Blog Home / Overcoming Remote Work Security Challenges with AWS

Overcoming Remote Work Security Challenges with AWS

Security

Jun 7, 2022

At the end of the second year of the global COVID-19 pandemic, it’s evident that the world, businesses, and IT, in particular, will never be the same. Most organizations adopted remote work, contactless services, and other ways of doing things without requiring people to meet in person and putting them at risk. Even if it was enough at first to limit face-to-face meetings and consider it “remote”, as virtual life becomes more real, that’s no longer the case. This is especially true for Public Safety & Disaster Response products, including End-User Computing, which enables people to do their work despite their physical location.

Let’s imagine that you are managing a creative studio in Hollywood with all your employees locked down due to coronavirus and helping Marvel to release a new blockbuster later this year:

  • It’s complicated to equip your employees with the workstations they can bring home to work without burning out while waiting weeks for the video to render. If you can even find a GPU during the semiconductor shortage, it won’t be worth buying due to crazy pricing.
  • Next, you need to ensure that every daily routine is secure enough. That way, evil hackers will never be able to steal a pre-release copy of the movie a month before going live in theaters, share it on the Internet, and leave you bankrupt.
  • Finally, it’s insufficient to give artists any tools but the ones they can conveniently use every day. If you leave them alone in setting all those 3D Mask, Octane, and Final Cut Pro products, they wouldn’t be polishing the next Avengers movie, but rather their profiles on LinkedIn.

Before the world became remote, companies could assume their employees would work from a finite number of physical facilities, where the company has complete, direct control over the IT posture and business processes it supports. That didn’t work with the rising tide of remote work in 2020-2021, nor with its successor, hybrid work (combining the efficiency of in-person communications and reduced overhead of remote processes by allowing employees to select how many days they work from the office and how many they work from home).

Communications from most employees’ homes to offices traverse public networks, over which you have zero control. The same is true for end-user devices. People should be able to operate securely from their own comfortable locations while not sacrificing performance due to laggy local computers, counter-intuitive synchronization of work results between home and the office, and random things that demand you be an all-in-one technical guru like connecting to the rendering grid.

Amazon WorkSpaces Web

Feeling the demand for remote work security challenges, Amazon Web Services (AWS) expanded its End-User Computing offerings. The first novelty, Amazon WorkSpaces Web, allows companies to grant employees a secure and streamlined way to work with company-managed web apps and websites. This service exposes apps and websites in the form of a remote browser wrapped in a cloud container. It’s isolated from a user device at all levels (storage, memory, and compute), and never reused across sessions (even of the same user).

This experience remains the same for end-users as it would if they interact with these services from local machines, as the remote desktop client for WorkSpaces Web could be any local web browser (like Chrome, Safari, or Edge). You can connect printers, microphones, and USB drives – everything that covers the needs of 99% of offices – in a Plug’n’Play fashion to the cloud from the user device, whether it’s a desktop, phone, or tablet. Still, you retain full control over what users can do and what they cannot. This includes utilizing specific Chrome extensions, transferring files in and out, and sharing a clipboard. Built-in integrations with AWS PrivateLink, Amazon VPC, and AWS CloudTrail Lake (another recently released service that turned out to be a hit) and always-on encryption, logging, and monitoring enable you to fine-tune the security.

As a fully managed solution, WorkSpaces Web helps you not worry about procuring, provisioning, and patching servers. You just create workstation templates, add (or connect via SAML providers like AWS SSO, Okta, or Ping) employees’ accounts, and they can immediately start generating value. In contrast to competitors, AWS offers transparent pricing based on the number of monthly active users and hours during which they are active. It’s worth saying, ClearScale has vast expertise in building remote desktop experiences for customers from various industries, including FinTech ones like Rakuten Rewards (formerly known as Ebates).

