It’s been well over a year since enterprises all over the world were forced to instantly provision remote workspaces for their employees. Some had the advantage of already having some sort of work from home infrastructure in place, but many did not.
Let’s take a look back at the 4 most common approaches – corporate devices, VDI/DaaS, and BYOD to see how they all stood up to the challenge and whether they’re viable options for the future.
Choice 1: Provision corporate laptops with a VPN with Split Tunneling Enabled
This is a popular approach for companies with multiple endpoint security solutions. Just take your corporate laptop home and use a VPN gateway to connect to the enterprise network.
The advantages here are obvious – the endpoint is relatively secure and you don’t need a new management stack. But it’s far from a perfect solution. You still need to provision and maintain all these devices, and user productivity suffers from only having access to a locked-down device. There are a lot of sites and applications users won’t be able to use at home that they might need. So the IT team is now bombarded with whitelist requests. Finally, there’s the fact that any traffic that goes through the split tunnel won’t go through the security controls that you have in your corporate network (IDS/IPS, Next-gen firewalls, etc) – exposing your device to security threats.
Choice 2: Provision VDI or DaaS
On the surface, a VDI or Desktop as a Service (DaaS) approach is one of the easiest ways to enable your workforce to connect to your corporate networks from their home office. Just connect to the corporate network via the VDI infrastructure – and from any device! But here’s the thing. Regardless of whether you’re using your own data center hardware or the cloud, you’re still going to need to provision significant storage, network, and compute resources. These costs add up. So while there might be some short term benefits, over the long term, this isn’t scalable. Even after investing the effort and money, users will suffer, especially if they’re working offline, or on a low bandwidth/high latency network. Every click on any app will be frustrating.
Choice 3: VPN on an Unmanaged Device
When you move to a BYOD approach, you’re officially out of the hardware game. Give employees $1000, tell them to get a machine with certain specs, and have them use a VPN to connect to the corporate network and install certain agents. Easy, scalable, and cheap. But the low effort comes at the expense of security and privacy. The risk of malware and compliance concerns is simply unacceptable in many industries.
Choice 4: Zero Trust
A more secure option is a Zero Trust approach. Using a corporate laptop, you use the Zero Trust broker to control access to enterprise apps, either cloud-based or on-prem. However, this doesn’t protect against endpoint infections. An attacker on a compromised endpoint can ride authenticated sessions to do harm on enterprise resources. You might also still need a VPN or legacy non-Zero Trust access for some applications which aren’t yet supported with your Zero Trust vendor.
So… where does this leave us?
The traditional approaches all suffer from being either expensive, insecure, or inconvenient. A new approach we’ve built at Hysolate is a full isolation solution that sits on user endpoints, but is managed from the cloud.
Hysolate enables organizations to create trusted endpoints that are secure by design. With Hysolate you can isolate endpoint threats and secure enterprise access with an isolated virtual workspace that runs on the endpoint, and is fully managed from the cloud. This secure by design architecture splits the endpoint into two isolated workspaces, providing IT and Security management with peace of mind, without compromising user productivity.
But don’t take my work for it! We’ve built Hysolate Free so that you can try it for yourself! Our forever free Sandboxing solution for Windows isolating risky or sensitive activites on your endpoint device. Try it here for Free.