or a network that I trust, perhaps you're on the corporate network. And it also takes into account device information. What's the status of your device? Has your device after accessing corporate resources been jail broken or rooted, do you have a passcode set on your device? So we can take all of these different inputs to create very, very powerful policies to really reduce the risk as end users are accessing corporate resources on your network. So again, this goes back to what Matthias had mentioned earlier, is it the right user?
And are they on the right device? And are they accessing the right resources as they come into the organization? And depending on a variety of different conditions, I can elevate management. So in other words, as an end user with a new, let's say, iPad tries to access corporate resources. I could say, I know who you are, but based on what you're trying to access, I need to install additional levels of management on your device. Or I can say elevate authentication to use two-factor authentication. The end result is you have really a powerful policy engine that enables it to secure corporate resources. This is incredibly, incredibly powerful for your organization.
And then lastly, as, as we kind of think of enterprise security, we, we have a technology and, and, and really it's more than a technology, an experience that we call adaptive management. So to best describe what adaptive management is really think about that scenario of that end user that just received a new iPad. And now they say, I want to get access to corporate resources to, so to a certain extent, this is a onboarding experience. So as they decide to do that, their first step is to download the workspace one application. Once we, once they download the workspace, one application, they're gonna get access to what you see in that screen, in the middle, a launcher for applications, as well as a catalog. Now, as a it administrator, I can decide, you know, there's specific applications that have confidential data. It could be office 365 applications such as one drive or SharePoint.
It could be Salesforce, which has confidential customer data. You, as it can define, what's a application that has secure data, but once they decide I want to get access to that application, I can then automatically put them in a workflow where it says the use of that application actually requires the installation of a security profile. In other words, a management profile, that's gonna give us device status information and ensure that that device is secure, but what's most important is that we've done this in a very simple way. This entire workflow is designed with the end user in mind. So they have not, not only the choice, but a workflow. That's gonna walk them through the experience of additional levels of management. So as we kind of bring this all together, really with workspace one, you know, we're really focused on these four core it initiatives with the focus today has been on simplifying access and application management, again, kind of bringing the best of it, security and control with that consumer level of simplicity.
And, you know, we really believe that it is in a, in an amazing position because, you know, as you kind of think of these various it silos, there's an opportunity to really kind of redefine the user experience, really redefine how it enables application delivery and access to the environment. So this is kind of a wonderful opportunity that we see in one of the reasons why we've really partnered with KuppingerCole because we really think that this is an opportunity to help it take that next step to deliver that business innovation. So I really appreciate the time that everyone has allowed me to have here and now I'll pass it back to Matthias and we could probably consider some questions as well.
Yes. Thank you very much was way for that great presentation, which actually adds much more substance to what I presented before. So we are now moving to the question and answer session, but to, to go back to my initial question sway, you shared the, I think this one was the second last slide that you had. There was this popup shown in this iPhone screen where it said, if you want to use Skype, you have to install the security profile, this, this device profile that makes sure that you're secure. I know that many, many people who are actually using their personal phone or their personal tablet are a bit reluctant to installing security profiles for various reasons that, that they say, okay, I actually want to that that slows it down. And that hinders me in doing what I want to do. Is there a way, or how do you deal with that? If you want to make sure that you still want to enable secure access to corporate resources,
That's an excellent question, Matthias, and, you know, I can sympathize with many of those that have felt that way. I have felt that way in the past as well. And, you know, I think there's a couple of couple of options and, and really what they are are options because it with workspace one is really gonna get a platform where they can enable a variety of different use cases. So within workspace one, we have the concept of a completely unmanaged experience. And what I mean by that is, you know, in that slide, I actually showed that, you know, within workspace one, I can enable really secure access in a containerized fashion to a set of applications, and it defines which applications those are. And I can get a single sign on experience. I can get certain security capabilities baked into that. We actually also provide an SDK so that even on a unmanaged device, it can actually provision internal enterprise mobile applications to those devices and take advantage of some data leakage protection capabilities.
