BlackBerry Digital Workplace eliminates need for VPN, VDI
BlackBerry has unveiled its Digital Workplace platform, a web portal and workspace for secure online and offline access to corporate on-premise or cloud content, including Microsoft Office 365 resources.
Digital Workplace, announced last week, integrates a secure browser-based workspace sold by Awingu, a Belgium company that penned a partnership with BlackBerry in 2018. Businesses can access their legacy Windows, Linux, SaaS or internal web apps, desktops and files inside of Awingu’s secure managed browser. Awingu’s unified workspace runs Windows, Linux, web and intranet apps.
Based on BlackBerry’s Zero Trust Architecture, Digital Workplace eliminates the need for a VPN or VDI infrastructures and is designed to provide continuous threat protection using artificial intelligence and machine learning to enable users to securely work anywhere and from any device, according to BlackBerry.
Zero trust is an enterprise security architecture or network where there is never a “default trust” option that automatically authorises end-users or systems; instead it requires a form of verification for any attempt to access business systems.
The system relies on multifactor authentication, analytics, encryption and file system-level permissions and includes dynamic enforcement of access rules – not only for a user’s identity but also for their device and the context in which they are attempting access. The result is that users are given the minimum amount of access to accomplish a specific task.
“We break everything down to an actor, an action and a target. So who am I, what device am I trying to do, over what network am I trying to do it, and based on analytics should I have more or less friction for what I’m trying to do?” said Alex Willis, BlackBerry’s vice president of sales engineering. “Friction could be multiple forms of authentication, or block access.”
Awingu’s browser was available prior to Digital Workplace through BlackBerry UEM and as part of its BlackBerry Access mobile browser offering. Digital Workforce also incorporates BlackBerry’s own Desktop management platform as well as AI-driven security software from Cylance, a company acquired by BlackBerry about a year ago.
“[It’s] not just Awingu, but all the connectivity through either the email calendar contacts applications within Digital Workplace as well as BlackBerry Access Browser” Willis said. “So, the access browser is connecting to the BlackBerry infrastructure just like our applications would on your iPhone or Android device. So, we’re facilitating the secure connectivity behind the firewall. The user doesn’t know if it’s going through a VPN. All they know is they start the browser and get to their corporate internet.”
For auditing purposes, IT admins can also video record every end-user for their entire session or when they access a specific application, Willis added.
In some ways, BlackBerry’s Digital Workplace is something of a re-packaging/licensing announcement instead of a set of new products, as the capabilities and partnership with Awingu are all things BlackBerry has had for a while, according to Chris Silva, a vice president of research at Gartner.
While other vendors such as VMware and Citrix offer unified workspace solutions, BlackBerry is “somewhat unique” among other unified endpoint management (UEM) providers in that most of its customers are using an explicit container. That means end-users are relying on BlackBerry’s UEM app to access email, contacts and calendars, versus the native apps, according to Silva.
“They’re also the only vendor with a container that can be consumed on desktop and mobile,” Silva said via email. “Addressing the Windows app issue was of great importance to keep competing in the UEM market, especially as VMware and Citrix both now offer licenses that include both UEM and their virtualisation technology.”
Through its Awingu partnership, BlackBerry’s browser-based access capabilities are a unique variant to VDI, according to Nick McQuire, a senior vice president of research at UK-based CCS Insight.
“By integrating this, it gives BlackBerry more options to upsell customers on new use cases, especially on the desktop,” McQuire said via email.
More importantly, McQuire said, the Digital Workspace implements some key BlackBerry components in security, too, such as Cylance and its secure network.
“This enables BlackBerry to apply conditional access policies to the workplace application such as through machine learning, determining whether the device has malware before allowing user access or whether the user is displaying risky behaviour,” McQuire said. “Conditional Access is now becoming a key tenet in a zero-trust security model which, although [it] is a massive buzzword now in security, is starting to gain ground with IT pros – at least conceptually.”
ConvergeOne, a Bloomington, Minn. IT services provider, deployed BlackBerry Digital Workplace last year. ConvergeOne’s employees are issued corporate laptops – a total of about 3,000 endpoints. For traditional email, calendaring and access to a global address list, the company was allowing Active Sync connections for personal devices to the Microsoft Exchange environment, enforcing corporate policy on the entire device.
ConvergeOne’s employees are highly mobile and up to 75% of ConvergeOne’s end-users rarely set foot in corporate office. The company had been hindered by the traditional security stack, interfering with workers’ mobility and ability to deliver to ConvergeOne’s clients, according to Collin Buechler, the company’s information security and compliance officer.
“Some of these hinderances included client networks blocking VPN to ConvergeOne, device failures while on the road, and the rigidity of the traditional security stack of security controls,” Buechler said via email. “[BlackBerry] Access only needs an outbound internet connection to work, the solution does all the rest.
“With BlackBerry Digital Workforce we can have a team member back up and running on any compatible solution within about 10 minutes if their laptop is stolen or blue screens right before a client presentation,” Buechler added.
With the inclusion of Digital Rights Management on documents sent to clients or outside of the ConvergedOne, Digital Workspace enables better compliance with requirements in NIST, ISO and FARs in terms of knowing where the data is and who has accessed it, Buechler said.
“ConvergeOne can retroactively disable this access if necessary, or if the document was acquired nefariously, it is encrypted with government-grade encryption and is useless to any nefarious types that may get access to the file,” Buechler said.
BlackBerry’s marriage of UEM and security is part of a nascent industry trend, and further evidence of BlackBerry’s “seismic shift” in direction towards enterprise software and security over the past five years, according to McQuire.
“The UEM space is heading in multiple directions, but we see competition coalescing at the moment at the intersection of UEM, security – particularly mobile security – and identity,” McQuire said. “As a result we are seeing more of these wider workspace offerings as customers are looking to the market to not only secure all of their devices, but also their data, which means tighter security around the user and the applications employees use daily.”
IDG News Service