The Spirit of the Anywhere Workspace

Tomorrow, I have the great pleasure of speaking at the VMware Anywhere Workspace event. I thought about the “Anywhere Workspace” and believe we could look at the idea and demystify its intention. We will discuss what encompasses the Anywhere Workspace and how you can apply the concepts in your user experience journey.

What is the VMware Anywhere Workspace Solution?

As you can read about from VMware, the Anywhere Workspace focuses on that we can now work borderless. Several companies have committed to a new remote work strategy from Facebook to Google to name a few.

VMware’s idea is that you can leverage Workspace ONE along with a few of their recent investments in Carbon Black and VMware SASE to built an encompassing solution that empowers work from anywhere. Essentially the idea is that Workspace ONE delivers what you need just-in-time, Carbon Black protects your endpoints, and SASE brings cloud web security, zero trust, and more to secure the distributed edge.

We use Workspace ONE Intelligence to drive automation and put employee experience at the forefront. It focuses on a number of challenges that we have to shift focus to with a more distributed workforce:

  • How to deploy enhancements and changes without user impact give the supportability challenges of remote users.
  • Treating all devices like they are external and validating their access at every step of the way.
  • Delivering a platform that focuses on collaboration and bringing people together despite being so far apart physically.

What do I think Anywhere Workplace Really Means?

One of the things that I struggle with is straddling the fence between being a technologist, a customer advocate, and supporting an organization/platform that I am heavily invested in. I’ve written several articles over the years that look at a “marketing-esque” offering like Zero Trust or Intune Integration and focus on the spirit of the idea. Let’s take some time and talk about what I think the spirit of the Anywhere Workplace means.

Manage the Multi-Modal Employee Experience

The whole “multi-modal” thing is sort of wordy, but let’s think about it like “different platforms.” I think it’s simply saying someone may access an application from a PC, an Android, a Chromebook, etc. VMware envisions leveraging a few of their technologies like Workspace ONE Intelligence, SD-WAN, Horizon, and Workspace ONE UEM to deliver on this goal.

How can Multi-Modal Be Achieved?

When we look at the real world, it may be feasible for all companies to go out and buy SD-WAN, Intelligence, Digital Employee Experience Management (DEEM), etc. I do believe that we can achieve a subset of it today with your standard customer running Workspace ONE UEM Enterprise. Let’s call in Anywhere Workspace LITE.

A few of the things that you can do today to empower a solid multi-modal experience are:

  • Leverage Workspace ONE Sensors to collect data that impacts the employee experience e.g. monitoring their Office Client version or if specific printers are installed on their computer and run scripts/install profiles based on conditional statements.
Evaluating Intune against Workspace ONE UEM: Windows Edition - Mobile Jon's  Blog
  • Leveraging App Volumes in Horizon to build Horizon Web Apps
  • Using Workspace ONE Intelligent Hub Services to send notifications and commit to user happiness even in difficult times:

Better Secure the Distributed Edge

VMware is heavily touting leveraging zero trust to help secure the distributed edge coupled with Carbon Black and SASE. This is certainly a daunting situation for many companies given the investment required for both of these platforms. Some may already have Carbon Black, but I think overall it can be hard to achieve from the outset, but I am going a slightly different way with it.

How We Can Better Secure the Distributed Edge?

I really like the idea of leveraging SASE and Carbon Black to build a strong defense against the attack plane. I’m going in a slightly different way to secure my distributed edge fronted by two main technologies: Workspace ONE Access and the Unified Access Gateway.

A few of the ways we are making this happen are:

  • Transitioning PCs from Kerberos to Certificate-Based Authentication with Device Compliance powered by Workspace ONE Access and enforcing it at all networks and all apps:
  • Leverage UAG 2103 capabilities to enforce certificate authentication prior to SAML passthrough authentication.
  • Capitalize on your existing integrations, such as Cisco NAC integration to enforce zero trust at the network level, NSX segmentation, or your current EDR solution to strengthen your attack surface in similar ways.
  • Remember that you may have existing potential to secure your cloud-based web security e.g. Office 365 E5 customers can leverage Microsoft Cloud App Security, Azure AD Conditional Access, and more.

Automate the Workspace

VMware’s ideas around automating the workspace we discussed in some of these previous sections. Workspace automation is driven by WS1 Intelligence and Freestyle Orchestrator, which is coming very soon.

I think their ideas hit it right on the head, but we can do even more:

  • Build User Groups driven by LDAP queries to collect groups of users together
  • Continue to focus on building sensors as they will be leveraged heavily in Freestyle Orchestrator
  • Get the most out of WS1 Intelligence by using Mobile Flows, Reporting, Sensors, and CVE remediation
  • Measure twice and cut once! These capabilities are powerful, but if they are not deployed properly people will feel it. We see this mistake a ton with Windows. Make sure you slowly build in features for your deployments and don’t take the big bang approach!
Nickofferman Boom GIF - Nickofferman Boom Funny - Discover & Share GIFs

Final Thoughts

Honestly, I can’t say enough about how honored I am to be speaking at the Anywhere Workspace event. This is a special time right now and we have a great opportunity. Working from anywhere is only successful if we deliver security through obscurity, great user experiences, and harmonious synergy across all of our technologies. I don’t care if it’s VMware, Microsoft, or Hello Kitty it MUST all work together for us to be successful and make us IT heroes.

Leave a Reply

Scroll to Top
%d bloggers like this: