As a Senior Product Owner here at Venn I get asked a variety of questions about our secure remote workspace, often revolving around the same concepts or fundamental aspects of the product. With most users accustomed to slow, clunky legacy VDI experiences, Venn’s unique set of features and capabilities represent deviations from the way most of us are used to working- and that’s exciting! My goal today is to tell you a little more about what makes our product unlike any other solution on the market, with features and capabilities designed to isolate and protect work from any personal use on the same computer. Without further ado, let’s get to breaking down the ten most commonly asked security FAQs about the Venn platform.
1. “Can users run any application they choose in LocalZone?”
Admins have the ability to allow users to only run certain applications in LocalZone. Venn’s configurable application policies control which applications are purposed for work, and only applications assigned to a user by an admin are permitted to run in LocalZone. Our application isolation tech prevents applications that are not purposed for work to run within the LocalZone, keeping work and personal separate on the same device.
2. “Can I prevent users from accessing data with unauthorized apps?”
Venn’s application policy settings allow organization admins to control which applications are purposed for work, and which are marked for personal use. Only applications assigned to a user are permitted to run and access data within the secure LocalZone enclave, as authenticated and verified via MFA by Venn or a 3rd party IdP.
3. “How is a user, malicious application, or virus prevented from accessing data outside LocalZone?”
All data in LocalZone is stored in an encrypted virtual drive on the local system that is only accessible by applications running within LocalZone. A device policy can be set to prevent access to LocalZone if a system is not configured with the required security software or settings. Finally, data access is contingent on consistent authentication and verification via MFA by Venn or a 3rd party IdP.
4. “How can a user safely and securely use the same application for both personal and work purposes?”
LocalZone isolates work application settings, configurations, and user preferences by creating both a personal profile and a work profile for every app. It has robust built-in DLP policies that prevent users from moving company data outside of the LocalZone, including saving files to unauthorized locations, copy/pasting of data, and taking screenshots. All the data in the LocalZone is always encrypted and not accessible to any applications outside.
5. “Can I prevent users from using unauthorized browser plugins?”
With custom browser policies your organization can control which plugins are allowed or blocked inside LocalZone. These policies can be modified to either force the installation of allowed plugins, or disable blocked plugins. Additionally, these custom browser policies can restrict install sources for plugins to ensure users are downloading them from a trusted location.
6. “Can I prevent browser features such as, saving passwords and autofill of data from being used?”
Yes, you can change and modify your organization’s browser settings from within the admin center! Customizable browser policies control all browser settings, and be changed to fit organizational requirements. These browser policies can be set at the user level OR the group level to support different browser policy needs per employee or function.
7. “How is user privacy maintained when using a device for personal tasks?”
Protecting user privacy is a pivotal component of the Venn platform. Personal use of applications, web browsing, and files is isolated from all work usage, happening outside of the LocalZone. Only activity related to local and web applications that are actively being purposed for work is monitored. That means when you don’t see the blue badge and border around your window it isn’t visible to your company. Users can also access a real time activity log that shows all the information that their organization is tracking. Administrators see the same information, and do not have access to more information than what the user sees.
8. “How is data transmitted over the network secured?”
Protecting a device without protecting the data it’s sending out is risky, and exposes your organization to theft or leakage. Data coming in and out of LocalZone, and to and from all applications, can be forced to use a private company gateway built into Venn. Also, Venn is integration-ready to support a variety of existing 3rd party SASE/VPN solutions, so if your organization is already using other tools for network security you’re in luck! Venn encrypts the connection between the protected device and the PCG, and all LocalZone traffic is isolated from all other network traffic coming from that machine.
9. “How is access to web applications secured?”
Venn’s built in PCG protects web applications seamlessly and consistently. The PCG provides a custom set of IP addresses specific to the organization that all traffic from inside LocalZone is routed through. If IP filtering is supported by the web browsing application your organization uses, these custom IP addresses can be set to restrict access from everywhere except from LocalZone. And again, if you have a preexisting VPN or other network security solution it can be seamlessly integrated with Venn.
10. “Can I disable or override DLP controls like screen sharing by modifying registry keys or altering applications or system files?”
We’ve built LocalZone to be workaround proof. What does that mean for your organization? Policy controls are not stored locally in a file or in the registry, meaning they’re not locally accessible and modifiable. Policy settings for the device, DLP, applications, web and more are stored in our cloud backend and are only accessible by the company admin. That means a single point of control and organization for all your policies. Policy settings are securely pushed to the client when they log in, meaning they’re easy to update and quick to deploy.
Moving Into the Future with LocalZone
Hope these top 10 FAQs have resolved some of the questions you may have had about Venn and LocalZone, we’re excited to talk more about what makes our secure remote workspace unique and a departure from VDI. We at Venn are building a product made for the modern balance of work + life, not the old dynamic where the two were separated by physical spaces. Instead, we see a future where they can coexist seamlessly on one device, making both work and personal use of a computer easier and less restrictive than ever. If you want to revamp the way you protect your sensitive data sign up for a demo here, or if you’re still curious about the changing world of work go ahead and read our CPO’s blog about the second IT transformation.
