Editorial & Analysis
Popular
Technology Categories
- Security (282)
- Desktop Virtualization (236)
- Uncategorised (226)
- Public/Private clouds (223)
- Applications (220)
- Business Continuity (216)
- Server Virtualization (192)
- BYOD (192)
- Network Virtualization (183)
- Storage Virtualization (170)
- Big Data (155)
- Availability (149)
- Network Perfomance Management & Monitoring (145)
- Archiving & Back-Up (136)
- Consolidation (128)
- Wireless LAN (124)
- Performance Management (120)
- Systems Management (119)
- Software as a Service (SaaS) (115)
- Infrastructure as a Service (IaaS) (113)
- Network Capacity Planning & Management (113)
- Hosted solutions / applications (111)
- Network equipment, Repeaters, Hubs, Bridges, Switches, Routers (110)
- Governance, Risk & Compliance (105)
- Data Deduplication (103)
- Servers/Hardware (96)
- Mobile Security (93)
- Virtualization Security (91)
- IP Convergence (90)
- Capacity Management (90)
- Storage as a Service (88)
- Application Delivery Network (87)
- Storage Area Networking (SAN) (87)
- Storage Networking – IP storage,Infiniband & iSCSi (86)
- Disk Storage, Flash, SSD, Optical (85)
- Business Intelligence (82)
- Unified Communications (79)
- Wireless Security (78)
- Automation (77)
- Energy Efficiency (76)
- Enterprise Mobility Management (74)
- Mobile Device Management (71)
- Flexible & Smarter Working (70)
- Risk Management (69)
- Campus Networks (67)
- Design & Build (65)
- Recovery (65)
- Platform as a Service (PaaS) (63)
- Managed Security Services (61)
- Content Monitoring/Filtering (56)
- Risk Analysis (54)
- Identity & Network Access Control/Management (52)
- Managed Network Security Services (50)
- Smartphones/Tablets (49)
- Managed Hosting (49)
- Email Archiving & Management (49)
- Business Impact Analysis (49)
- Storage Resource Management (SRM) (47)
- Enterprise Content & Document Management (46)
- Collaboration Tools/Applications (45)
- Network Attached Storage / NAS (44)
- Mobile Enterprise Applications (43)
- Fibre Channel over Ethernet FCoE) (43)
- Cabling (41)
- Mobile Platforms (41)
- IPv6 (40)
- Penetration Testing/Risk & Vulnerability Assessment (38)
- Thin Provisioning (38)
- Information Lifecycle Management (ILM) (38)
- Workflow & Process (36)
- Load Balancing (36)
- Optical Networks (35)
- Forensics (34)
- E-Discovery (30)
- Regulation & legislation (30)
- IP Telephony (30)
- VPN/SSL (29)
- Unified Threat Management (29)
- Power & Protection (29)
- Communications-Enabled Business Process (27)
- Tape Storage (27)
- ISP's (26)
- Enterprise Search & retrieval (24)
- HPC (23)
- Video/Web Conferencing (22)
- Metropolitan Networks (22)
- Collaborative Communications servers (Exchange etc) (21)
- Mesh Networks (21)
- Encryption/PKI/Digital Certificates (20)
- Field Services (17)
- Audio Conferencing (16)
- IP PBX (16)
- Transparency (15)
- Openflow/Software Defined Networking (14)
- Classification (14)
- Wireless Expense Management (11)
- Instant Messaging (11)
- Risk frameworks (11)
- Fixed Mobile Convergence (10)
- Data Masking (9)
- SIP Trunking (8)
- Social Software (7)
- Data Erasure (6)
- Presence (6)
- BS25999 (5)
- HVAC (5)
Popular Categories
Data security and the virtualised desktop
22 Nov 2011
Companies looking to secure virtualised desktop environments should be working towards a blende approach that offers maximum flexibility, says Matthew Evans, senior systems consultant in the desktop virtualisation group at Quest Software.
With the corporate desktop increasingly looking like the next big target for virtualisation at many companies, we need to consider the impact of different data security options.
Currently, I see them exploring a number of options for virtualising desktops: Microsoft’s Remote Desktop (RD) Session Host; Virtual Desktop Integration (VDI); and Local VDI. Each of these has its own pros and cons, in data security terms.
Some years ago, we used operating systems that offered a choice of either standalone or workgroup editions. While these choices still exist today in current operating systems (OSs), most IT leaders would assume that being part of a networked workgroup was vital to most employees.
While ‘pre-networked’ operating systems delivered the best part of requirements, they also allowed individual users to control and configure their own desktop OS. Essentially, we could all be administrators, if we wanted.
Things are very different now. If we fast-forward through several OS releases, we now have Active Directory, UAC (User Account Control) and local groups such as ‘admins’ and ‘power users’.
Some people argue that moving everything off the desktop and into the data centre gives the IT department greater control of the OS, data and security environment. But what if certain users want to retain more control over their own OS? And is it really an option with Local VDI or are we simply moving data from an endpoint device to a virtual machine (VM)?
If you are empowering users with Local VID, this gives them an offline option, which means that if they are away from the corporate network for several days or even weeks at a time, the risk of data loss is as great as with a traditional company laptop. If the Local VDI image is not synched with the data store and the laptop gets lost, stolen or corrupted, then the data is lost.
However, it could equally be argued that the data is slightly more secure, as whoever steals or finds that laptop would not only need to access the endpoint OS, but also the VM sitting back in the data centre. If the username and password were the same, however, then this might be a moot point.
With any local or offline VDI solution, you need to address ‘worst case scenarios’ and look at solutions that offer options that go beyond just backing up data when a user is in the office.
Hosted desktops, such as RD Session Host and VDI, are advantageous, since the user sessions are not accessed offline. As a result, data doesn’t in theory leave the data centre.
When accessing a hosted desktop, users will use one of several protocols; for example, QuestEOP, HP RGS, Citrix HDX, Teradici PCoIP and so on. These different protocols, and corresponding management tools, offer enhancements to further secure the connection and ensure data security can be obtained.
Speaking generally, rather than about any specific solution, you can re-provision desktops at log off to ensure the virtual desktop is completely refreshed thus not leaving any user data. You can apply application and host restrictions to control access as you, the admin, decides. A couple of the more basic but critical features to look out for are the ability to disable clipboard and local drive redirection and to prevent copy-and-paste functions between endpoint and hosted desktop.
Personally, if I worked for a company that was in the process of deciding on a hosted desktop solution that also met corporate data security requirements, I would look for a product that offered a blended approach and gave me flexibility. One size, after all, does not fit all.
