The secure workspace for remote work - drawn, quite literally, in blue.
Somewhere right now a contractor in a kitchen in Lisbon opens a laptop that her company has never seen, never bought, and never shipped. A thin blue rectangle appears on the screen. Inside it: the brokerage app, the client records, the compliance trail. Outside it: her photos, her browser tabs, her life.
That blue rectangle is Venn. And the fact that nobody in IT had to mail her a managed machine to make it happen is the whole argument.
Venn is a New York cybersecurity firm with roughly 130 employees and an unusually literal product. It secures company work on personal, unmanaged, and contractor-owned computers - the machines IT departments have spent fifteen years either banning, locking down, or grudgingly tolerating. Its patented technology, called Blue Border, installs a lightweight agent on any Windows PC or Mac and carves out a company-controlled Secure Enclave. Work applications run locally inside that enclave, wrapped in a visible blue border, where data is encrypted and isolated. Everything outside stays personal and private.
More than 700 organizations now trust it - many of them the kind of firm that gets fined when data wanders. Fidelity. Guardian. Voya. The regulated middle of American finance, insurance, and healthcare, where "just trust the employee" is not a control that passes an audit.
Blue Border is a paradigm shift away from legacy IT enablement strategies like managed laptops and VDI.
For decades the deal was simple. The company owns the computer, so the company controls the computer. Procurement buys it, IT images it, a courier ships it, and at the end somebody mails it back. Security followed ownership the way a shadow follows a person.
Then the workforce scattered. Contractors, offshore teams, BYOD employees, and seasonal hires all needed access from machines the company would never own. The industry's answer was the virtual desktop - VDI and DaaS - which streamed a remote computer onto the personal one. It worked, technically, the way commuting two hours each way works technically. Expensive to run, sluggish to use, miserable to scale. The cost of securing a remote worker had quietly become larger than the cost of employing one.
The most secure laptop is the one you never had to buy, image, ship, or get back.
Here was the irony nobody wanted to say out loud: companies were spending fortunes to recreate, pixel by streamed pixel, a computer the employee was already sitting in front of.
Venn was founded in 2019 by David Matalon, Alex Osipov, and Jacob Kazakevich. This was not their first encounter with the problem. Before Venn, Matalon ran OS33, a secure workspace used by SEC- and FINRA-regulated financial firms. He had spent a career making regulated work safe on the internet. Venn is, in a sense, his second swing - same problem, sharper idea, minus the virtual desktop.
The bet was contrarian and a little stubborn: instead of streaming a remote computer onto the local one, secure a slice of the local computer directly. Don't manage the whole device - the employee owns that, and frankly doesn't want IT reading their texts. Manage only the enclave where work happens. NewSpring Capital believed the thesis early, backing Matalon in 2019 and leading the round that would later make the strategy public.
Previously built OS33, a secure workspace for FINRA- and SEC-regulated firms. Came back for the version without the virtual desktop.
Architect of the enclave - the part that turns "trust the employee" into an enforceable, encrypted boundary.
Owns the unglamorous, decisive part: making 700+ regulated rollouts actually land in production.
Matalon runs OS33, securing regulated financial firms - and learns exactly where VDI hurts.
Matalon, Osipov, and Kazakevich start over with a new approach. NewSpring backs the vision early.
Remote work goes from edge case to default. Suddenly everyone has the problem Venn was already solving.
U.S. Patent 11,687,644 lands. Venn reveals a NewSpring-led Series A and the claim of first MDM-for-laptops.
"Step Inside Blue Border" - securing the distributed workforce in the age of AI.
The mechanics are almost suspiciously plain. A lightweight agent installs on any PC or Mac. It creates a Secure Enclave - a company-controlled space where work applications run locally. No virtual machine. No remote session streamed from a data center. No backend desktop infrastructure humming somewhere on a metered bill. The work simply runs on the hardware that is already there, just fenced off and encrypted.
The fence is visible on purpose. The blue border is not decoration; it is the user interface of trust. Anyone glancing at the screen - the worker, a manager, an auditor - can see at a glance what is company-controlled and what is personal. Inside, IT enforces policy, prevents data from leaking out, and keeps the audit trail. Outside, the employee's machine is just their machine again.
The blue border you can see is the security you usually can't. That is, more or less, the entire trick.
A clever idea is cheap. A clever idea that saves regulated companies money while keeping them compliant is a business. Venn's reported figures point the same direction VDI never could - down.
There is also the patent, which is the part lawyers like. U.S. Patent No. 11,687,644 covers a "Secure Visual and Computational Boundary for a Subset of Resources on a Computing Machine." Translated: the right to fence off part of a computer and call only that part work. Venn says it is the first to make MDM - the control plane built for phones - actually work for laptops. The patent is what keeps that claim from being a slide.
Venn is one of my favorite products to come into the market. It will drive the sun-setting of VDI.
Venn's stated mission is to secure the distributed workforce - and lately it has added the part everyone is nervously thinking about: in the age of AI. The work is scattering further, faster. More contractors, more agents, more machines no company will ever own. The old reflex was to claw all of that back under management. Venn's argument is that you do not need the whole device. You need the boundary.
It is a privacy story as much as a security one, which is the quietly subversive bit. By securing only the enclave, Venn lets IT stop pretending it needs to own a person's entire laptop to keep one folder safe. The employee keeps their machine. The company keeps its data. For once, nobody has to lose for the other to win.
Return to that contractor and her laptop. The old way to give her secure access was to ship her a second computer, or stream her a virtual one over a wire, or simply tell her no. Each option cost money, time, and goodwill. Each one treated her own machine as the threat.
Instead there is a blue rectangle. Inside it, work that satisfies a FINRA auditor. Outside it, a laptop that is still entirely hers. She was productive in minutes. Nobody mailed her anything. Nobody will have to chase it down when the contract ends - they will switch off the enclave and the border will simply vanish, taking the company's data with it and leaving her computer exactly as it was.
Venn did not secure the laptop. It secured the work, and let the laptop go back to being a laptop. That distinction is small, blue, and rectangular - and an entire industry is quietly rebuilding itself around it.