This is the second article in our secure access blog series. If you haven't yet read Yanlin's introductory piece explaining the foundation and vision for our secure workspace, you can find it here: Transforming Secure Access with Splashtop Secure Workspace. You can also find the third article in this series here: Transforming Secure Access — The Splashtop Secure Workspace Admin Experience.Solving Real-World Problems with Splashtop Secure Workspace
In my prior article, I laid out the fundamentals of the comprehensive architecture of Splashtop Secure Workspace. Now, we'll examine how that architecture tackles real-world access challenges experienced by our customers. I'll also demonstrate how traditionally complex IT problems can be effortlessly handled thanks to our robust foundational framework.
In my next article, I'll spotlight the unique capabilities of our Secure Workspace solution through a closer look at select facets of our user interface. But first, let's take a look at four real-world problems Splashtop Secure Workspace resolves.Example 1: Streamlining Employee Onboarding and Offboarding
Challenge: How can we simplify the IT process for onboarding new employees, granting them access to essential applications, and quickly revoking this access when they leave the organization?
From customer feedback, we understand that it can often take weeks for new hires to get access to all the applications they need to start being productive. Even though single sign-on (SSO) systems like Google Workspace or Microsoft Azure AD (now Entra ID) can authenticate web applications, they don't make it easy for employees to locate these applications. Moreover, there's no straightforward solution for on-prem apps commonly used by accounting, finance, and engineering, especially those that depend on custom desktop clients.
Easing Onboarding with Splashtop
Splashtop Secure Workspace turns user onboarding into a seamless and automated process, achieved through login activation on our Workspace or via existing SSO credentials. We instantly provision the employee’s personalized workspace with applications, along with policies governing network access, client posture, and credential management, enabling instantaneous usage from anywhere, be it the office, home, or on the road.
Additionally, Splashtop Secure Workspace accommodates employee-owned devices in bring your own device (BYOD) scenarios by offering browser-based and mobile access to SaaS applications. We support popular desktop sharing protocols like RDP and VNC and remote access protocols including SSH and Telnet.
Simplifying Application Discovery and Launch
The Secure Workspace desktop displays all applications users are entitled to from a single user interface, allowing users to see and securely connect to any applications with a single click. Applications include SaaS and enterprise network (non-web) applications, including those that are on-prem or in a private data center.
The Secure Workspace enhances the networking experience by connecting to one of many Points of Presence (PoPs), enabling content delivery more quickly and efficiently. A built-in password manager eases access by automatically filling in target resource credentials and enabling IT to enforce strong passwords and use of multi-factor authentication (MFA). Moreover, IT administrators can tailor the application launch process according to their preferences, such as auto-mounting SMB shared drives upon connection.
Fast and Thorough Employee Offboarding
When it’s time to deprovision users, Secure Workspace provides a single control point to revoke access across all user devices and applications, offering peace of mind for IT and HR departments.Example 2: Secure, VPN-Free Access Across Hybrid and Multi-Clouds
Challenge: How can we ensure employees have secure access to private applications (web or custom clients), whether on-prem, in remote branch locations, in private data centers, or within virtual private clouds (VPCs) such as AWS, Microsoft Azure, or Google Cloud Platform?
Typically, accessing private applications and resources like network file shares requires VPN setups across these locations. However, VPNs expose entire sub-networks to all remote users, increasing the risk of cyberattacks and theft of valuable data. In complex networks, IT teams sometimes use multiple VPN clients, or a single client with a list of different VPN gateways to choose from, creating confusion amongst users.
Improve Reliability and Security with an Alternative to Legacy VPN
Secure Workspace provides a software connector that enables the secure access of private applications and resources by employees. We support multiple connector form factors – from a simple Windows, Mac OS, or Linux application to Docker containers, Kubernetes containers, virtual machine, or Raspberry Pi.
These connectors can be installed in a cluster to support load balancing and high availability. Once installed, the connector securely links to one of our PoPs, minimizing the attack surface exposure of your corporate assets to potential attacks.
