Companies for years have wrangled their employee’s phones with mobile device management (MDM) software but haven’t been able to exercise the same ease of control over their workforce’s PCs. That’s about to change, according to Venn Software.
The company on Wednesday announced a patented technology for securing remote work on any computer that uses a lightweight application to establish a secure enclave on a computer. Data inside the enclave is encrypted, and applications operating in the enclave run securely.
“It’s a radically simplified and less costly new alternative to virtual desktop infrastructure,” Venn Co-Founder and CEO David Matalon said in a statement.
With Venn, the company controls a secure enclave installed on the user’s computer. In this enclave, all work activity takes place, all data is encrypted, and the company manages access. Similar to MDM software, but for laptops, work applications run locally within the enclave where business activity is isolated and protected from personal use on the same computer.
Matalon explained to TechNewsWorld that only the enclave needs to be secure instead of securing an entire laptop. “Work gets done in the enclave, and the user sees a blue border around those specific application windows,” he noted.
“You’re not being forced to work in a virtual desktop environment that’s latency prone and frustrates users,” he added.
He noted that companies no longer need to issue laptops to employees; employees can use their own. Furthermore, the enterprise can ensure the safety of its data and meet its compliance responsibilities.
Virtual Pain in the Buns
Along with the patent announcement, Venn revealed US$29 million in Series A funding, led by NewSpring, to support its product development, growth, and customer demand.
“Back in 2019, before the pandemic and the onslaught of remote work, David and his team recognized the trends and mounting issues associated with a distributed workforce,” NewSpring Partner Hart Callahan said in a statement.
“Prior to Venn,” he continued, “the team helped hundreds of financial organizations overcome compliance and security issues for remote workers. Through this work, it became clear that traditional VDI technology was not up for the challenge of an evolved workforce.”
Virtual desktop infrastructure (VDI) can give an organization more control and protection of its data in the hands of employees, noted Matthew Psencik, director of endpoint security at Tanium.
“But,” he told TechNewsWorld, “they are historically under-provisioned with resources and configured in ways that make using them a huge pain for employees.”
“When presented with poor performance or roadblocks, like not allowing copy and paste, many employees will take the path of least resistance and try and circumvent VDI controls by either using their personal devices or leaking corporate information unintentionally via third-party sites,” he said.
“The benefits of this approach rarely outweigh the negatives — even before considering the employee sentiment impacts due to a frustrating working environment that could lead to employee retention issues or worse, a disgruntled employee going out of their way to harm the business,” he added.
Trouble Ticket Generator
A benefit to using a virtual desktop is that all of the builds are often based on a single image that can be updated quickly and tightly controlled, observed Erich Kron, a security awareness advocate at KnowBe4.
“If a virtual machine is infected with a virus, it can often be destroyed and recreated quickly, allowing employees to return to work in a short amount of time,” he told TechNewsWorld.
“Virtual desktops often have limited capabilities and network access, which can reduce the potential for damage to malware or other threats from the endpoints,” he said.
However, he added that virtual desktops can be less customizable and, if not set up correctly, can be a poor experience for the users, driving trouble tickets and complaints up.
Persuading an employee to install a company-managed tool on a private device is a challenge for any management solution, contended Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel.
“Employees must feel confident that the software won’t degrade their experience and that the company will not spy on their personal use of the device,” he told TechNewsWorld.
Matalon noted that Venn designed its PC management software with performance in mind. “There is no latency,” he said.
Another benefit of the Venn solution cited by Matalon is its ease of offboarding employees. “It’s very effective for organizations with high employee turnover. You can press a button and do a remote wipe of the enclave,” he said.
“The ability to remotely wipe and monitor the status of remote PCs, especially mobile ones like laptops, is certainly an important tool for many organizations, especially now that remote working is so much more prevalent,” observed Kron.
To effectively manage the security risks of remote desktops and laptops, administrators need to have continuous visibility and control over those devices, added Tanium Senior Director of Technical Account Management Shawn Surber.
“They can’t be left in a state where they’re only being managed when connected to a VPN or checked once a week or even once a day,” he told TechNewsWorld. “Remote PCs are highly vulnerable and need to have effective, real-time threat management tools like patching, software deployment, vulnerability management, and incident response.”
Although Venn maintains its new offering is filling a gap between mobile device and PC management, the gap may not be as wide as it suggests.
“Most of these MDM solutions have evolved into unified endpoint management platforms,” said Paddy Harrington, a senior analyst with Forrester Research.
“These solutions can handle most if not all of the PC management functions for the variety of PC-style devices — Windows, Mac, Chromebook — that many businesses are deploying for remote workers,” he told TechNewsWorld.
PC platforms have had computer security risk management solutions for decades, added KnowBe4 Defense Evangelist Roger Grimes.
“Microsoft allows its customers to manage devices using group policy, registry edits, PowerShell, or using other scripts,” he told TechNewsWorld. “MDM solutions aren’t nearly as powerful as their PC-based counterparts.”