|By Jon Senger||
|October 7, 2013 09:45 AM EDT||
There's no doubt, personal mobile devices have permanently, and in many cases positively, altered the workplace. They've given employees flexibility in terms of where, when and how they work, offered new ways to collaborate and even delivered cost savings for employers.
However, with the good comes the bad. There's no arguing, BYOD has made corporate data more vulnerable than ever before. From unsecured laptops to rogue employees who maliciously attack the network through their own devices, the challenges facing IT are immense. In fact, a recent study shows that the majority of businesses (79%), had a mobile security incident in the past year, including 16 percent who put the cost at more than $500,000. 
At risk is money, as well as brand reputation.
Institutional control is essential, but approaches like mobile device management (MDM) and other solutions have proven ineffective on their own because they are too heavy handed and end users find ways to work around them.
Organizations need something that's lightweight and unobtrusive to the end user, but powerful enough to meet the needs of IT. Virtual Desktop Infrastructure (VDI) has been used for many years to manage desktops, and with the demands of BYOD, VDI adoption is accelerating at a rapid pace.
Bringing the Perimeter Back to the Data Center
VDI has always had an inherent advantage when it comes to security. In virtualized desktop environments, all data remains exclusively and entirely within the data center. Users of virtualized desktops experience the same interaction with their data that they always have, but gain the flexibility of using their preferred devices. Personal tablets, phones, and laptops, are often used for business in today's modern workplace, so keeping the data managed and controlled by ensuring that no data flows across the network or resides on the end user's device is a critical feature. As a result, the scope of securing the enterprise narrows to securing the data center. This is a much more manageable exercise for network managers and information security professionals than trying to manage data and devices
By moving to a virtual desktop infrastructure, organizations can greatly reduce the risk associated with BYOD while still allowing IT professionals to easily deploy, configure and manage the entire end user computing experience. VDI ensures tight security across the enterprise, regardless of device, addressing significant concerns such as: securing data at-rest; authentication, authorization and accounting (AAA); and compliance.
Benefit #1: Securing Data At-Rest
How often do we hear about a missing laptop - whether stolen or misplaced - putting data at risk? It's happened to hospitals, universities and even within our government. Inactive data, such as a document stored on a user's personal device and not currently in use, presents one of the most frustrating challenges for information security professionals. Regardless of how long it has been since the document was last used, it must be handled securely, with appropriate encryption and backup, while remaining readily available to the user.
One way to secure data at-rest is to keep it in the data center where it is physically secure and managed within a server-based computing solution. In virtualized desktop environments, users edit data via remote sessions. During the sessions, users see a visual representation of the applications and operating systems they are accustomed to using, however, the visual representation consists entirely of pixels - the data itself does not move over the network and is never stored on the endpoint device. With VDI, all data remains secure within the data center, removing the risks associated with data on-the-move - protecting corporate IP, customer and employee data and much more.
Benefit #2: Authentication, Authorization and Accounting (AAA)
Authentication, authorization and accounting, known as AAA, are critical criteria for securely controlling and monitoring access to a network and its resources. Desktop virtualization addresses each of these issues, providing network and security professionals with the ability to:
- Verify a user's identity before allowing any access at all (authentication)
- Determine exactly which devices, applications or networks a user can access (authorization)
- Track and record a user's activity on the network at a level that ensures non-repudiation (accounting)
VDI controls user access down to the device level. Before a user can access data or applications using a mobile device, VDI requires data center or desktop authentication. That means upon connection, the user must authenticate via a directory - usually Active Directory or LDAP - and receive authorization before proceeding. This level of authentication is superior to PC-level security methods, in which a user who cannot successfully authenticate to a network presumably already has access to the physical device and its contents.
Authorization determines which devices, desktops, applications or networks a user can access. With desktop virtualization, network authorization is required even before a user connects to his or her personal desktop -- which is the same way authorization is handled with a BYOD device. Absolutely no information is viewable until the user has been given access to the network.
Once authentication and authorization are complete, accounting tracks and records the user's interaction with the network and the desktop cloud infrastructure at a granular level. Administrators can audit this information, filtering by specific users, events and networks as needed.