Amazon AppStream 2.0 Elastic Fleets

If your demands go beyond apps that can be served via the web browser (e.g., highly specialized software like coding IDEs), another release – Amazon AppStream 2.0 Elastic Fleets – is what you need. It’s the next iteration of the famous Amazon AppStream 2.0, enriched with a serverless capacity option in addition to the managed one. Still, it allows you to retain low-level access to the underlying operating system. Therefore, you can build virtual Linux or Windows machines, which your employees can access via their favorite browsers without the need to install any extra software or study rocket science (at least until you’re at SpaceX).

Based on our market analysis, it’s one of the few (and the only enterprise-grade) RDP solutions allowing you to stream audio via browser in both directions. While competitive solutions can only route audio from the speakers of a remote machine to your device, AppStream enables you to pass audio from a local microphone into the cloud in real-time. This is crucial for apps like contact center clients that often require a fully-fledged desktop setup. Except for low-level access to the OS, AppStream has parity in features with WorkSpaces Web. That includes pricing based on the number of active hours, which makes them interchangeable per your needs.

Another difference is that it allows users to preserve data amid sessions that naturally integrate with company-wide file storage like Amazon S3, Google Drive, or OneDrive for Business. It is essential for apps that do not have built-in synchronization so that users can access the work results after the remote session ends. And employees can hand off work in the office at the point they paused at home and vice versa.

ClearScale has already helped many customers working in Public Safety and Disaster Response embrace AppStream’s benefits, including Creative Practice Solutions, with which we built a modern telemedicine and billing coding application (SmartNoteMD). This app allows patients and doctors to conduct appointments via audio (and automatically get structured medical notes by leveraging the power of AI/ML) without meeting in person, but virtually through Amazon Connect streamed via AppStream to mobile devices and back.

Ready to plan your next cloud project?
Contact Us

Amazon Nimble Studio

If we return to the example in the first section about the creative studio, we will find that AWS has solved this type of remote work security challenge as well by introducing a highly-specialized desktop solution – Amazon Nimble Studio. It’s similar to Amazon AppStream 2.0 with most of the design aspects shared in common, including technical (users access their machines via in-browser streaming powered by NICE DCV protocol), operational (you can bake a VM image in with those apps that your team needs for successful work without any limitations), and economic ones (you still only pay for the number of hours during which the service is used).

What differentiates Nimble Studio from other AWS and competitive offerings is a plethora of unique features, fine-tuned by AWS and industry experts for digital content creation, such as:

  • Blazingly fast storage based on Amazon FSx for Lustre as a single source of truth for artists, serving them media assets and render artifacts (both consume TBs on-disk, and for rendering to not be endless, it must be able to read/write GBs per second).
  • AWS-curated AMIs, pre-baked with software commonly found in digital art studios (e.g., Kitra, Maya, or Blender) and configured to unleash the full potential of G4dn instances (up to 64 vCPU, 256 GB RAM, and RTX-enabled Nvidia T4 Tensor GPUs).
  • And an ability to deploy in a few clicks the services consumed by all workstations from a centralized location (rendering farms as AWS Thinkbox Deadline, licensing server for Adobe Creative Cloud, or gateway for on-premise Qumulo NAS).

Nobody is better in the cloud journey for Media & Entertainment customers than ClearScale, a partner to giants such as PBS (Public Broadcasting Service), whom we helped build a personalized recommendations service on top of Amazon Personalize.

Meeting Remote Work Security Challenges – What’s Next?

As remote and hybrid work becomes the new normal, we firmly believe that more specialized solutions for End-User Computing will come to the market – Healthcare & Life Sciences, Travel & Hospitality, and many other verticals deserve that.

Need a solution for your particular remote work security challenges? Come to ClearScale – an AWS Premier Tier Services Partner with 11 AWS Competencies, including  SaaS and Digital Customer Experience.

Get in touch today to speak with a cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email at sales@clearscale.com
Fill out a Contact Form
Read our Customer Case Studies

Back to All Blogs