VMware Inc. today extended its Workspace ONE endpoint management technology to provide better support for distributed workforces.

The new package delivers desktop and application virtualization, cloud-native endpoint and workload protection and cloud-based security based on secure access service edge or SASE principles.

VMware Anywhere Workspace integrates the Carbon Black Cloud security technology it picked up with the acquisition of Carbon Black Inc. in 2019. SASE services are provided by a combination of the vendors’ software-defined wide-area network technology and VMware Secure access to implement zero-trust network access over a network of global points of presence.

The combination delivers on three fronts, executives said. It gives employees a choice of devices for performing their jobs, better secures the distributed edge and enables workplace automation based on desired outcomes rather than inputs. “By combining these three things we can deliver value to employees, the CIO, the chief information security officer, finance and human resources,” said Shankar Iyer (pictured), general manager of the company’s end-user computing division.

VMware is addressing three of the hardest problems IT organizations face in supporting remote and hybrid workforces, said Phil Hochmuth, program vice president of enterprise mobility at International Data Corp. Those include getting endpoints set up and configured properly, getting them secured and compliant and keeping them connected with high-reliability and security,” he said.

SASE is a red-hot network security trend that combines SD-WAN with network security services such as cloud access brokers, firewall-as-a-service and zero trust into a single cloud-delivered package. Gartner Inc. has forecast that 40% of enterprises will have SASE adoption plans by 2024, up from fewer than 1% at the end of 2018.

The technology has caught fire to combat the shortcomings of perimeter-based security approaches such as virtual private networks that were exposed when large numbers of office workers shifted to working from home during COVID-19.

“Once people started moving devices into the home organizations found they lost visibility into endpoints,” said Shawn Bass, chief technology officer for end-user computing at VMware. “The classic VPN technology has come under immense attack by nation-states on endpoint devices in homes where they can then pivot into the network.”

VPNs, which provide an encrypted “tunnel” over the public internet “were great when the bulk of your applications were in the data center, but today, they are increasingly coming from the cloud,” Bass said. “Sending traffic for those applications to the data center for inspection has a negative effect on user experience by adding networks hops and latency.”

Frameworks like SASE, zero trust network access and software-defined perimeters are “a very effective way to support remote workers,” said IDC’s Hochmuth. “It moves away from legacy dependencies in VPN and extended logical perimeter networks and moves security closer to users’ apps, data and identity.”

VMware is targeting the latency issue, in part, by engaging a network of more than 100 points of presence that put its network within reach of 85% of the world’s population, executives said. This allows any user to access any approved application from any device over the company’s distributed network. VMware’s zero-trust approach combines network security at the edge with endpoint security and management.

“If you’re behind Velocloud appliances you’re automatically routed to the cloud,” Bass said, referring to the SD-WAN devices that the company rebranded as VMware SD-WAN last year. “If you’re in a coffee shop, there’s tunneling software that routes you to the cloud” through a local POP.

Employees can use a consolidated catalog of applications that can be accessed with single-sign-on and self-service provisioning. Network administrators can apply risk-based conditional access controls that adapt policies based upon such factors as the device, user identity and threat data provided by Carbon Black Cloud. They can also restrict users from downloading information from the cloud and then uploading it to a personal device, a practice that is becoming a major cloud security threat.

The software provides a single point of administration for endpoint compliance as well as network micro-segmentation. Intelligent compliance, workflow and performance management tools help with workflow automation.

The POP presence plays an important role in improving user experience by minimizing latency, executives said. “If the end-user happens to be in New York routing to Virginia we put the user on the SD-WAN fabric that is only 10 milliseconds away from where they are,” Bass said. “We have the ability to apply security controls on the fly as that communication is passing through the SASE platform.”

VMware Anywhere Workspace is available today. Pricing information was not provided.

Photo: SiliconANGLE