VDI Can Bolster Cyber Defenses
Security is not necessarily the first thing that comes to mind when people consider deploying virtual desktop infrastructure. As security has risen on the list of priorities for government agencies, the advantages of VDI are becoming more apparent.
Of all the benefits that VDI can provide, more than 80 percent of respondents to a recent study by the 1105 Public Sector Media Group listed security as a “very important” reason for adoption. Patch management, for example, is a major cause of the vulnerabilities attackers can use to breach agency defenses and infiltrate systems and steal vital data. Though software developers regularly issue security updates many organizations, many fail to deploy those updates in a timely manner, particularly those that have to patch thousands of systems.
One highly visible example of that lapse was the so-called Heartbleed bug several years ago. That was caused by glitches in OpenSSL encryption software, and potentially threatened systems around the world. Months after that bug was first revealed and security solutions issued, thousands of machines had still not been patched.
A more recent example was the WannaCry ransomware. This was malware that took advantage of an NSA developed Windows exploit that attacked a weakness in Microsoft software and infected many machines worldwide. Even though the company released a patch to address that vulnerability months earlier, thousands of systems were still unpatched when the WannaCry ransomware was actually launched.
In a recent report on VDI, market researcher Technavio pointed out that in traditional desktop environments, security is dependent on the software installed on those desktops and the network firewalls. If that layer of security is breached, the data within those individual desktops is open to theft. And the desktops can serve as launch pads to spread malware throughout the enterprise.
In a VDI environment, the data is centrally stored and managed. All desktops and mobile devices can only access that data using the central server image. Agencies can configure VDI deployments to prevent data from being downloaded and stored locally on the devices. This is an effective theft prevention technique. The data itself is better secured from other threats.
“In addition, it is easier to configure firewall patches and anti-virus agents on the one master image rather than maintaining antivirus (software) for numerous systems,” the Technavio report states. Conversely, fears over VDI security itself may be one of the reasons why nearly 60 percent of the respondents to the survey preferred VDI as an on-premises solution, instead of one in the cloud. That seems surprising, since as a virtualized solution itself, VDI should be easily available as a “cloud-ready” service.
And to be fair, there’s already a decent amount of interest now in cloud-based VDI. Nearly a third of the survey respondents from agencies that have already adopted or are considering VDI solutions indicated they preferred cloud-hosted VDI managed by a third party.
However, on-premises solutions provide administrators with far more control over the VDI environment. While IT managers may be perfectly comfortable now with putting such things as e-mail in the cloud, it’s a different matter when considering the entire desktop.
Eventually, cloud service providers will probably catch up with the security assurances most IT administrators will need before they’ll be confident getting their desktops as a cloud-based VDI-as-a- Service. For now, though, many agencies are using on-premises VDI as the first baby steps towards a full-blown VDI cloud deployment.