Amazon Web Services, Inc.†(AWS), an†Amazon.com†company (NASDAQ: AMZN), announced the availability of Amazon WorkLink, a fully managed service that enables companies to provide their workforce with secure one-click access to internal websites and web applications from their mobile devices without connecting to VPNs or using custom browsers. End users simply download the Amazon WorkLink app to enable access to internal content through existing browsers on their mobile devices. IT administrators determine which internal content to make available, and Amazon WorkLink securely renders it behind the scenes using the compute and networking infrastructure of AWS, delivering a non-cached, fully functional, graphical representation of the web content to the user requesting it. Amazon WorkLink removes the need to build and maintain complicated infrastructure and software deployments to secure access to internal content on authorized mobile devices outside of the firewall. Amazon WorkLink also reduces the risk of information loss or theft because content is never stored or cached on devices. There are no up-front payments, per seat licensing costs, or long-term commitments, and customers pay only $5 per active user per month.
Today’s workforce of employees, contractors, partners, and suppliers needs access to internal websites and web applications to do their jobs, but often lacks convenient means to connect when working outside the corporate firewall. With existing solutions, enabling access means IT administrators must invest in and deploy both Virtual Private Networks (VPNs) to ensure secure connectivity, and mobile device management (MDM) software to configure devices and control user access. For end users, these VPN and device management applications often require access fobs and tokens, one-time passwords, and custom web browsers – all of which can be cumbersome and significantly slow the process of connecting to vital corporate resources. As a result, simple tasks like looking up a colleague on the Intranet or checking the status of an open customer ticket are often delayed until an employee can return to the office, hindering the productivity of today’s global workforce. IT administrators face the even more daunting challenge of setting up, operating, and maintaining VPNs and device management software deployments, which often requires the purchase of licenses for workers regardless of whether they are used or not. Even when these solutions work as advertised, information is still stored or cached on devices, leaving companies at risk of loss or theft of corporate data. And, because devices connect to the corporate network directly, enterprise resources may be exposed to device-based malware.
Amazon WorkLink was built to provide convenient access to critical content for workers and to make it easier for IT administrators to deliver secure access to mobile devices, all while providing greater security by ensuring that the corporate web content is never stored or cached on the device. At the core of Amazon WorkLink is a secure web browser hosted in the cloud that transforms web content into a fully interactive simple vector graphics (SVG) graphical representation. Once rendered, Amazon WorkLink sends that graphical representation to the web browser on an end user’s device. Unlike virtual desktop applications, this means Amazon WorkLink does not stream content, but instead embeds a fully interactive image in an end user’s existing browser, enabling common gestures and features like scrolling, typing, and pinching locally on the device despite the web page running in the cloud. Amazon WorkLink prevents web content from being stored and cached on the device itself, and saves bandwidth by eliminating the need to download large HTML, style sheets, and JavaScript files used to display web pages. When an end user closes their web browser tab at the end of a session, none of the content remains on the device, meaning lost or stolen devices don’t need to be remotely wiped. At the end of the session, the ephemeral cloud-based web browser disappears, ensuring corporate content only resides within the customer’s network. Because Amazon WorkLink is fully managed, it removes the heavy lifting of software and infrastructure deployment, capacity planning, and scaling, as well as the need for custom browser updates. With Amazon WorkLink, mobile devices never connect directly to the corporate network, narrowing the path for device-based malware to reach enterprise resources behind the corporate firewall.
“When talking with customers, all of them expressed frustration that their workers don’t have an easy and secure way to access internal content, which means that their employees either waste time or don’t bother trying to access content that would make them more productive,” said Peter Hill, Vice President of Productivity Applications at AWS. “With Amazon WorkLink, we’re enabling greater workplace productivity for those outside the corporate firewall in a way that IT administrators and security teams are happy with and employees are willing to use.”
Amazon WorkLink can be configured directly from the AWS Management Console. Once configured, end users can download the Amazon WorkLink application from either the Apple App Store or the Google Play Store (available soon), log in with their corporate credentials, and start accessing internal websites, while Amazon WorkLink works behind the scenes to ensure data is delivered quickly and securely. Amazon WorkLink works with SAML 2.0 compliant identity providers including Okta and Ping Identity, and honors existing security policies. Amazon WorkLink supports devices running iOS 12+ (with Android 6+ coming in weeks) and works with Safari, with Chrome support to follow in the coming weeks. Amazon WorkLink is available immediately in North America and Europe, and will expand to additional regions in the coming year.