While most IT people know about virtual desktops that can be hosted in the data center, there's an often-ignored...
yet highly practical use for this technology. Desktop virtualization is now portable, connecting remote employees to the applications they need while better securing their devices.
I recently talked to an Atlanta-based financial company that relies on RingCube Technologies Inc.'s secure virtual desktop technology and McAfee Inc.'s SafeBoot's disk encryption capability to enhance remote client security for its sales force.
Security, specifically the need to enforce a compliant configuration and device-usage policy for remote users, was the primary motivation behind the enterprise's use of virtual desktops. The business need was to provide a secure environment for remote users accessing the corporate network via VPN and at the same time cut down on costs. Remote users needed no more than a VPN client, basic email agent, Internet Explorer browser, Microsoft Office desktops applications and a few third-party applications.
Read Eric Ogren's recent security columns:
Security vendors can learn from ConSentry Networks demise The switch-oriented NAC vendor serves as a sad reminder that security often only has niche appeal, says security expert Eric Ogren.
At VMworld 2009, companies focus on virtual desktops for security: While security is not a major theme at VMworld 2009, companies are turning attention to virtual desktop infrastructures to improve security and address remote employees.
Hacker charges also an indictment on PCI, expert says: PCI places the burden of security costs onto retailers and card processors instead of on the card payment brands, says security columnist Eric Ogren.
Instead of trying to micromanage each remote laptop, IT needs only to manage the core components that enable remote access, including clean executables and effective device-control policy. IT has a firm grasp of the applications on the virtual desktop and the business processes that run isolated from other executables on the endpoint to reduce the risk of a malware infection. End users click on an icon to launch the virtual desktop, which then runs isolated from the rest of the local environment.
The virtual desktop also helps IT to enforce an acceptable use policy for devices, notably for USB sticks. Remote users cannot inadvertently place data on a removable device where it could fall out of IT's control or read data from a device that could infect the virtual desktop session. Since the policy is centrally managed, IT can loosen device control policy for a user if necessary.
Sensitive data is protected against loss by integrated transparent full-disk encryption. The encryption protects against the loss of data if a remote employee's laptop goes missing or is stolen.
In my discussion with the financial firm, IT reported that help desk calls from remote users have been reduced because IT configures the virtual desktop, including VPN software. This reduces end-user errors in VPN configuration files and setup.
The IT team has also found that a virtual desktop refresh can be done in less than an hour, a significant time savings of approximately three hours per refresh. IT reports a reduced demand on its resources when restoring software for remote users that suffer hardware failures, equipment loss or purchase a new laptop.
Although not realized yet, the company also expects to get a longer life out of endpoint investments, and is looking into monitoring actual software deployments to negotiate more favorable software licenses.
The company's experience, both within IT and the user community, has been positive; the company expects to rollout virtual desktops through the end of the year. Virtual Computer Inc. and Moka5 Inc., two other vendors that specialize in virtual desktop software, have also found traction for uses requiring remote client security and operational controls. There are other styles of virtual desktops that also carry security benefits, including large financial institutions running Citrix Systems Inc. and VMware Inc. with thin clients.
Security is a key determining requirement that is leading IT organizations to look at virtual desktops to control endpoints. In this case, the company not only was able to mitigate the threats posed by an increased number of remote employees, but also finding a cost savings by reducing costly help-desk requests and extending the life of the laptops supplied to employees.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.