Virtualization revolutionized the delivery of IT services by abstracting the computing resources of a server and allowing many “virtual machines” to run on a single box. It is now commonplace and a foundational piece of cloud computing.
One outgrowth of virtualization was virtual desktops, which use a virtualization platform to run instances of desktop operating systems, complete with applications, that are accessed remotely. This means that the end client accessing those virtual desktops doesn’t need to be very powerful, because all the processing happens in the data center. It also means there is less hardware for IT staff to manage and updates are simple to process.
Virtualizing applications — and to an even greater extent, virtualizing desktops — has another hidden benefit, however: stronger data security. But how does remote access and processing add security? Shouldn’t there be more chances for an attacker to intercept data when it is traversing from office or remote work locations to a central data center?
BYOD and IT consumerization are here to stay. Your employees want to work the way that is easiest at any given moment, and that often involves using unsanctioned apps and devices both inside and outside the office. Your firewalls, antivirus/antimalware, and monitoring protocol can all help maintain a secure perimeter, but once data is outside of that secure zone, trouble brews.
Custom viruses, malware, social engineering tactics, and ransomware are proliferating and becoming more tailored to specific targets. Meanwhile mobile device theft and loss continue to drive data breaches. All together, the modern IT landscape is one that is ever more complex and risky. You must balance user satisfaction and productivity with information security. One tool that can help is virtualization and specifically VDI.
By placing data storage and processing within a single data center or network of facilities rather than within endpoint devices, you can ensure that your security policies are adhered to whenever a user needs to access corporate information or applications. While their network may not have the same security protocols, you can at least mandate specific AV or firewall settings before access is granted.
Desktop and application virtualization also helps secure data in other ways, including:
Resource and data storage is centralized: All corporate data is stored within the data center and applications run within the data center environment. Users access them remotely rather than downloading and running applications on their own machines, saving data locally in the process. Your IT department has complete visibility as data and apps are consumed, controlling access with specific access groups and security policies for different departments and clearances.
Apps and OS are kept up-to-date: Your admins can easily ensure all applications and operating systems receive critical security updates rather than having to install them individually or rely on users. This greatly reduces the threat from zero day vulnerabilities.
With 60% of workers using their devices at work, learn how VDI can help BYOD management.
Policy-based security controls: As mentioned above, specific security policies can be created for different groups, allowing admins to preconfigure user access and control over their virtual desktop. This includes encryption and control over copying or saving data locally. These policies can be defined based on the user account as well as device or network location, so the same user may have greater rights when located inside the corporate LAN, but will be unable to download sensitive data when logged in at home or a coffeeshop, for example.
Non-persistent vs. persistent: If desired, you can enable non-persistent virtual desktops, which do not maintain a user’s state when logged off, meaning application state and data are not maintained, but they instead receive a fresh desktop whenever the next log in. Any malicious downloads or configuration changes, if allowed to install by the security policy, are destroyed upon logout as the virtual desktop is not saved.
Compliance standards: centralization also makes it easier to maintain compliance with specific controls like PCI or HIPAA across your organization. Activity logs, reports, and audits are easier to maintain with the visibility into user activity and adherence to preconfigured security policies.
A virtual desktop infrastructure may not be the right answer for every organization, but implementing VDI and virtualizing applications can help maintain security posture and visibility in the face of an increasingly complex IT management landscape. Choosing a managed Desktop as a Service option further frees up your IT staff to work on revenue generating activities and productivity rather than maintaining desktop environments. In either case, end user device management is simplified and secure.