It’s officially been a year since enterprises all over the world were forced to instantly provision remote workspaces for their employees. Some had the advantage of already having some sort of work from home infrastructure in place, but many did not.
Let’s take a look back at the 4 most common approaches – corporate devices, VDI/DaaS, and BYOD to see how they all stood up to the challenge and whether they’re viable options for the future.
Choice 1: Provision corporate laptops with a VPN with Split Tunneling Enabled
This is a popular approach for companies with multiple endpoint security solutions. Just take your corporate laptop home and use a VPN gateway to connect to the enterprise network.
The advantages here are obvious – the endpoint is relatively secure and you don’t need a new management stack. But it’s far from a perfect solution. You still need to provision and maintain all these devices, and user productivity suffers from only having access to a locked-down device. There are a lot of sites and applications users won’t be able to use at home that they might need. So the IT team is now bombarded with whitelist requests. Finally, there’s the fact that any traffic that goes through the split tunnel won’t go through the security controls that you have in your corporate network (IDS/IPS, Next-gen firewalls, etc) – exposing your device to security threats.
Choice 2: Provision VDI or DaaS
On the surface, a VDI or Desktop as a Service (DaaS) approach is one of the easiest ways to enable your workforce to connect to your corporate networks from their home office. Just connect to the corporate network via the VDI infrastructure – and from any device! But here’s the thing. Regardless of whether you’re using your own data center hardware or the cloud, you’re still going to need to provision significant storage, network, and compute resources. These costs add up. So while there might be some short term benefits, over the long term, this isn’t scalable. Even after investing the effort and money, users will suffer, especially if they’re working offline, or on a low bandwidth/high latency network. Every click on any app will be frustrating.
Choice 3: VPN on an Unmanaged Device
When you move to a BYOD approach, you’re officially out of the hardware game. Give employees $1000, tell them to get a machine with certain specs, and have them use a VPN to connect to the corporate network and install certain agents. Easy, scalable, and cheap. But the low effort comes at the expense of security and privacy. The risk of malware and compliance concerns is simply unacceptable in many industries.
Choice 4: Zero Trust
A more secure option is a Zero Trust approach. Using a corporate laptop, you use the Zero Trust broker to control access to enterprise apps, either cloud-based or on-prem. However, this doesn’t protect against endpoint infections. An attacker on a compromised endpoint can ride authenticated sessions to do harm on enterprise resources. You might also still need a VPN or legacy non-Zero Trust access for some applications which aren’t yet supported with your Zero Trust vendor.
So… where does this leave us?
The traditional approaches all suffer from being either expensive, insecure, or inconvenient. A new approach we’ve built at Hysolate is an Isolated Workspace-as-a-Service.
An isolated workspace is a hyper-isolated virtual environment that is installed on the user’s endpoint and provides users with a superior user experience. It is built to spin up instantly on any Windows 10 OS and managed, at scale, from the cloud. This allows you to run apps locally, solving the UX issues for VDI and DaaS, while also eliminating cloud costs.
To learn more about Isolated Workspaces and to see if it could work for your organization, click here to book a demo with our team.