So there are capabilities that you get. So for example, the conditional access, some of the data leakage protection capabilities can completely be enabled on unmanaged devices at the point at which you really want to think about how can I elevate that level of security? So how can I get the full suite of data leakage protection tools? How can I verify the status of a device before it accesses my corporate resources, then that is gonna require elevated elevated management, just because there's no way to look at the device, unless there's basically bits of software installed on the device in order to do that. Having said that even for the, even for that management profile, VMware has invested a lot into a set of let's call them privacy rules, that as part of that experience of installing the profile, we actually show the end user all of the privacy information.
So in other words, what information can we see? How do we use that information? So to really give them complete visibility into what does installing a profile mean for your device. And, you know, we work with regions around the world, you know, EMIA the, you know, north America, Asia, et cetera, to really ensure that that's an experience that really works well. And at the end of the day, again, you know, kind of provides solutions that fit a variety of different use cases. But I would say, you know, one last comment is most of the organizations that we work with do have that mix of unmanaged and managed sets of users and devices. So for example, myself, as an end user, I have certain unmanaged devices that access a limited set of corporate resources as well as managed devices.
Okay, thank you. So, so it's really also a decision by the end user to decide what kind of services I do want to access and how critical and sensitive the data and the application might be that I want to access from that yeah. That most probably not very secure device. And what can I do to make my device more secure in order to access this information? Exactly. Okay, perfect. Again, another question we've been talking about organizations who are also very mature and most probably have run through very much iterations of it, infrastructure phases, but there are also many inform organizations out there which actually just use a very restricted and very limited application platform, say office 365 or something like that in, should they also look into your solution and what is then the, the growth path for, for getting out of that if they want to. So is office 365 something that you would manage or would like to manage as well?
Yes, that's a great question. Yes. Many organizations are using workspace one to manage office 365, and that includes, you know, that single sign on experience. It includes the conditional access policies. It includes data leakage, protection capabilities. I think one of the key things when we're working with organizations, as they think about office 365 is, you know, many organizations start with office 365 as an initiative. And it's a critical initiative when it comes to, you know, where do your users spend a significant amount of time working? So that's, you know, there's no argument there on office 365. Having said that we encourage organizations. Don't just think about office 365. You know, that's a project, that's a, we could call it a point in time project. Once it's done, you're gonna look at other projects. So think about all of the other applications that your end users need.
You know, they may need access to Salesforce, to concur, to payroll, to time cards, all of these different other services. And now you have to think about, is there a platform that is gonna support all of those different application types and those different application types. Some of those are internally developed applications. So you need a platform that gives you, let's say an SDK or a way to access those applications. You know, you need a access gateway that supports translating authentication request. So in other words, if it's a legacy application that supports curb bros and you're accessing from a mobile device, somehow you're gonna need a access gateway that converts SAML to on the back end. So it's really thinking, think about office 365, but also think about all of the other applications that your end users are gonna need today and tomorrow, and, you know, really focus on a platform that's gonna enable that experience.
Okay. Thank you. And another question quite closely connected to what you actually just explained is you, you mentioned how to convert credentials between different target platforms, but a single sign on is a very wide area when it comes to, to products and their implementation of single sign. How do you deal with that? That must be a major challenge for such a solution that you're providing to make sure that single sign on actually works.
Yeah. That, that, that, that, that's a good one. And, and, and I'll be honest and say that I struggle with that one a little bit, because, you know, to put it simply what does single sign on mean? Really what it means is I have a single username and password, but then think about the end user experience specifically, let's say on a smartphone on my smartphone, let's say I have 12 different applications that I access on a regular basis. What single sign on basically means, okay, I could enter that single username on password, but I have to enter 12 times. That's what that means. So yes, it's beneficial in the sense that, Hey, I only have to remember a single username and password, but the user experience on a mobile device is not that good. You know, when, you know, I have to enter that single username and password, you know, a dozen times every week, let's say, so what we enable within workspace, one is something that we call mobile, single sign on, and we often call it passwordless authentication in the sense that as part of installing the management profile, and this is a benefit to end users, something that many end users just love.
I know I love it on my mobile device is that we install a certificate on that device and installing a certificate on the device, enables it to establish trust between the user, the device and the network. So now when I launch, let's say, for example, any of my office, 365 applications or my, you know, sales force, or what have you, I'm not asked for a password, it uses the certificate to log me in to those corporate resources. So that's where I really get that passwordless experience what we call mobile single sign on, you know, so that is why, you know, it's a good question. That is actually why we encourage organizations as they're, you know, kind of looking at various technologies that are out there. It's, you know, dive a little bit deeper when a, when someone says single sign on what do they truly mean?
