Venn’s Blue Border™ is the first purpose-built software for securely enabling BYOD workforces. Similar to an MDM solution but for laptops – work lives in a company-controlled Secure Enclave installed on the user’s PC or Mac, where all data is encrypted and access is managed. Work applications run locally within the Enclave – visually indicated by the blue border – isolating and protecting business activity from any personal use on the same computer. Company data is secured without controlling the entire device while guaranteeing end-user privacy for everything outside Blue Border.
Venn has the following core components that enable you to secure your company data:
- Secure Enclave: a protected area installed on each user's device within which work applications run locally
- Venn Disk: a virtual, encrypted, local profile store that is created on the user's device to store data related to work applications and enable secure access to files in the cloud
- Private Company Gateway: a gateway specific to each customer that ensures all traffic emanating from the Secure Enclave is isolated and encrypted before being routed to its destination
- Device Policies: Security Compliance Checks that you can recommend or require users' devices pass to use Venn in order to prevent users from accessing company data on devices that do not meet your organization's security standards
- Data Loss Prevention Policies: policies that you can put in place that restrict what your users can do in Blue Border in order to prevent company information and files with sensitive data from being lost, misused, or accessed by unauthorized users
Learn how Venn works for end users.
Secure Enclave
Venn's Blue Border establishes a protected area on each user's device designed to securely store and process work data called the Secure Enclave. The Secure Enclave operates in isolation from the rest of the system to ensure that even if the operating system or other software is compromised, the data in the Secure Enclave remains safe.
Venn enables users to access work applications within the Secure Enclave, ensuring that corporate data and applications never leave the organization’s control.
Unlike Virtual Desktop (VDI) solutions, applications are launched locally within the Secure Enclave, not remotely delivered, providing optimal performance and a familiar experience for users.
Any work apps or websites that users launch from the Venn app will open in the Secure Enclave with a blue border around them. The border provides a visual indicator to users that they are in “work mode.”
Venn Disk
When a user installs Venn’s Blue Border, a virtual, encrypted, local profile store is created on their device called Venn Disk. Venn Disk is where all of the data related to the applications they use in Blue Border is stored, including application data, registry settings, and cached files. Venn Disk is only accessible within the Secure Enclave when the user is logged into Venn.
In addition to storing application data, Venn Disk enables access to work files securely stored in the cloud. Users can access, work on, and save files stored in the cloud directly from their File Explorer or Finder when they are working in Blue Border. When they are working on a file saved in the cloud, a version of that file will be stored in cache on Venn Disk. It feels to the user like they are saving the file locally, but they are actually saving it securely in the cloud.
Learn more about Venn Disk.
Private Company Gateway
The Private Company Gateway (PCG) ensures that web traffic from applications, websites, and files open in Blue Border is encrypted and secure when being routed to and from external networks such as the public internet or the company’s corporate network. Venn sets up a PCG endpoint for each customer in AWS and the PCG edge router inspects and filters traffic before forwarding it to and from the public internet.
Venn’s network setup provides a secure path for data between the encrypted Secure Enclave within the user network and external networks. Venn can also work in tandem with your company’s network and security stack. These products and services can be configured to allow access to your company’s PCG and Venn’s APIs to ensure that network traffic can be routed optimally.
Each user’s personal web traffic follows the normal path to connect with the public internet when Venn is installed on their device. Neither Venn nor the company has access to this activity.
Learn more about Venn's network connectivity.
Learn more about the Private Company Gateway and how you can manage your network resources.
Device Policies
In order to ensure the security of your company data, you can configure Security Compliance Checks that you can recommend or require users' devices pass to use Venn. When users log in, Venn checks their devices against the Security Compliance Checks that you have configured to ensure that it is compliant before they can gain access to their work. You may choose to put these policies in place in order to prevent users from accessing company data on devices that do not meet your organization's security standards.
Security Compliance Checks include ensuring that antivirus software is installed and working on the device, firewall and encryption requirements, required passwords and screensaver settings, and more.
Learn more about Device Policies.
Data Loss Prevention Policies
Data Loss Prevention Policies (DLP) are policies that you can put in place that restrict what your users can do in Blue Border. You may choose to put these policies in place in order to prevent company information and files with sensitive data from being lost, misused, or accessed by unauthorized users.
DLP policies can control which applications can run inside Venn, where data can be saved, and actions such as copy/paste, screen sharing, and printing.
Learn more about Data Loss Prevention Policies.