Network Security

Implications of desktop virtualization for secure remote access

While endpoint security has become increasingly challenging in recent years, new desktop architectures offer new opportunities for security professionals to protect data and assets, both inside and outside the corporate network.

Traditionally, endpoint security has been focused on controlling and managing not only the data center infrastructure, applications, and desktops, but also users' endpoint devices. But as remote workers, contractors, partners, and other remote users rely on an expanding range of devices to access enterprise assets, from laptops to smart phones and tablets, it becomes increasingly difficult to maintain endpoint security without placing unacceptable restrictions on users.

Fortunately, the same technology that makes this proliferation of endpoint device types possible — desktop virtualization — offers new ways to simplify endpoint architecture as part of a broader reconsideration of data protection approaches.

Desktop virtualization: the new architecture for today's enterprises

Desktop virtualization is now reshaping models and practices throughout the IT industry.

In simple terms, virtualization involves the abstraction of resources from underlying hardware and the centralization of applications and desktops within the datacenter.

Some applications have always lived in the data center, such as Microsoft Exchange and Microsoft SharePoint; in a fully virtualized environment, everything does — applications, data, even entire desktops. Rather than keeping installed applications and data on their endpoints, users simply log in remotely — using any type of device — to access the resources they need. To enable offline access, virtual desktops even can be stored physically on the endpoint itself using client hypervisor technologies, and synced with the data center on reconnection.

Desktop virtualization is a broad and comprehensive infrastructure. Among many core technologies, secure remote access and WAN optimization are a couple of essential technologies that enable secure and fast delivery of desktops to any device on any type of network.

On the user's laptop, smartphone, tablet, or other device, a desktop access client — analogous to a cable TV receiver — is used to launch the user's virtual desktop in the data center (or stored on the endpoint). The user enters his credentials, is authenticated, then receives personalized delivery of a complete desktop environment.

The rapid rise of desktop virtualization is driven by several factors. Key benefits include centralized management, rapid implementation of new operating systems and applications, streamlined support, reduced desktop management costs, reduced costs for endpoint hardware, higher agility, simplified disaster recovery — the list goes on. For both users and IT, the ability to provide anytime/anywhere/any device access to data and applications represents a major advance.

More fundamentally, desktop virtualization makes it possible for IT to get out of the business of managing, controlling, and even issuing devices for end-users. Once upon a time, land-line telephone companies did just this, requiring users to lease their phones; today, they sell only the service itself, leaving consumers to acquire and maintain their own phones. Even cable companies now allow customers to buy their own modem devices. IT inevitably will move in this direction as well, delivering IT services, desktops, and apps to endpoints purchased directly by enterprise users.

Data protection in a virtualized environment

Desktop virtualization brings with it the need to consider endpoint protection in new ways. Data protection traditionally has been accomplished through a combination of anti-virus and data leakage prevention (DLP) technologies on the endpoint, where data resides, and measures to safeguard the network through which it passes.

Endpoint technologies like DLP and anti-virus still may have a role to play in local, offline virtualized desktops stored on the endpoint — but even here, virtualization offers significant advantages. While endpoint security has typically depended on users keeping their devices up to date with the most current patches and versions, these updates now can be installed on the virtualized desktop within the data center, then synced to the endpoint automatically.

The shift in focus from endpoint to data center comes in tandem with evolving perspectives on security. The changing nature and role of the network in a virtualized scenario — in which keystrokes and screen images are more likely to be transmitted than actual data — requires a broadening of focus to making sure that data is protected wherever it resides. Given the explosion of mobile devices and remote and mobile workers, IT no longer even owns or controls the network all the way from the device to the data center, and data may traverse different types of public networks from different carriers and vendors.

The way forward

For most organizations, the compelling business case for desktop virtualization will prove irresistible. For companies larger than a few hundred users, the infrastructure costs of a virtualized environment will be earned back quickly. For small and midsize companies, desktops delivered by a cloud offer a simple and affordable way to embrace this next-generation architecture.

However desktop virtualization is implemented, it will dramatically improve IT's ability to deliver secure remote access. Rather than maintaining endpoint security software for every endpoint in the organization, IT can focus solely on the virtualized desktops used in tandem with an offline client; for desktops which remain hosted within the data center, it will be enough to ensure that proper and granular access and authorization controls are in place on email, SharePoint, and other data sources. Solutions also exist to prevent data loss through common actions such as copy-and-paste, download, or print.

As desktop virtualization continues its rapid evolution, the security capabilities it supports are being enhanced as well, from disk encryption to a  “kill pill” which enables IT to wipe any locally cached data remotely. In addition to WAN optimization, acceleration, and strong authentication and policies, a good desktop virtualization solution already incorporates many security and user experience features that address the problems solved by today's traditional endpoint security solutions.

The bottom line? As you evolve your strategy to keep pace with changing IT models, pay close attention to rise of desktop virtualization and its implications for simplifying secure remote access.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.