The case for disappearing desktops
An ongoing boom in support for mobile workers who want to bring their own devices to work has led to expanding demand for virtualization tools designed to make the job faster, cheaper and more secure.
Workspace-as-a-service (WaaS) platforms that incorporate desktop virtualization features, designed to provide access to data from ‘anywhere, any time and any device,’ are among the latest technologies to support the burgeoning mobile transition -- and promise organizations security and back-end benefits as well.
Systems integrator Unisys Corp., for example, offers government customers a WaaS-oriented virtualized Windows environment with an office productivity suite, email messaging, video and voice collaboration tools as well as enterprise social media tools.
With the platform, employees log in and are provided a virtual workspace desktop that looks and operates like their actual physical office desktop. “Right now, users feel more comfortable in a virtual desktop because that’s the transition from a physical desktop,” said Shawn Kingsberry, Unisys’s global public sector director of digital government.
The WaaS platform has also been a workbench of sorts in the development of tools for avoiding malware and other threats by virtually disposing of, or “disappearing,” virtualized browsers that may have been contaminated or only needed for specific users.
Pete Kofod, CEO of The Sixth Flag said he first recognized the need for more dynamic security tools -- especially to protect network end users -- when he was contacted by the chief security officer of a large aerospace company whose Microsoft Active Directory had been compromised.
The attack turned out to be aimed at an executive of the firm who was the victim of a ploy involving a vulnerability triggered by a PDF file. When the file was opened, the malware harvested credentials that led eventually to the Active Directory contamination.
Unraveling the case took three months but eventually led to development of tools designed to protect remote end users. The Sixth Flag's resulting solution allows them to work with a virtualized browser that can be “thrown away” at the end of each session.
The virtual browser works by passing executable code on to a virtual machine on the server where it gets wiped after each session. “All of our desktops are ephemeral,” Kofod said.
Should desktops or mobile devices get contaminated, “we’ve thrown away every trace of users’ data, settings get saved and we’re just storing encrypted data at rest,” he added. “The next time they log in, they’ll get a brand new fresh copy of the gold master image. ”
The tool is completely cloud orchestrated and can moved to any infrastructure-as-a-service platform, Kofod said. All users get their own virtual machine stored in the data center, powering their session and eventually discarded.
The application is accessed exclusively by a browser. “There’s no client component, so basically anything that has a current browser,” Kofod said. “Whether it's a tablet or a Chromebook, as long as it has strong HTML 5 support, we’re in business.”
“We truly try to treat the desktop as just a place to temporarily do some work, essentially ‘work-space,’” he added.
The throw-away desktop is a security tactic Kofod calls a ‘guerilla network,’ designed to fully impede the attacker. “The idea is if you get into the desktop it won’t get you any closer to the crown jewels, which is always going to be the directory server.”
“If we can get to the point where no matter what you take off this guy’s desktop, it will never get you closer to complete organizational compromise, that’s really the Holy Grail for us,” Kofod said. “That’s why we designed it the way we did.”
The ability to offer users a secure browser that can be used for a limited time and then disposed of makes the virtual browser a good fit for transient users, according to industry analysts. It also helps agencies web-enable legacy applications and provide inexpensive devices for mobile users.
“For government, it’s ideal,” said David Laing, research manager for IT service management and client virtualization software at IDC. “It allows them to look at dynamic access, change of mission [and] address things like emerging requirements, change requirements without having to worry about the funding cycle.”
Those flexibility goals are also being shared by developers looking for ways to manage other workspace features, including new “virtual mobile infrastructure” options where mobile apps can be virtualized.
“The same way you can virtualize a browser as a throw-away, you can also virtualize an Android device -- either the whole thing or a workspace of Android apps,” Laing said.
Some apps “are really made for mobile devices, whereas some other apps are meant for the desktop and then they try to optimize them for mobile,” Laing said. To reconcile the differences, developers are turning to virtual mobile virtualization. Additionally, Android can be problematic because it is not always “homogenous” across sets of apps and versions of the operating system. While new versions are introduced, carriers tend to support them for a limited amount of time.
In this case, the Android app sits on a centralized server, and the device -- either an iOS or Windows device -- runs the virtualized apps behind a firewall.
WaaS for policy enforcement
Browser virtualization has allowed firms to take different approaches to WaaS in the last few years.
Authentic8, a company created by founders of email security firm Postini, jumped into the WaaS market in 2010, looking to concentrate on browser-based innovation.
In developing Silo, its virtual browser tool, the firm added features designed to provide options for managing complex workspaces. Instead of virtualizing the desktop by running virtual desktop infrastructure, “which would have just doubled the management overhead,” the firm embedded more sophisticated management controls directly inside the browser, CEO Scott Petry said.
Yet “as important as virtualization is, the management capability and ability to define policies around who can access what from which devices is more important,” Petry said.
The modifications endow the Silo browser with enhanced uses and features, Petry said, including improvements in the ability to conduct data research, participate in collaborations across teams and pursue projects that require blending work and personal activity.
For instance, to support people doing data research on the Internet, a browser can be configured to appear as if it’s coming from a variety of destinations in order to digest content from those areas. Those same functions can help law enforcement investigators explore suspect sites without disclosing their digital identity.
“I could literally tell the browser to look like it’s coming out of Singapore, pretending to be a Windows device with the local time zone set and with the Asian character keyboard being presented,” Petry said. Once fetched, the content could be translated from Chinese or Korean to English – inside the browser.
The Silo browser can also be used support groups participating in sensitive negotiations, Petry said, such as a mergers and acquisitions. Compliance, legal and finance staffers might access a deal room configured as an inherently secure environment.
“It feels like they are using their local browser,” he said, “but they use our browser, so any malicious content, any desire to go to Facebook in another tab while they’re in that browser, all of that capability can be managed so you have a single function browser for that team of people using web services for that deal room.”
The federal government is one of Authentic8’s top three markets, Petry said, especially agencies with national security requirements that use virtual browsers as a way to securely access web data and prevent data leakage or loss.
“What we’re seeing now is that government is just like any other large employer where there’s tension between what IT allows people to do and how users expect to balance their work-life,” Petry said. “In that case, we can let them browse the web through a one-time-use virtual environment that can be thrown away when the session is over.”
Last year the company reached out to victims of the breach at the Office of Personnel Management, offering the use of its browser for free.
“The idea here is to say our product is so easy to use and we make it available to so many people, we should also make it available to the people that are most vulnerable and those who lost data in the breach,” Petry said.
Paul McCloskey is senior editor of GCN. A former editor-in-chief of both GCN and FCW, McCloskey was part of Federal Computer Week's founding editorial staff.