Hello again from another VMworld! It was an exciting show filled with informative breakout sessions, illuminating meetings with VMware execs and vendors, and expo hall time.
We’ve already lightly touched upon the end user computing announcements as part of the Monday live blog, so I’m going to dive deeper into what interesting stuff I learned about the latest in Workspace ONE, including a focus on the employee experience, the planned Carbon Black acquisition, and more.
A push toward employee experience in Workspace ONE Intelligent Hub
Despite how one might feel about how well-represented EUC was during the opening keynote, there was still plenty of EUC news to go around. Let’s start off with Workspace ONE Intelligent Hub.
Workspace ONE Virtual Assistant, using IBM Watson
The Hub will get its own virtual assistant, but thankfully it’s not a new one joining Siri, Alexa, etc.; rather they’re integrating IBM Watson. I spoke with VMware product manager Tony Kueh, who explained that they went with Watson because it was designed for enterprise use unlike other digital assistants which are more consumer focused. VMware originally announced the Virtual Assistant as a proof of concept at IBM Think, but found that customers were really enthusiastic about it, especially healthcare customers, since Watson already understands a library of healthcare-focused acronyms.
The Virtual Assistant is aimed at improving the onboarding process and handling common questions users have. Customers will have to “educate” Watson themselves by providing it access to internal documents—think along the lines of all the employee handbooks and “how to reserve a conference room” documents that HR gives you on the first day. Tony says that organizations don’t need a developer to get Watson up and running and that it should only take a few days; VMware had a product manager test it out. Additionally, Watson can draw upon Workspace ONE data to get up to a common baseline for functionality
It's yet another assistant and none of the others have exactly caught fire in the enterprise, so we’ll have to wait and see if employees use this one or not. Jack and I would definitely be interested in giving it a try ourselves.
Digital Employee Experience Management
VMware, along with other companies, have recently pushed for improving the employee experience as a way to reduce turnover and other issues, now culminating in Digital Employee Experience Management. It leverages previously built technology from Workspace ONE as well as tech from Apteligent, which should be fully integrated into Workspace ONE Intelligence by end of the year, according to product manager Andrew Levy (and former Apteligent CEO). Apteligent provides application performance and crash analytics.
Digital Employee Experience Management, which allows IT to proactively tackle issues (including in the field, leveraging the AetherPal purchase), review a breadcrumb trail to understand why an app crashed and what led up to it, and eventually a user experience score, is currently in early release for existing Workspace ONE Intelligence customers.
Andrew noted that VMware has already been able to see and review data around mobile experiences, so now they’re expanding to desktop with a focus on Windows 10. The product allows admins to see application hangs and crashes alongside blue screens and device health information.
Mobile Flows is now a little over a year old, so where is it now? VMware first introduced it as part of Boxer with some functionality within the Intelligent Hub, and now it’s integrated into the newly announced Virtual Assistant.
Product manager Tony Kueh explained that the goal with Mobile Flows is to provide everything, from architecture to back-end systems to make it easy to use and not require companies to have to develop anything themselves. The only thing admins need to do is to create the Mobile Flow templates that are relevant to their workflow (which is still a lot of work, admittedly).
One interesting potential aspect of Mobile Flow is around security. During a session on designing zero-trust architecture, speaker Peter Bjork from VMware, explained that he could see a way to use Mobile Flows that allows limited functionality of an app without giving users full access to said app. Maybe their risk is too high or as a way to remediate an elevated risk score. Tony explained that while Mobile Flows is primarily designed for employee experiences at the moment, VMware is exploring its various use cases and maybe we’ll hear more about security down the road.
Workspace ONE Intelligence
The latest focus on security that VMware has pushed out is “intrinsic security,” which says that security shouldn’t be an afterthought but integrated in every organization from Day One.
My one disappointment is that the Trust Network didn’t see much change in the year-long period since VMware announced it at VMworld 2018. Three integrations (Carbon Black, Lookout, and Netskope) went GA this year, but that’s the extent of all the news surrounding it so far. They’re still working on it, so maybe I am expecting too much. But, I might not be the only one. During the Q&A portion of a session on the Trust Network, an attendee walked up to the mic and asked incredulously if 11 is all the partners they had right now; his confusion stemming from seeing a slide on how many security vendors there are (maybe don’t show that anymore?).
I spoke with VMware’s Andrew Levy who said that more integrations were on the way, of course, with the current focus on EDR and CASB. Next up, they plan to release ones around next-generation firewalls, but no timelines provided. Additionally, while the first 11 selected were design partners and ones that were “closer to home,” he said they do plan to open it up to the broader ecosystem in time.
Carbon Black acquisition
News broke late last week that VMware planned to acquire security vendor Carbon Black for $2.1 billion. (one of two planned acquisitions VMware made mere days ahead of VMworld 2019.) The two companies previously partnered up for Carbon Black Defense for VMware in Q2 2018, which took the Carbon Black agent and augmented it to work at the hypervisor level. Then, at VMworld 2018, VMware announced that Carbon Black would be one of the initial partners for the newly unveiled Trust Network, with their integration going GA this week.
I spoke with Carbon Black CTO Scott Lundgren to learn more about the enterprise security vendor and what plans the two companies might have going forward. (Given the acquisition isn’t official, things are somewhat speculative here.) Company has been around for seven years (with a somewhat complicated history allowing for some to consider it nearly two decades old instead) and they have about 1,200 employees. Carbon Black Defense was their first product, with an additional four debuting over the past year.
At the current moment, Carbon Black works with Windows, macOS, and Linux, with their agent capable of working across workloads, datacenter servers, and end user endpoint devices. While Carbon Black doesn’t yet work on mobile, it’s not hard to see that could change by integrating their agent into Workspace ONE / AirWatch. Scott explained that Carbon Black has created mobile prototypes, but the hard part is the delivery vehicle, which is where VMware could come into play.
Carbon Black will continue to exist side by side with VMware, keeping their name and brand and operating as a discrete business unit, with their CEO leading it. Scott said they will keep some of their existing business relationships, with one specific example being with incident response organizations.
User and Device risk scores
Admins get even more insight into their users and devices with the newly announced User and Device risk score (it's not a numerical score, but rather a designation between low, medium, and high risk), which complements the Workspace ONE Intelligence current Risk Analytics capabilities. They can use this, alongside the identity and device compliance features of Workspace ONE Intelligence, to design automated actions when a user or device does something defined as risky. Take all the usual steps from requiring a step-up authentication method if the user does something seen as risky or go so far as to deny them altogether.
Okta Universal Directory integration
A smaller announcement, but one that caught our eye nonetheless was Workspace ONE integrating with Okta Universal Directory. The majority of organizations out there likely use Active Directory or G Suite, so Jack and I were curious about the most common use cases for UD. I posed the question to both Tony and Okta’s VP of product marketing, Joe Diamond.
They both had similar responses, explaining that one common use case is with companies that use a lot of contractors or seasonal employees. They might use AD on-prem for their employees, but don’t want to deal with enrolling short-term workers yet still want some control, which is where UD could come into play. Other use cases include newer, cloud-forward companies, companies looking for more integration options with HR software, or companies that just want UD to serve as an intermediary with on-prem AD.
We got a lot of announcements at VMworld, but Tony said that wasn’t even all the announcements they have, saying they held some back for VMworld Europe. Excited to hear more in a few months! And be sure to check out the latest BrianMadden.com podcast for even more VMware coverage.