From speaking with customers, one of the most common complaints we hear is that buying, configuring, and shipping computers to remote employees and contractors, is a time consuming and expensive process. They find there are costs at every step. Even when people leave the company, there can be issues getting devices returned adding to the costs in terms of lost hardware.
When companies purchase hardware for new staff joining –whether employee, contractor, or third party — it involves acquiring the devices, configuring them, shipping, support, and re-acquisition of the devices. There is also a three-year depreciation that factors into the total cost as well. These intangible costs extend far beyond the initial purchase price of the device.
With companies shipping computers, devices can take a significant amount of time to arrive to their employees, particularly when these destinations are International. The computers can get held up in customs for days or even weeks. One of our customers in Healthcare who has a large amount of offshore workers told us that it can take a month to get a computer shipped to a potential worker. This can negatively impact and extend the timeline for new staff members to get started and be productive.
There are also challenges associated with the recovery of these devices. A Business Process Outsourcing (BPO) client, with a significant number of offshore workers, shared a scenario with us. They would purchase, configure, and send out devices to worldwide destinations, only to find out that the newly recruited employee had accepted a position at a different company because of the protracted onboarding procedure. They also said they often had problems getting those devices back. This is not isolated to this one example, but in general to any situation. These costs can be in the range of hundreds of thousands or more in terms of lost hardware.
Once the devices that are returned arrive back to the company, the costs continue to grow. These devices need to be repurposed for the next use, which entails wiping and resetting them. There is also a possibility that the device may be in a state of disrepair and require further servicing to render it functional again. All these activities have additional costs associated with them which now take the device back to the initial costs of deployment again.
Another customer with an under-resourced IT team lamented about having a large stock of laptops on hand so they could manage the process more quickly, yet it was proving to be too costly and difficult for them to manage a surplus of devices. From a financial perspective, they had been told to find a new approach and were given a goal of eliminating purchasing laptops by the end of the year.
This is where Venn can help get companies out of the hardware business. No more purchasing, shipping and managing laptops. Venn’s Secure Enclave is a software solution that is designed to secure work data and traffic on devices that are not owned by the company – any unmanaged or BYOD laptop. These devices can be owned by the individual, an external contractor or even a third-party entity. Venn allows these unmanaged devices to securely connect to company data and applications in a manner that isolates the business from anything else on that device.
By using Venn, companies can avoid the cost, time and pain associated with the deployment of company asset. New staff members can start working securely within minutes on their own devices. It also avoids the ancillary costs of depreciation, re-acquisition, and re-provisioning of the devices.
The Secure Enclave can be installed on BYOD or unmanaged computer to allow users to connect to company resources securely and ensure that company data cannot be exfiltrated onto these devices. By utilizing several technologies, Venn can secure applications, data and network traffic. These non-managed devices can be offshore workers, external consultants, personal computers or purchased by the company but not locked down.
The Secure Enclave allows remote workers to actively use their own computers to work the way they want to while keeping their work and personal use separate. What does this really mean? Users want to work quickly with responsive actions as they perform their daily tasks. When an end user starts their day, they typically prefer to work from the own local computer rather than a remote connection to a virtual desktop which often has a poor user experience and performance issues. Even better, the user would love to work from their own personal computer rather than have two computers on their desk.
For users, it’s simple to get started on work. When a user logs into Venn, they must authenticate properly. This can be through Venn with 2-factor authentication, or through integration with Okta, Azure Active Directory, or Google Workspace. Once the user successfully authenticates, the Secure Enclave will run through a series of optional compliance checks to ensure the computer meets the minimum-security requirements. If the computer passes these checks, the user connects and starts their day.
Once they are logged in, the user sees an application launcher which has the applications the company has assigned to them that they needs for work. When a user launches an application from this launcher, like Excel for example, it starts using the local excel.exe on the computer. However, when the application launches, it will be surrounded with a Blue Border indicating they are using it for work.
The Blue Border acts like a firewall for the application by making use of granular rule-based Data Protection Policies that determine what a user can do with the applications such as copy and paste, where files can be saved, and whether they can share or capture screen shots or not. There are different data protection policies available that IT can leverage to ensure data is kept secure and meets corporate policy. By making use of Policy Overrides, IT can allow exceptions to be created by users, or groups to further open aspects of these policies or to potentially lock them down tighter.
Regarding data protection, Venn makes use of a Virtually Mounted hard drive that is fully encrypted on the user’s local computer. This Venn Disk is only visible from within the Secure Enclave and only after the user has properly authenticated. Within Venn disk, company sanctioned file systems are locked down to the point that they cannot be accessed outside of the Secure Enclave. When users download or save files, they are only able to save them to the secured Venn Disk. The data protection policies prevent the users from saving or copying data to the local computer or to external disks. By making use of the file storage synchronization such as OneDrive, Google Drive and others, the files in the Venn Disk are available in cloud.
When a user is no longer employed or contracted to a company, the data within the Venn Disk can be remotely deleted from the computer. The next time the device connects to the Internet, Venn will reach out to the servers and find out that the data needs to be removed from the system. The Venn Disk is removed, and nothing else is touched on the computer.
To address network security concerns, Venn makes use of a Private Company Gateway which is comprised of a series of fixed dedicated IP addresses assigned to the company’s Venn Tennant. These IP addresses can then be facilitated to lock down potential back doors where data can be exfiltrated from. For example, if a user can log into any system and check their email, then there is an uncontrolled point where data can be stored.
To contain this, Venn can make use of these IP addresses to implement conditional access and IP Restrictions on cloud technologies. Venn does this by employing a split tunnel VPN for all data within the Secure Enclave. When the user connects, they connect via a perpetually known IP address, regardless of where they are physically located. This simplifies the issue of roaming users who have a different IP address as they move from location to location.
With these combined technologies, Venn’s Secure Enclave enables companies to allow users to work from unmanaged devices in a manner that ensures the security of company data and helps to eliminate the need for buying, configuring, locking down and shipping computers to new employees or contract staff.
I would encourage you to reach out to our team and request a full demonstration of Venn’s Secure Enclave.
