Access your Pro+ Content below.
VDI security supports active protection strategies
This article is part of the November 2011 issue of Information Security magazine
Organizations are embracing virtual desktop infrastructure (VDI) with the expectation of persistent security enhancements and reduced desktop operating costs across the enterprise. This strong coupling between desktop security and IT operations backs up the thinking among early VDI adopters that centrally controlled desktop configurations are more resistant to malware and keeping regulated data off of distributed physical desktops reduces the business risk of a data loss incident. However, realizing these security benefits requires more than simply recreating traditional security in a virtual world; it requires a practical approach to inevitable breaches of desktop security. While defense-in-depth prevention is still critically important to the business, a VDI security-based approach favors active strategies for continuous malware resistance and compliance, data protection and incident response. These approaches are based on the following desktop security observations: It is inevitable that desktops will be breached in the ...
Features in this issue
PCI Security Standards Council plans to release a list of certified components in April.
An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.
Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.
Columns in this issue
Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.
We all have an explanation for weak security, but everyone needs to do their part to improve it.
China is being accused of hacking corporate, government and military networks in the U.S. for economic gain. Policy makers need to be versed in cybersecurity and figure out how to respond.