How to Address VDI Security Issues in the Cloud and Datacenter

Last updated: 16 May 2016

Mobile Workforce Security Blog Series – Part 5

Organizations worldwide are seeking greater employee mobility for a variety of business and quality of life reasons. Key to becoming a ‘mobile enterprise’ is the ability to manage and secure the identities and data within an IT ecosystem whose boundaries are becoming increasing blurry. This blog series explores how enterprises can do so to gain enterprise mobile security.

VDI SecurityEmbraced for management efficiencies and improved security, virtualization has been adopted by 74% of IT professionals in NorAm and EMEA, according to a SpiceWorks survey. While full disk encryption can be used to protect laptops and desktops from theft, what happens to your desktop when it moves to the cloud and can be accessed by someone who isn’t even physically near you? Have your organizations’ VDI security issues been fully addressed?

An important enabler of enterprise mobility, Virtual Desktop Infrastructures (VDIs), can be consumed from the cloud with desktop-as-a-service solutions, or streamed from the datacenter. AWS Workspaces and Cisco Desktop-as-a-Service, for example, offer the former, while Citrix XenApp or XenDesktop and VMware Horizon offer the latter. Either way, they provide mobile employees with the freedom to work from any mobile endpoint, as the application software is never installed on the device, but is rather streamed on-demand from the cloud or data center.

In terms of management overheads, VDI translates into zero hardware-software compatibility issues, and makes it easy for IT admins to centrally configure and maintain employee desktops with all the applications they need. Virtualization can also mean improved security, as software updates and patches can be centrally issued and enforced on virtual desktops. Plus, a malware-infected machine can be easily restored to an earlier, clean version, while eliminating the need to reformat the underlying hard drive (for example, against malware rootkits). That said, many organizations neglect to fully address VDI security.

VDIs can be deployed inside the firewall. However, they are increasingly accessed over the Internet, with their security often hinging on a static password. This makes data residing in virtualized environments vulnerable to compromise through a multitude of threat vectors, such as phishing, bruteforce attacks, generic malware, and credential-database hacking. Plus, when your desktop resides in the cloud, someone can access it without even being physically near you.

To make sure your virtualized resources remain confidential and truly enable mobile enterprise security, apply Gemalto’s simple Secure the Breach Strategy to your virtual applications, whether in the cloud or data center, or both:

#1 Control User Access

  • Instead of letting VDI security hinge on static passwords, ensure login to your virtualized application or desktop is secured with strong two-factor authentication, described as, “One of the most significant steps any organization can take to reduce the risk of adversaries penetrating networks and systems,” as written in a recent US OMB blog. After all, “Two out of three breaches involve using stolen credentials,” according to a Verizon Data Breach Investigations Report.
  • For convenient VDI security, seek strong authentication solutions that can be applied to any endpoint, be it a mobile device, desktop or thin client.
  • Furthermore, to keep it simple for users and admins alike, extend enterprise identities to cloud-based applications, so that employees can use a single identity—a single credential set—protected with 2FA, to access all their on-prem and cloud resources (VPN, VDI, SaaS and Portals).

#2 Encrypt Your Data

After strengthening your access controls, ensure your virtual data is encrypted, at rest in virtual machine instances and virtual desktops, whether hosted in the data center or cloud, virtualized applications and any related storage and databases, and in motion when being transmitted across the network . This ensures that even if your cloud provider or data center are breached, your virtual desktop, data and applications will remain unreadable and useless to hackers.

 #3 Manage your Keys

Lost or misplaced encryption keys render encrypted data unusable, so ensuring central management of those keys is paramount.

More on tactics #2 and #3 for supporting VDI security, and enterprise mobile security in general, in next week’s blog, so stay tuned.

To learn how simple and easy enterprise mobile security can be, check out our infographic or visit our A4 Authentication for Mobile Workforce Security microsite, and find out how you can secure access to Any Application, from Any Device, at Any Assurance Level, Anywhere.

Leave a Reply

Your email address will not be published. Required fields are marked *