Workspace ONE – ISO, compliance, security
Did you asked yourself or got the questions from customers about ISO certifications of the VMware Workspace ONE solutions?
Here are some good sources where you can take a look at for the certifications, ISO, compliance and security.
In this section you will find a lot of information about data privacy, collection of data and and how to handle with information discovery with regards to your users.
Workspace ONE privacy disclosure
If you´re interested in topics like which certifications the VMware Workspace ONE or other product has then give that site a short visit. Here you will find Workspace ONE UEM for instance: National Information Assurance Partnership (NIAP).
But you can use the search box in the upper right corner and search for other products like Carbon Black Security or Boxer (email client).
Another important standard is FIPS. It describes the standard for security requirements for cryptographic modules. VMware has several of that standards validated. That is an very important point with regards to security systems because that modules protects the sensitive data. Take a look which parts of the solution has validated this standard. Good starting point in security discussions.
Compliance and security report
Did you ever had a discussion internally or with customers regarding ISO certification which is very important especially in Germany? Then I can tell you VMware has achieved the ISO 27001, 27017, and 27018 Certifications. This for the solutions Workspace ONE UEM, Workspace ONE Access and Hub Services, and Workspace ONE Intelligence cloud services. But not only that, in May 2021 VMware achieved that for the whole EUC Cloud Services like VMware Horizon Cloud Control Plane, Horizon Cloud in Azure (which I will describe in more detail here) and some others. You want to understand more about the details of each of the certifications from the ISO standard, then take a look to that article.
But that´s not the only one. Another very important point from a security perspective is a SOC report. In a SOC report you can see the architecture of services, a details description etc. Customer of VMware which use Workspace ONE can request that report from VMware and is only allowed to review by the person who issued the report. No other person neither VMware employees are allowed and can take a look at the report!
Finally, I will recommend to you the Trust Center. Here you will find compliance programs and all about security standard and which of them are integrated in which products. you should visit the site regularly.