Any application that is accessible via an installed connector (or cluster of connectors) can now be added to your employee’s Secure Workspace. With just one click, the relevant client or browser window is launched, simultaneously establishing a secure connection to the private application. This simplified user experience remains consistent whether the private application or resource is installed on-prem, in private data centers, or in VPCs in public clouds.
Overcoming Complex Network Topologies
Splashtop Secure Workspace makes light work of complex networking setups that often confound VPN configurations. Our inside-out connection architecture functions effectively in environments featuring multiple layers of firewalls, routers, and across network address translation (NAT) zones, transparently handling overlapping IP ranges.
Developers don't have to decide which VPN endpoints to use when connecting to different servers across various clouds that may share identical IPs. With Splashtop Secure Workspace, it's as simple as point, click, and connect. Plus, developers can connect to all these servers at the same time – a feature not possible with VPN setups.Example 3: Secure and Convenient Third-Party Access
Challenge: How can we grant non-employees (such as auditors, contractors, and vendor support) temporary access to private corporate resources in a safe, secure, and auditable manner?
Providing secure third-party access is a significant IT challenge. The process typically involves creating temporary accounts, helping the third-party install VPN clients, setting up VPN access to the target resource, and then dismantling the entire setup once access is completed. Despite the effort, this method often leaves a weak audit trail.
A Holistic Approach to Third-Party Access
Secure Workspace provides a comprehensive solution for secure third-party access. Organizations can provide secure and controlled access to external parties, combining credential management, web browser support for remote protocols, secure network access, and session recording into a single solution.
Applications can be shared with contractors or auditors via a simple access link protected by a passphrase (sent through a secure channel of the user's choice). External users only need a popular supported browser (Chrome, Edge, Safari, Firefox) to access the link, enter the passphrase, and gain access, without any need for VPNs or access control list (ACL) configurations. Plus, IT administrators can assign different privileged roles for access without having to provision temporary users.
Optimal Assurance with Fine-Grained Controls
Understanding the potential security risks that come with enabling third-party access, we have incorporated multiple safeguards. IT administrators can define conditions such as schedules (to restrict after-hours activity), passphrases, or other criteria to further control and restrict access.
Administrators maintain full visibility and control over these shared access links, ensuring compliance and security. They can disable access links at any time for security reasons and can instantly terminate ongoing sessions. Every access event is logged, and Secure Workspace offers the ability to record every access session as a video file for subsequent audits.Example 4: Leveraging IT Automation for Consistency and Efficiency
Challenge: How can we improve IT efficiency in managing remote access and reduce errors through automation?
Many IT organizations grapple with budget constraints, prompting forward-thinking IT administrators to turn to automation. However, most traditional access solutions do not support external Application Programming Interfaces (APIs) and are not designed for automation.
Embrace the Future with Automation with Splashtop Secure Workspace
Splashtop Secure Workspace delivers modern automation capabilities, giving IT administrators the power to automate remote access to designated resources and systems in a safe, efficient manner. Our rich APIs and Command Line Interface (CLI) tool empower administrators to automate a variety of remote access components.
These comprehensive APIs ensure seamless integration between Splashtop Secure Workspace and your organization's existing systems and applications, forming a cohesive IT infrastructure.
Maximize Efficiency and Reduce Errors with Splashtop Secure Workspace Automation
By harnessing these powerful APIs, IT administrators can interact programmatically with Splashtop Secure Workspace, automating essential tasks like provisioning access, managing authentication processes, and configuring resource settings. This integration with existing systems streamlines workflows, boosts operational efficiency, mitigates human errors, and enhances productivity.
In addition, our CLI tool expands the scope of automation even further. IT administrators can use the tool to form secure connections to remote targets, enabling them to invoke services or execute commands on remote systems, just as they would with local network automation.What's Next? Explore the User Experience with Splashtop Secure Workspace
We've explored a variety of use cases for Splashtop Secure Workspace, demonstrating how we address the major challenges that IT teams face today. We hope these insights inspire you to think about how we can assist you. To be among the first to experience Secure Workspace, sign up here.
Our next post delves into the specifics of our product and its unique features: The Splashtop Secure Workspace Admin Experience. To be alerted of more upcoming posts, consider signing up for our newsletter.