Pulse Secure PulseWorkspace
September 01, 2015
£57 per year per user.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Solid endpoint security deployment for mobile devices. Preserves the user experience, does not interfere with typical device use while still protecting data.
- Weaknesses: We would like to see a bit more MDM implemented.
- Verdict: If your organisation allows mobile devices – especially BYOD – take a close look at this one. It can prevent a lot of pain.
PulseWorkspace is just for mobile device endpoints. It functions on iOS or Android and, as we are seeing more frequently, it depends on containerisation. This is a cloud offering and is policy controlled. The management console is web-based and user instances are role-based. Apps to be protected are selected by the administrator. These then are placed into the containerised workspace and are not modified, ensuring that the user experience is uniform whether or not the application is containerised. Once policies are provisioned on a device, host checking is performed at the Pulse Connect Secure gateway to ensure that devices are compliant with enterprise security standards before they are given access to the enterprise datacentre and cloud resources. Host checking rules include jailbroken/rooted conditions and OS version.
The Android version - Android for Work - encrypts data at rest and in motion. Both applications and their data may be containerised. VPN uses certificate authentication and there are DLP options that allow work sharing while preventing unauthorised data exfiltration. Enterprise access to Google Play, along with the choice of separation of personal applications from corporate apps, makes this an excellent choice for organisations considering BYOD. Email may be configured as part of the Android deployment and there is a VPN for protected applications on a per-app basis. Validating against organisational policies ensures that the device is in compliance and has not been rooted.
While the iOS version of this service is a bit different in look and feel from the Android version, the functionality is pretty much the same - with most of the differences being the result of differences between iOS and Android. Like Android, the iOS version offers encryption for both data at rest and in transit. The VPN technology is the same and the implementation - certificate authentication - tracks as well.
DLP is a bit more diverse in the iOS version, however. Safari domains are protected from unauthorised data leakage as are email and web domains. Also, unlike Android, personal applications may also be managed and, of course, sharing of data is managed as well. In the iOS version, all applications - whether personal or business - are containerised. They always are kept separate and you cannot be in a personal application at the same time you are in a business app. Although there is some mobile device management capability, full MDM is not implemented. Rather, only the necessary aspects for protecting the mobile endpoint are in place.
The user experience is consistent with non-Pulse protected devices. The PulseWorkspace appears as an icon on the desktop. When tapping the icon the user is presented with the Pulse login screen, which in turn presents the Pulse desktop. Within the Pulse desktop are the managed applications that the user needs. These can be dragged and dropped on the device desktop to maintain the familiar user experience.
Personal file sharing is equally simple and secure. First, the user opens the personal downloads app and selects the document to open. Finally, the application needed to open the particular document is selected and only personal applications are available.
Business file sharing is done the same way except that the Workspace version of the download app is used. In this case, only the enterprise version of the document reader is available. For this function everything goes through the Pulse VPN.
Deployment is straightforward. The administrator defines users at the admin console. Then users can self-register. When the user opens the PulseWorkspace application for the first time provisioning occurs automatically. Android and iOS function slightly differently but the outcome is the same. The user then sends an email to the administrator over the corporate email system. This results in a registration email with a first-time password.
This service is priced about the middle of the pricing structure for similar applications, and basic support is included by phone 24/7. The website is solid and the documentation is good as well. Overall, a very good example of endpoint security for mobile devices.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report