Enhance security where it’s most vulnerable the desktop
Desktop virtualisation is not a magic fix for security, but it provides a another barricade against escalating cyber threats that have been increasingly focused on remote working.
Security experts including Interpol reported that cyber criminals switched their tactics during the pandemic and targeted home workers. For companies that made ad hoc investments in cheap laptops, or worse, relied on employees to use their own devices that were often out of date, it was a perilous time. Endpoint security is always a challenge; with the pandemic it became a nightmare.
At Ergo we have been running webinars on desktop virtualisation and best-practice security, not just as an expedient to address Covid but as a strategy for the future workplace. If ever there was a moment when an investment in virtual desktops paid dividends it was during lockdown, but if the workplace moves permanently to a hybrid combination of office and home – as many predict – the benefits will be delivered long into the future.
Ergo’s Security Practice has been advising clients to rethink and reset their cyber defences for some time. We know that the desktop is a weak link in many organisations and that desktop virtualisation goes some way to mitigating the risks.
Beef up security with centralised control
Desktop virtualisation delivers more standardised security in a tightly controlled environment that counters ‘shadow IT’ and helps IT managers take back control. Security patches and automated updates are applied regularly and seamlessly. Instead of fixing a breach hundreds of times on individual devices, they are fixed once and for all.
Lower the risk of losing sensitive data
Desktop virtualisation is about centrally storing digital assets – files, emails and documents – minimising the data footprint and threat surface of a business. Sensitive information and company IP will stay safe, even if a laptop is lost, stolen or broken. Access controls allow for uninstalling the desktop from people’s devices if they leave, eradicating the risk of company data walking out the door with them.
Set device strategies and enforce them
The last few years has seen organisations struggle to implement Bring Your Own Device (BYOD) and Choose Your Own device policies. What employees want can be difficult for IT to administer, particularly around security. Virtualising desktops enables a consistent set of security controls across mobile devices, regardless of operating system or hardware.
Let virtual desktop providers share the security burden
With Desktop-as-a-Service (DaaS), the virtual desktop infrastructure is hosted in a cloud where the cloud provider offers levels of security and data protection that most enterprises would struggle to emulate on premise or in their data centres. Better regulatory governance around workflows and processes will emanate from cloud providers that will be ISO and PCI compliant.
No interruptions to business
Faster and simpler Disaster Recovery and Business Continuity is another benefit of virtual desktops. With desktop images stored and managed off-premise, natural disasters like flood and fire might take out premises but not virtual infrastructure. No more waiting around for backups to be restored. Employees can work from alternate locations and instantly have the exact same desktop experience.
Add additional security controls
Desktop virtualisation security can be tailored to different business needs. Additional layers can be added around data loss prevention and access permissions, including more advanced MFA (Multifactor Authentication). The type of desktop virtualisation that companies pursue will be determined by their security and regulatory requirements.
Financial services organisations, for example, that are restricted from moving applications and services to the cloud because of compliance requirements, will hit a similar obstacle with DaaS, where the desktop virtualisation infrastructure is hosted in the cloud. Hybrid offerings using Virtual Desktop Infrastructure (VDI) are an option, where the service is run from a server in a private data centre, delivering on the benefits and the compliance requirements.
As with other cloud services, it is important for companies to remember that DaaS does not exonerate them from security responsibilities. While the cloud provider will secure the big ticket items – network, host data centre, physical hosts and the virtualisation control plane – it’s up to each organisation to take care of endpoint security, deployment configurations, app security and identity management.
Conclusion
Desktop virtualisation is not a magic fix for security, but it provides a another barricade against escalating cyber threats that have been increasingly focused on remote working. For the IT team, it reasserts control over applications and the desktop at a time when mobility and shadow IT has threatened to undermine them – and the security of the organisation.
