Blue glowing high energy plasma field in space, computer generated abstract background
Uncategorized

An emerging “View” of security and compliance

While server virtualization has gone mainstream, and set the table for private cloud infrastructure, another distinct and significant trend is poised to follow in its footsteps – Virtual Desktop Infrastructure (VDI), also referred to as Hosted Virtual Desktops (HVD) by Gartner. VDI or HVD refers to the use of desktop VMs hosted in the data center (much like virtual servers), that users remotely connect into.

 

Recently VMware released View 4.5, which has significantly reduced the entry barrier for product adoption, gaining several kudos in the process. For example:

[http://www.eweek.com/c/a/Messaging-and-Collaboration/2010-Products-of-the-Year-857767/3/]

 

One feature in particular, that security professionals ought to pay attention to, is the “Local Mode” feature in View 4.5.  Local Model essentially enables disconnected desktop operation, making it possible for employees to take their work on the road while still enabling IT to have control over the desktop configuration. While remaining tethered to the corporate network in the typical online VDI mode, the authenticated employee now has the option to checkout their respective desktop image, and run it on their PC e.g. on a business trip, airline, etc. When back on the corporate network, the image can be checked back in. Simple concept – powerful ramifications.

 

Desktop security has always been a big challenge for IT. 2009 saw more malware attacks on the PC than

in all prior years combined. It is not uncommon for enterprises to support more that 10,000 far flung desktops, in some cases 100,000+ desktops. Some studies peg the ongoing annual maintenance/cost for an existing PC to be in the neighborhood of $4000! A significant portion of this is related to security concerns, including patch updates, A/V updates, etc.

 

VDI helps lessen security risk, by consolidating desktop images in a trusted/centralized data center, where image management, patch updates, up-to-date A/V, scheduled A/V scans, data loss prevention policies and site blacklisting can be centrally managed.  The challenge with VDI has been the lack of flexibility & mobility because of the “always tethered to data center” requirement. The Local Mode feature of View 4.5 addresses this issue. Let’s look at the implication from a security and compliance perspective.

 

View_cico.jpg

 

  1. While on the corporate network, authenticated users remotely access their “personalized” corporate desktop, which has been setup by IT (latest images including security software), and which is subject to scheduled anti-virus scans, and on-access scans when the user opens a file, for example.
  2. Authenticated user checks out the image in preparation for “Local Mode”  operation. This could serve as an important trigger for  security/compliance policy checks i.e. check for sensitive data,  and up-to-date A/V software.
  3. The image is now run on the user’s local desktop/laptop. The underlying  OS cannot be assumed to be secure or trusted e.g. internet usage away  from the corporate environs could well result in compromised guests. Isolating corporate bubbles from underlying untrusted OSes is an area for innovation.
  4. When the user is ready to get back on the corporate network, the check  in process is another trigger for security/compliance policy checks e.g.  image veracity and anit-virus scans.

 

“On Check-Out” and “On Check-In” scans are added to the repertoire of tools usable by security and compliance professionals. We expect that VDI with Local Mode gives security and compliance professionals the ability to better control the ongoing battle against malware and compromise.

 

/Allwyn

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *