If you are anything like me you have a number of mobile devices that you use in your day to day life. If your company is anything like ours, they are concerned about the security of their corporate data. In order for me to access my corporate data I’m asked to enrol my device into the corporate mobile device management system. As a consequence of this enrolment, the company forces me to use a complex password, requires that I allow them the privilege of wiping the device, and may also implement policies that restrict my mobile experience. As an end-user, I’m not particularly happy about this because it makes my life more difficult. For many of my co-workers it means they choose not to enrol for corporate email on their devices, which means that the company loses out on the value that comes with the user having access to the data from anywhere.
Another common problem that I have, and that we have heard from numerous end-users, is that running a VPN on mobile devices is inconvenient and often too forgettable. For me this often means that I’ll VPN in to access a resource that came in from a link in my email, access the link, and then forget to logout. This means that I’m now sending all of my personal browsing traffic, movie streaming, and more through the company’s network. This uses valuable corporate bandwidth and could possibly put the company at risk.
Introducing ZENworks Mobile Workspace
ZENworks Mobile Workspace is the newest member of the Micro Focus Endpoint Management portfolio and offers a great way to solve this problem. This solution provides an easy method for users to get access to what they want, without the complexity and inconvenience that traditional mobile device management and email access methods often introduce.
ZENworks Mobile Workspace is a mobile application that you can install on your iOS (v9+) or Android (v4+) mobile device that sets up an encrypted workspace on the device that contains:
- Corporate email, calendar and contacts hosted on Micro Focus GroupWise, Microsoft Exchange, Office 365 and even Lotus Notes. (See figure 1).
Figure 1: Corporate email accessed through the mobile workspace A built-in viewer for Office and PDF files enables users to review items they receive in their email or that are accessible via their documents repository.
- Files from corporate file repositories such as SharePoint, CMIS or even Windows File Shares. In future releases, we expect integration between Filr and ZENworks Mobile workspace.
- A secured corporate web browser that can be used to securely access corporate web applications and intranet web sites without the complexity and forgettability of VPN.
With this solution end-users utilise their LDAP username and password to access the workspace, once authenticated they have access to anything in the workspace. The workspace data store is securely encrypted using banking-grade encryption to prevent unwanted access.
As figure 2 indicates, device administration is web-based and configuration is ‘over the air’. Users can enrol the device with the workspace server and gain access with nothing more than an email that includes the enrolment URL.
All communication between the agent and the server is encrypted, both at the data level and over the HTTPS transport. The workspace doesn’t rely on the underlying OS for encryption. Instead it uses dedicated, banking-grade encryption for local storage.
In future releases, we’ll even have an SDK that makes it easy to integrate your own mobile applications, to ensure that custom applications can benefit from the power of the workspace security and access capabilities. With ZENworks Mobile Workspace, the corporate administrator can easily implement rules that can control important security settings such as:
- Which aspects of the workspace are available to a user – email, calendar, contacts, documents and browser. (See figure 2).
- Whether corporate data is allowed to be cached to the encrypted data store on the local device.
- Timeouts related to inactivity and access of the workspace.
- Configuration related to URLs that the secure browser will allow access to. (See figure 3).
With powerful contextual rules, you can also add capabilities to limit corporate access based on work schedule, location, jailbreak status and more. Of course, no solution would be complete without the ability to ensure data is wiped if the device is misplaced or the user leaves the company.
ZENworks Mobile Workspace also provides a very simple application store that allows you to distribute important corporate applications from either the public application stores, or can be used to distribute your own in-house applications.
In the event that an employee loses a device or leaves the company, you can wipe just the workspace and prevent access to your sensitive corporate data.
ZENworks Mobile Workspace is currently available for purchase as either a subscription or as traditional license with maintenance on a per-user basis. Please contact your local Micro Focus partner or sales representative for more information. To evaluate the workspace, sign up today at https://www.microfocus.com/products/zenworks/mobile-workspace/trial/
This article was first published in OHM Issue 37 (2017/2), p14-15.