As a Senior Product Owner here at Venn I get asked a variety of questions about our secure remote workspace, often revolving around the same concepts or fundamental aspects of the product. With most users accustomed to slow, clunky legacy VDI experiences, Venn’s unique set of features and capabilities represent deviations from the way most of us are used to working- and that’s exciting! My goal today is to tell you a little more about what makes our product unlike any other solution on the market, with features and capabilities designed to isolate and protect work from any personal use on the same computer. Without further ado, let’s get to breaking down the ten most commonly asked security FAQs about the Venn platform.
1. “Can users run any application they choose in Venn?”
Admins have the ability to allow users to only run certain applications in Venn. Venn’s configurable application policies control which applications are purposed for work, and only applications assigned to a user by an admin are permitted to run in Venn. Our application isolation tech prevents applications that are not purposed for work to run within the Venn, keeping work and personal separate on the same device.
2. “Can I prevent users from accessing data with unauthorized apps?”
Venn’s application policy settings allow organization admins to control which applications are purposed for work, and which are marked for personal use. Only applications assigned to a user are permitted to run and access data within the Venn secure enclave, as authenticated and verified via MFA by Venn or a 3rd party IdP.
3. “How is a user, malicious application, or virus prevented from accessing data outside Venn?”
All data in Venn is stored in an encrypted virtual drive on the local system that is only accessible by applications running within the secure enclave. A device policy can be set to prevent access to Venn if a system is not configured with the required security software or settings. Finally, data access is contingent on consistent authentication and verification via MFA by Venn or a 3rd party IdP.
4. “How can a user safely and securely use the same application for both personal and work purposes?”
Venn isolates work application settings, configurations, and user preferences by creating both a personal profile and a work profile for every app. It has robust built-in DLP policies that prevent users from moving company data outside of the Venn, including saving files to unauthorized locations, copy/pasting of data, and taking screenshots. All the data in the secure enclave is always encrypted and not accessible to any applications outside.
5. “Can I prevent users from using unauthorized browser plugins?”
With custom browser policies your organization can control which plugins are allowed or blocked inside Venn. These policies can be modified to either force the installation of allowed plugins, or disable blocked plugins. Additionally, these custom browser policies can restrict install sources for plugins to ensure users are downloading them from a trusted location.
6. “Can I prevent browser features such as, saving passwords and autofill of data from being used?”
Yes, you can change and modify your organization’s browser settings from within the admin center! Customizable browser policies control all browser settings, and be changed to fit organizational requirements. These browser policies can be set at the user level OR the group level to support different browser policy needs per employee or function.
7. “How is user privacy maintained when using a device for personal tasks?”
Protecting user privacy is a pivotal component of the Venn platform. Personal use of applications, web browsing, and files is isolated from all work usage, happening outside of the Venn. Only activity related to local and web applications that are actively being purposed for work is monitored. That means when you don’t see the blue badge and Blue Border around your window it isn’t visible to your company. Users can also access a real time activity log that shows all the information that their organization is tracking. Administrators see the same information, and do not have access to more information than what the user sees.
8. “How is data transmitted over the network secured?”
Protecting a device without protecting the data it’s sending out is risky, and exposes your organization to theft or leakage. Data coming in and out of Venn, and to and from all applications, can be forced to use a private company gateway built into Venn. Also, Venn is integration-ready to support a variety of existing 3rd party SASE/VPN solutions, so if your organization is already using other tools for network security you’re in luck! Venn encrypts the connection between the protected device and the PCG, and all Venn secure enclave traffic is isolated from all other network traffic coming from that machine.
9. “How is access to web applications secured?”
Venn’s built in PCG protects web applications seamlessly and consistently. The PCG provides a custom set of IP addresses specific to the organization that all traffic from inside the secure enclave is routed through. If IP filtering is supported by the web browsing application your organization uses, these custom IP addresses can be set to restrict access from everywhere except from the secure enclave. And again, if you have a preexisting VPN or other network security solution it can be seamlessly integrated with Venn.
10. “Can I disable or override DLP controls like screen sharing by modifying registry keys or altering applications or system files?”
We’ve built Venn to be workaround proof. What does that mean for your organization? Policy controls are not stored locally in a file or in the registry, meaning they’re not locally accessible and modifiable. Policy settings for the device, DLP, applications, web and more are stored in our cloud backend and are only accessible by the company admin. That means a single point of control and organization for all your policies. Policy settings are securely pushed to the client when they log in, meaning they’re easy to update and quick to deploy.
Moving Into the Future with Venn
Hope these top 10 FAQs have resolved some of the questions you may have had about Venn. We’re excited to talk more about what makes our secure remote workspace unique and a departure from VDI. We at Venn are building a product made for the modern balance of work + life, not the old dynamic where the two were separated by physical spaces. Instead, we see a future where they can coexist seamlessly on one device, making both work and personal use of a computer easier and less restrictive than ever. If you want to revamp the way you protect your sensitive data sign up for a demo here, or if you’re still curious about the changing world of work go ahead and read our CPO’s blog about the second IT transformation.