Benefit #3: Application and Regulatory Compliance
Desktop virtualization also addresses the new reality of licensing and regulatory compliance, essential security considerations for today's modern enterprise which now involves emerging technology IT has often never interacted with, various operating systems that are at times incompatible, and cloud-based applications. VDI removes the pain and makes compliance with licensing easy because IT provisions all user applications in a single desktop container per user. Network administrators can monitor and control which applications are in use, by what user, on which device, and whether the user has proper authorization and licenses for the applications.
In addition to auditing application use, many VDI solutions can also track and control data flow itself. This ensures that when users access network data - whether from a mobile phone or tablet -- they are doing so within the compliance policies and parameters set forth by the network manager.
It is important to note that the VDI solution can control both the data and the data paths themselves. With traditional device management, giving a user access to a network share on a physical PC results in data moving across the network to the endpoint, whether through a VPN or the public Internet. With a desktop virtualization container, by contrast, data never leaves the data center. The data moves from the data store to the application that is using it, but all movement takes place within the data center. This ensures a completely isolated and secure environment, especially when BYOD is involved.
That sort of complete control of the device, applications, data and networks is particularly critical in instances in which data and data flow require tight control to meet regulatory compliance laws such as HIPAA.
Desktop virtualization also offers the ability to separate auditing data, user data and system data throughout the data's lifecycle. IT can keep audit logs and backup media separated per security regulations, allowing different backups to different targets - an important part of the compliance lifecycle. Backup and control is simpler because everything remains under the system administrator's control, and in one physical location - not on the end user's mobile device.
BYOD is Growing, Ready to Explode
Let's face it, BYOD is here to stay. And its growth rate is skyrocketing. Industry analysts like Gartner consider BYOD "the most radical shift in enterprise client computing since the introduction of the PC," while other researchers expect the trend to grow by 15 percent annually over the next four years, reaching $181 billion by 2017 .
As the number of devices rises, so does the need for a comprehensive security strategy. One that doesn't just add heavy layers of management complexity, but instead tightens the perimeter without impacting the user experience. While a lot of technologies are trying to solve the challenge, my bet is on VDI.
For more information, download the whitepaper, How VDI Reduces the Risks of Bring Your Own Device (BYOD)
SYS-CON Events announced today that CloudTimes has been named “Media Sponsor” of SYS-CON's 14th International Cloud Expo®, which will take place on June 10–12, 2014, at the Javits Center in New York City, New York, and the 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. CloudTimes is the premier source for thought leadership and the latest news on Cloud Computing. We are an international group of Cloud Computi...
Dec. 11, 2013 10:00 AM EST Reads: 782
"It's been a great show for NetIQ - we've had the opportunity to speak about how NetIQ is enabling the cloud - how we are allowing customers to get access to cloud services that enable service providers to deliver cloud services in a secure, compliant manner," explained Gary Ardito, Chief Architect for Cloud Service Provider Solutions at NetIQ, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4-7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud E...
Dec. 11, 2013 09:45 AM EST Reads: 1,036
"At InMage we are enabling the hybrid cloud. Cloud presents a lot of opportunities but there is no vehicle to take services into the hybrid cloud," noted Murali Nambiar, Sr. Product Manager for Backup and DR Products at InMage, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4–7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City, NY, will feature technical sessions from a rock ...
Dec. 11, 2013 09:45 AM EST Reads: 709
"We have a threefold product and an in-memory database is our core platform, which helps our customers do completely net new workloads and we has some interesting high-performance use cases," explained Jon Webster, VP Business Development at GridGain Systems, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4–7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City, NY, will feature...
Dec. 10, 2013 12:00 PM EST Reads: 1,307
"ActiveState is focused on the cloud market with a product called Stackato, an enterprise private PaaS solution that allows enterprises to manage and deploy their own Platform as a Service offering," explained Bart Copeland, President & CEO of ActiveState Software, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4–7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City, NY, will f...
Dec. 10, 2013 11:00 AM EST Reads: 1,387
"Lanlogic has been around since 1995 and we focus on helping customers that are traditionally less technical and need someone who’s an IT consultant, a trusted business adviser, to help them evaluate their needs," explained Joe Foos, Director of Sales & Marketing at Lanlogic, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4–7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City,...
