Subscribe to Email Updates

Subscribe

VDI_securitykeeping_your_sanity.jpg

VDI, Security and Keeping your Sanity

By Horatiu Bandoiu on Apr 23, 2014 | 0 Comments

In a recent post about new technology paradigms for SME we have been trying to provide reasons for SMEs to consider the changing of their computing model from “IT to own” to “IT to use”. Questioning the model is useful always and may bring a great gain for the organization.However, the decision to change may pass over some bumpy roads.

Today we try to put you in front of a real life scenario.

Imagine that you are the IT Manager of a very dynamic organization of around 100 people. Change is the constant in your day-by-day work: you serve a very mobile commercial force, several executives that travel all time, and, among many, two groups (marketing and development) that remain in the headquarters but take work at home after hours too.

They all ask for access to company resources, for their work to remain secure and available from various locations and at any moment. However the owners keep telling you that you must remain in control and protect their investment.

 

What would you do to harmonize all these potential irreconcilable requirements?

Option 1: You do as you have learned in the old school and try to maintain an entire in-house infrastructure allowing remote access to company data by VPN and secure access to business applications. You make a list of users that will be allowed to use mobile devices, select several vendors, make business cases, get them approved and purchase and distribute company owned smartphones and several tablets – trying to standardize the use on one single mobile OS.

And the challenges begin, because you will have to: keep the VPN accesses under control; maintain updated and secure a multitude of devices that include desktops, servers, laptops, smartphones and tablets: monitor the accesses to applications, and periodically backup business application data and user data (resident on many devices) and secure all of that. Looks a bit nightmarish but it’s the daily life of thousands of people. Not to mention that some managers will be angry because the selected platform for the mobile devices may not be their preferred one.VDI_securitykeeping_your_sanity

Option 2: Assume please that you are not afraid to think differently and change your mindset. You consider implementing a Virtual Desktop Infrastructure (VDI) and start by dividing your clients by groups of interests and needs, identifying what are their major business necessities and what keeps them happy.

And you may find out that:

  •  You have a group of highly demanding managers (executives?) that need access to highly sensitive information, are very mobile, use 2-3 different devices, connect from various locations and need to continue their work from the state they have left it when someone/something has interrupted them. The weapon of choice would be to allocate them a series of dedicated VDIs in a Data Center – you may have decided to maintain VDI on your premises or to lease them from a provider.
  • Then you have that extremely mobile sales workforce that is moving all day and need access basically to same business applications and file repositories. You may decide to treat them as the management group but, realizing that they don’t need persistent virtual machines, a logical decision would be to place them in a pool of shared VDIs.
  • A third group may be that of the marketing people that use sometimes highly demanding applications like graphics or streaming and they need to use them from home or various other locations. A good option would be to use application virtualization for them.
  •  Last but not least, you have the developers group that is doing about the same as the marketing team but they manipulate data that is highly sensitive (from an Intellectual Property perspective). Therefore you may decide to keep that data in a secure location and only allow them Remote Connection access from the laptops they can take home.

 

This may be an oversimplification, but if you follow our 2nd scenario you will see that many important aspects are being addressed in a consistent and effective manner with this approach:

  •  You just have to maintain a limited set of desktops and laptops and eventually several on-premise servers and applications.
  •  You can allow the managers and all users come with their own devices, being one of the early adopters of BYOD initiatives. And they will be happy to use the devices they like and are familiar with but not be a risk for your organization.
  •  Your organization’s data is kept secure where it has to be, on the servers that you keep in-house (for intellectual property reasons) or on the servers in the Data Center.
  •  All the backup madness is solved: you know now where the final versions are and what has to be saved or synchronized. You don’t need to buy/waste space anymore for duplicated information.
  •  All the data will be made available through a secure connection, from almost any device, any location, at any moment.

What about the security?

It is evident that this approach requires a different security model and a different solution because your traditional perimeter has totally changed; you use new technologies now and because of all the specific needs of virtualized environments. You may use a traditional security product on the physical machines (centralized, client-server protection) but inside the virtualized environment you will notice big challenges. And of course, you will need protection and control over those mobile devices. Or you can choose a security solution that has been anticipating these needs and has developed a specific solution.

What about economic aspects?

We are not intending to make an economic study here but we think that the costs for the VDIs and for the services of a specialized provider are easily overcome by the costs of keeping up to date a whole fleet of desktops and servers, the hardware maintenance, the backup space, the VPN solution and the bandwidth. Not to mention that the gains in flexibility, control and fluidity of operations may result in happier employees and increased productivity, and the mental sanity of the IT Manager.

Ready to explore a sanity-saving solution? 

Download Solution Paper: "The 6 Most Important  Things to Know about VDI/DaaS Security"

Share This Post On

Author: Horatiu Bandoiu

Horatiu B has been in the field of information security for about 14 years, switching lanes between marketing, sales, consultancy and business development. Engineer by formation, he thinks that a diagram says 10 times more than a speech but sometimes you have to employ words in order to describe diagrams. Horatiu’s principal areas of interest are in security management, practices, processes, buying behaviors and psychology.