I am far from a techie Nostradamus but there is something I am pretty confident in because to me it’s not really a prediction, it’s already the reality. Most users do not need or want a virtual desktop. The apps are where it’s at!
How many of us have worked in organizations where certain departments in IT were allowed to select whatever device they want to work on and mostly choose a Macbook Pro or iMac? Get outside of IT departments, how many of us have worked in healthcare and dealt with Doctors who want to use their personal Mac and nothing else? What about those who work in sales and spend most of their time off-site and chose to pick up an iPad Pro and only want to carry that around?
Many reports from organizations and from tech publications have stated millennials and those in Generation Z have even greater expectations of using their device of choice compared to predecessors. Mobile Device Management and Mobile Application Management products such as InTune have become more widely used to not just manage company phones and tablets but also ensure data protection and to enable workers to access their e-mail and other applications from their own personal devices.
An issue we had at my last workplace was that the new staff coming in didn’t effectively communicate via e-mail. Their preference was to use a mobile device for communication, not a PC. My wife hasn’t had a computer in over 2 years. She does everything (slowly!) from her iPhone and is happy to do so. When she encounters a site that doesn’t work well on mobile or needs an application on a PC, I usually have to help her through it. If an employer wants to get the best out of her for communicating, they should let her use an iPhone.
I recently saw an executive in a tech company claiming published applications were past their expiration date and that nobody wants them anymore. In my experience, that’s not true. When COVID hit, I found while we made a full desktop available to all remote workers, most preferred to just use their key applications via published apps. And to me that makes sense. Who really wants some restrictive desktop controlled by your IT department when you could use your own personal devices that you control and can customize to your heart’s content and just consume the enterprise apps you need, as you need them.
Do I think published apps are the future? In a way, I think it’ll be a big part of remote work going forward but maybe not the traditional published apps we all know and use today. As time rolls forward, we’ll have less and less full traditional Win32 applications. Most of us are already seeing some of our enterprise apps moving toward a SaaS app, most often a web-based SaaS app.
Microsoft’s biggest win in these COVID times has been Teams. Of course, it serves a purpose that is sorely needed right now but it’s also a cloud app. Your employees who work at a home on their Mac, iPad or PC with their published apps can just run Teams right on their device – no need to redirect microphones, enable audio optimization or install an extra client on their device. They can use it directly on their device and have the best audio and video quality possible without consuming valuable company resources. With Office 365, they also get their e-mail on their device too. If they use a softphone like Cisco Jabber, you can enable them to use Jabber right on their machine too. It’s a cloud service.
When the day comes – and it will – when 60%, 70%, 80% of the apps your users need are cloud apps, then why would you need to continue to provide and support a full desktop? One potential stumbling block is file-level access with things like mapped network drives. While the cloud apps tend to allow you to write to cloud storage, those other Win32 apps you continue to rely on may not support writing to services like OneDrive or Sharepoint Online.
I envision a workspace that allows me to use my cloud apps right on my personal machine, to also be able to run my Win32 enterprise apps as hosted published apps, but also critically have file level access to documents and other files I need seamlessly within my apps and from my device.
I can get all of this accomplished with Cameyo. I can empower my users to run their Jabber and Teams right on their device for the most optimal performance possible whilst also running their Win32 apps as published apps from the Cameyo portal AND crucially, I can provide file level access from their device and within all of their published apps seamlessly. No clunky workflow of going between browser to desktop to published app and back and forth. Cameyo provides so many options, you can achieve the best workflow for you and your users.
Not only that but Cameyo is so flexible that I can avoid vendor lock in by integrating multiple different public clouds like AWS, Azure and Google Cloud Platform plus a variety of cloud storage solutions like OneDrive, DropBox, GoogleDrive etc. There’s even support for a custom drive within Cameyo that presents pretty similarly to a traditional file share or mapped network drive for ease, which can also help accomplish the optimal seamless workflow I just mentioned.
Aside from just avoiding vendor lock in, which is a smart business strategy, the various different integrations within Cameyo can also provide flexibility for organizations who acquire other organizations with frequency or those looking to do mergers. It can be a real challenge onboarding a startup who only uses Okta, for example, into an organization who supports published RDSH apps and virtual desktops. Cameyo supports Okta authentication, it supports traditional AD and Azure AD, plus has the wide range of integrations of cloud services that I listed previously – reducing some of the challenges typically faced in these scenarios.
Of course, with an embrace of greater flexibility for your remote workers, it also means some different challenges when it comes to security. Not necessarily greater challenges than with traditional remote access solutions but a little different. When you work with Azure for example, when you start building out your tenant, if you go creating VMs willy nilly, you are exposing those machines on the public internet. You should create a virtual network and then much like with traditional firewalls on-prem, if you create a virtual network in the cloud you need to ensure you have rules in place to allow remote access.
Managing networking\firewall rules for all remote users in the Azure portal is kind of a pain in the neck but a necessary effort. What is not very cool about it though, is it’s a static rule. When your users are not in an active RDP session, the RDP is still always available to their IP which can present significant risk for brute force attacks and Ransomware.
Cameyo has a powerful feature called RDP Port Shield that provides a more intuitive admin experience for managing the IP allow list AND it effectively closes off the RDP port whenever the user logs off from the desktop.
While I feel that VPNs still have limited uses for certain workflows, it should not be anyone’s primary remote access solution. Particularly on personal devices, it is extremely dangerous from a security perspective but even on corporate devices it poses risks. There have been multiple high profile vulnerabilities and attacks launched via VPN-related vulnerabilities in the last 18 months. Not only is it not attractive from a security perspective, when not setup optimally the VPN can lead to really bad end user experience with bandwidth getting crushed by a handful of heavy users. When everyone rushed to work from home all at once, those unlucky enough to be on VPN were particularly hard hit with performance issues.
Cameyo NoVPN allows you to empower your users to run their cloud hosted applications, on-prem hosted applications and cloud SaaS apps via HTTPS ensuring none of your corporate assets are exposed to your user’s home network Gremlins and Goblins.
Cameyo provides your organization and IT with the flexibility and security to best serve your employees, regardless of what devices they want to use. Cameyo also provides your users with the apps they need AND, most importantly, with the experience they want.