Dec. 10, 2013 10:15 AM EST Reads: 951
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named “Bronze Sponsor” of SYS-CON's 14th International Cloud Expo®, which will take place on June 10–12, 2014, at the Javits Center in New York City, New York, and the 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Indu...
Dec. 10, 2013 10:00 AM EST Reads: 1,368
"Since the acquisition Terremark has been getting closer and closer and tighter with Verizon and we have some joint projects underway. We're about to set the world on fire," noted Jim Anthony, VP of Sales Engineering at Verizon Terremark, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4-7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the Javits Center in New York City, NY, will feature technical sessions f...
Dec. 9, 2013 08:45 AM EST Reads: 1,488
"We announced what we believe is a game-changing technology in storage. We introduced a new product called the Ultrastar He6 and we announced a technology called HelioSeal, which is the process of hermetically sealing helium inside the hard drive," explained Brendan Collins, VP of Product Marketing at HGST, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4-7, 2013, at the Santa Clara Convention Center in Santa Clara, CA. Cloud Expo® 2014 New York, June 10-12, at the...
Dec. 9, 2013 08:30 AM EST Reads: 1,499
"APIs are a layer of integration where you integrate apps to the back end. Those APIs have to be secure, they have to be managed, they have to be monitored, you have to know everything that happens to those APIs and we provide that level of product so people don’t have to worry about it," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at the 13th International Cloud Expo®, held Nov 4–7, 2013, at the Santa Clara Convention Center in Santa Clara, ...
Dec. 9, 2013 07:00 AM EST Reads: 1,632
- Cloud Solutions and Technology
- Opening Keynote at Cloud Expo | The Changing Atmosphere of Cloud Computing
- Cloud Computing 2.0 Flexibility Discussed at Cloud Expo
- Establish and Manage a Recurring Revenue Model
- Cloud Expo: Cloud Shifts the Burden of Security to Development
- Weekend Special: Cloud Expo Keynotes and Expo Pass
- Cloud Expo Silicon Valley: Don’t DIY Your VDI
- Safeguard Your Organization with Cisco Email Security Solutions Webinar
- Cloud Expo Silicon Valley: Day 3 Lunchtime Keynote – The Internet of Things
- SDN: Uncovering Amazon's Secret Sauce
- Ten Myths of Cloud Computing
- Cloud Expo Silicon Valley: Overview of Windows Azure IaaS
- WebRTC Summit at Cloud Expo Agenda Announced
- Financial Results, New Appointments, and General Meetings - Research Report on Red Hat, Yelp, Sierra Wireless, Infinera, and Bitauto
- Cloud Solutions and Technology
- At-a-Glance: Comparing VMware vSphere 5.5 & Windows Server 2012 R2 Hyper-V
- User Accounts Are Only the Tip of the Iceberg
- WebRTC Summit | WebRTC Business Models: Building a Web-Based Telecom Co
- Open Server Summit Reports Doubling of Registration
- Announcing "OpenStack Fundamentals Track" at Cloud Expo
- Opening Keynote at Cloud Expo | The Changing Atmosphere of Cloud Computing
- Framework for Service Oriented Ecosystem
- Gartner Identifies the Top 10 Strategic Technology Trends for 2014
- The Security of Popular Cloud Storage Sites
- Cloud Expo New York: Best CIO Practices Shared from SHI’s Customers
- Cloud Expo New York: How to Use Google Apps Script
- Cloud Expo New York: Cloud Is Changing the Economics of Business
- Rackspace Hosting Named “Platinum Plus Sponsor” of Cloud Expo New York
- Virtual, Cloud & IT Availability - Shared Responsibility & Common Sense
- WebRTC Summit at Cloud Expo Agenda Announced
- Enterasys Spotlights SDN's Impact on Traditional Networking in Upcoming Webinar
- Microsoft-Nokia: An Open Letter from Ballmer and Elop
- Cloud Expo New York: API Security, Does My Business Need an OAuth Server?
- ScaleOut Software to Exhibit at Cloud Expo New York
- ARM Server “Microservers” Seek to Transform Cloud, Big Data
- Cloud Expo New York: Rethink IT and Reinvent Business with IBM SmartCloud