And, you know, walk through the experience on a variety of different types of applications, you know, walk through it on a native mobile application that you can access from the public store, like, you know, the iTunes or the Google play store, walk through it on a internally developed application that you're gonna be delivering to your end users. That's not on a public store, you know, walk through it on a virtualized application, let's say from horizon or a Citrix application, you know, and walk through those different experiences and then, you know, make a conclusion as to what that single sign on experience feels like.
Okay, great. Thank you. Another question that came up, which is a bit out the scope, actually, because you, you said you were focusing on one area, but the question came up windows 10 and securing windows, 10 deployments, and your workspace one as a means of securing windows 10, could you nevertheless, elaborate a bit on that? How can your solution be used to secure windows 10 deployments and how to, to, to get windows 10 actually being rolled out and secured in an environment?
Sure, sure. No, it's, it's, it's, it's a, it's a great question. And one where, I mean, there's a lot of interest there. You know, one of the interesting things is, you know, with windows 10, you know, Microsoft has basically converted windows 10 into a mobile platform. So what that means is similar to how apple and iOS and Google with Android have basically mobile APIs that allow us to manage those devices using enterprise mobility management tools with windows 10, it's the, the same thing. So we consider windows, windows 10 is really a mobile platform just like iOS or Android. So what we've done with VMware AirWatch is now allowed AirWatch to manage windows 10, just like we manage again, iOS or Android. So we can use, you know, public APIs that Microsoft has released that allow us to do things, you know, just like we would do on any other mobile device.
So, you know, we could deliver a single sign on experience. We could apply conditional access policies. We can deliver software to those windows, 10 machines. We can manage them, we could perform, you know, data leakage protection. So, you know, because of the fact that windows 10 is a mobile platform, you know, now we've really expanded, you know, the set of devices that VMware AirWatch can manage to all windows 10 devices. So it's now really a powerful platform, especially, you know, as organizations shift a greater percentage of their desktops and laptops over to windows 10. You know, now we have AirWatch that can really manage that entire, you know, fleet of devices for, for the organization.
Okay, great. That sounds promising. Thank you very much. I think we also already through our questions, but it was a great discussion. What I take from that is that this is for, for many organizations really on the one hand a challenge, but also an opportunity to get to a much more modern and more efficient and much more simplified application management with the, with an improve improving user experience on the other hand. And I think that's a challenge and a chance for many organizations. That sounds really great from, from my perspective, before I close down this webinar, is there anything else you want to refer the, the participants to, and that you want to mention before we close down?
Sure. You know, you know, I would say there's, there's two things, you know, number one, if you wanna learn more about workspace one, I would recommend everyone take a look at our website, vmware.com/go/workspace one. And I'm sure we could send that out in the notes as well. And then, you know, I, I, I won't take too much of your thunder Matthias, but you know, you and I worked on a, really, a great paper around securing unified workspaces that I'm sure that, you know, we're gonna wanna enable the audience to get access to as well.
Yes, absolutely. With the, with the recording of today's webinar, without the hiccups going online tomorrow, we will include the link to both your side and the, and the document that we prepared. So everybody can then pick up both our presentations, the, the recording of this webinar and the documents that you've mentioned. So that I think is the best way to pick it it up and have it all in one central place. So from my perspective, that's it for today, we have five minutes left to the hour. So we have a great session today, thanks to all of the participants for your questions and your participation. And thanks again to SWE for taking part in this webinar and for providing your insight into centered application management. Thank you for all for your time. I look forward to seeing you probably at the EIC in Munich, and to having you all again, within our next one of our next webinars, have a great day today and that's it for today. Bye bye.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Standards & Regulatory Frameworks Are Static, Security Isn't

Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take…

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Exploring the role of Endpoint Security in a Ransomware Resilience Plan

Ransomware attacks continue to increase in frequency and severity. Every organization needs a ransomware and malware resilience plan. Three major components of such plans should include deploying Endpoint Security solutions, keeping computing assets up to date on patches, and backing up…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00