Amazon WorkLink aims to simplify secure mobile device access
Amazon WorkLink enables users to access behind-the-firewall content with their mobile devices and helps eliminate cumbersome VPN and mobile device management setups.
AWS this week planted a fresh flag in the end-user computing market with a managed service that employees can use to securely access corporate intranets and web applications with their mobile devices -- without a VPN connection or MDM setup.
Amazon WorkLink does not require a virtual private network (VPN) connection or specialized browser, but workers must download an app to their phones. Once there, it works with existing browsers on the device to provide secure access to behind-the-firewall content. IT admins can control which internal content is shown on the mobile devices. WorkLink uses AWS' compute and networking infrastructure to re-render the content with vector graphics and send a fully functional, graphical representation of it to users' devices, according to AWS.
WorkLink's architectural approach doesn't shortchange how users can work with internal corporate data on their devices, according to AWS. The vector-graphics-based representation of content is fully interactive, with the ability to scroll, type and zoom.
Moreover, customers don't have to stand up and maintain their own VPN and mobile device management (MDM) software for secure mobile access, which eliminates potentially cumbersome measures such as access fobs, one-time passwords and custom browsers. It also reduces security risks since the rendered information is not saved to devices' persistent storage or held in a cache.
AWS WorkLink is available now in North America and Europe, priced at $5 per active user per month, and other regions will get access later this year.
Traditionally, VPNs and MDM integration is complex and costly and often involves multiple vendors. Integrating VPN and MDM-like capabilities in a single managed service with per user pricing helps companies avoid those types of logistical and financial challenges, said Brendan Caulfield, managing partner and chief revenue officer at AWS consulting firm ServerCentral Turing Group in Chicago.
Amazon WorkLink is, of course, AWS-centric, but it should appeal to companies that work closely within the AWS Management Console to extend their existing identity management practices, Caulfield said. "This simplifies the deployment of these capabilities and will likely become a go-to component of most, if not all, AWS deployments for companies without preexisting security practices."
AWS pitches secure mobile access option, but caveats apply
Amazon WorkLink should fill a need for businesses that don't want to fully manage employees' personal devices but still want to give them behind-the-firewall access, said Phil Hochmuth, an analyst at IDC. "It gives enterprise mobility teams another option between the unmanaged and highly secured approaches," he said.
[WorkLink] gives enterprise mobility teams another option between the unmanaged and highly secured approaches.
Phil Hochmuthanalyst, IDC
But WorkLink may not be for every company, particularly ones in highly regulated industries that rely on traditional VPN and MDM infrastructure to ensure full compliance and security. For example, WorkLink doesn't necessarily address remote device wipes, app whitelisting and blacklisting, app containerization and data loss prevention, Hochmuth said.
WorkLink reflects AWS' rapid expansion into the realm of employee experience, and complements its services for virtual desktops and application virtualization that address broader customer use cases in enterprise workspace management. But that also adds another caveat for customers to consider.
"This is security, content access, and more importantly, a mobile entry point," said R "Ray" Wang, founder and CEO of Constellation Research. "The challenge here is that organizations are being slowly locked into AWS, and they need to find an approach that allows them to support a multi-cloud strategy."
