In an increasingly cloud-based and mobile world, getting access to a company’s internal intranet, applications and data from outside the firewall can be a challenge for employees who often have to go through VPNs, custom browsers or other technological means. For the organizations themselves, such methods represent a costly expense and a security risk.

Now, Amazon Web Services is offering a fully managed cloud service that essentially will enable businesses to do away with VPNs. Instead, with Amazon WorkLink, employees can access internal intranets and other company resources from their smartphones, tablets or other devices though a single click. For companies, WorkLink eliminates the need to deploy and manage VPN or mobile device management (MDM) software and keeps the data secure by ensuring that it doesn’t end up on the end-user’s device.

“Amazon WorkLink gains access to your internal resources through a virtual private cloud (VPC),” Jeff Barr, chief evangelist at AWS, wrote in a blog. “The resources can exist within that VPC (for example, applications hosted on EC2 instance), in another VPC that is peered with it, or on-premises. In the on-premises case, the resources must be accessible via an IPsec tunnel, AWS Direct Connect, or the new AWS Transit Gateway. Applications running in a VPC can use AWS PrivateLink to access AWS services while keeping all traffic on the AWS network.”

Igloo Software’s Julie Forsythe

Julie Forsythe, vice president of technology for Igloo Software, says businesses and their employees will embrace such a cloud service for the ease of use, reduced complexity and costs — and greater security.

“Providing employees with secure one-click access to internal sites like company intranets or digital workplaces will be well-received by organizations, employees and IT departments,” Forsythe told Channel Futures. “Since rendering of the content is taking place on the WorkLink servers, it will allow for a friendlier user experience when loading traditional web pages on the mobile platform.”

Igloo is a software-as-a-service (SaaS) company whose cloud-hosted Digital Workplace Platform is designed to offer customers an intranet environment that more easily gives workers access to the information they need and a central way to communicate. Forsythe said customers use a single sign-on through a Security Assertion Markup Language (SAML) feature in the Igloo platform, which “greatly improves the overall employee experience by securely providing convenient access to company information, apps and resources, from any supported connected computer or mobile device.”

With Amazon WorkLink, all of a company’s content is rendered in browser that is housed in AWS, while employees can access the content through an app installed on their mobile device, all without having to deal with MDM software or a VPN, which come with usernames and passwords, custom web browsers and tokens. Accessing internal corporate data and applications remotely is made easier. In addition, the mobile devices don’t directly access the corporate network and sensitive information is not stored or cached on them, so if a mobile phone is lost or stolen, there’s no need to wipe the device clean. There’s no corporate information on it.

Central to Amazon WorkLink is …

… a secure web browser that’s hosted in AWS that turns web content into an interactive simple vector graphics (SVG) graphical representation,. It’s sent to the web browser on the employee’s mobile device, AWS said. Even through the webpage is running in the cloud, end users can still use all the tools – such as scrolling and typing – that are common when dealing with such content. Once the session ends, the cloud-based web browser disappears, which means the content is only stored on the corporate network.

The cloud service can be configured via the AWS Management Console. Once that’s done, end users can download the Amazon WorkLink app from the Apple App Store or Google Play and log in with their corporate credentials. The service works can work with identity proviers like Okta and Ping Identity that are SAML 2.0 compliant. Amazon WorkLink supports devices with iOS 12+, with support for those running Android 6+ coming in a few weeks. The service also works with Safari, and Chrome support will come later. It’s available now in North America and Europe and will expand to other regions later this year.

As a fully managed service, customers don’t have to worry about infrastructure, capacity, scaling or browser updates to Amazon WorkLink. It also addresses the ongoing concern about mobile security, particularly as employees increasingly work remotely, the bring-your-own-device (BYOD) trend grows and more businesses are opening up their BYOD programs to contractors, suppliers and other outsiders. In a report late last year, cybersecurity vendor Bitglass noted that 85 percent of organizations surveyed have a program allowing at least some of their employees to use their personal mobile devices for work.

However, more than half (51 percent) said the number of threats to smartphones and tablets grew over 2018 and only 30 percent said they had proper security in place to protect these devices against malware.