Enhance security where it’s most vulnerable the desktop
Desktop virtualization is not a magic fix for security, but it provides a another barricade against escalating cyber threats that have been increasingly focused on remote working.
Security experts including Interpol reported that cyber criminals switched their tactics during the pandemic and targeted home workers. For companies that made ad hoc investments in cheap laptops, or worse, relied on employees to use their own devices that were often out of date, it was a perilous time. Endpoint security is always a challenge; with the pandemic it became a nightmare.
At Ergo we have been running webinars on desktop virtualization and best-practice security, not just as an expedient to address Covid but as a strategy for the future workplace. If ever there was a moment when an investment in virtual desktops paid dividends it was during lockdown, but if the workplace moves permanently to a hybrid combination of office and home – as many predict – the benefits will be delivered long into the future.
Ergo’s Security Practice has been advising clients to rethink and reset their cyber defenses for some time. We know that the desktop is a weak link in many organizations and that desktop virtualization goes some way to mitigating the risks.
Beef up security with centralized control
Desktop virtualization delivers more standardized security in a tightly controlled environment that counters ‘shadow IT’ and helps IT managers take back control. Security patches and automated updates are applied regularly and seamlessly. Instead of fixing a breach hundreds of times on individual devices, they are fixed once and for all.
Lower the risk of losing sensitive data
Desktop virtualization is about centrally storing digital assets – files, emails and documents – minimizing the data footprint and threat surface of a business. Sensitive information and company IP will stay safe, even if a laptop is lost, stolen or broken. Access controls allow for uninstalling the desktop from people’s devices if they leave, eradicating the risk of company data walking out the door with them.
Set device strategies and enforce them
The last few years has seen organizations struggle to implement Bring Your Own Device (BYOD) and Choose Your Own device policies. What employees want can be difficult for IT to administer, particularly around security. Virtualizing desktops enables a consistent set of security controls across mobile devices, regardless of operating system or hardware.
Let virtual desktop providers share the security burden
With Desktop-as-a-Service (DaaS), the virtual desktop infrastructure is hosted in a cloud where the cloud provider offers levels of security and data protection that most enterprises would struggle to emulate on premise or in their data centers. Better regulatory governance around workflows and processes will emanate from cloud providers that will be ISO and PCI compliant.
No interruptions to business
Faster and simpler Disaster Recovery and Business Continuity is another benefit of virtual desktops. With desktop images stored and managed off-premise, natural disasters like flood and fire might take out premises but not virtual infrastructure. No more waiting around for backups to be restored. Employees can work from alternate locations and instantly have the exact same desktop experience.
Add additional security controls
Desktop virtualization security can be tailored to different business needs. Additional layers can be added around data loss prevention and access permissions, including more advanced MFA (Multifactor Authentication). The type of desktop virtualization that companies pursue will be determined by their security and regulatory requirements.
Financial services organizations, for example, that are restricted from moving applications and services to the cloud because of compliance requirements, will hit a similar obstacle with DaaS, where the desktop virtualization infrastructure is hosted in the cloud. Hybrid offerings using Virtual Desktop Infrastructure (VDI) are an option, where the service is run from a server in a private data center, delivering on the benefits and the compliance requirements.
As with other cloud services, it is important for companies to remember that DaaS does not exonerate them from security responsibilities. While the cloud provider will secure the big ticket items – network, host data center, physical hosts and the virtualization control plane – it’s up to each organization to take care of endpoint security, deployment configurations, app security and identity management.
Conclusion
Desktop virtualization is not a magic fix for security, but it provides a another barricade against escalating cyber threats that have been increasingly focused on remote working. For the IT team, it reasserts control over applications and the desktop at a time when mobility and shadow IT has threatened to undermine them – and the security of the organization.