As we’ve discussed before, there are three basic considerations you must keep in mind when developing a business case for VDI – your organization’s key business drivers, the cost and ROI, and your change management strategy. But the recent OPM and Ashley Madison hacks have thrown a harsh spotlight on another critical factor:
How implementing desktop virtualization can contribute and strengthen the security of your organization, from protecting your data to guarding your own people against themselves.
Centralizing Your Data with VDI
If you’re a modern government agency or other large enterprise organization, it is unlikely that all of your employees conduct business under the same roof at all times. Some may be operating out of branch offices, while others are teleworking from a laptop, home location or mobile device at a remote location.
With this type of spread, the risk to your organization’s data can be great if it is allowed to linger at the ends of your network at these off-site locations or on mobile devices. For example, an employee could lose or have their laptop stolen, compromising sensitive information for the organization they work for, as well as the customers the organization serves.
The security benefits of VDI is that it enables organizations to centralize their data in a secured location, thus minimizing the footprint of their data. So if an employee loses their laptop, there is no risk since none of the files or documents they are accessing are saved locally to their computer.
VDI Protects Your People from Themselves
When you hear about many of the security breaches in the news, what you may not realize is that an employee clicking on a link or downloading a file that opens the door to hackers usually triggers them. The employee is not acting out of malice in the majority of cases, as the emails or phishing attempts in question often mimic valid communications an individual might expect to receive from friends, banking institutions, social networks or other trusted sources.
In a typical corporate environment, IT will refresh the image of an operating system on a laptop or PC every 90 to 120 days. There are those, however, who do not perform this action at all, due to the cost and resources required. So when a user clicks a link in an email or through a website and downloads malware, that malware will have 90 to 120 days (or longer) to gestate in their system.
In an non-persistent VDI, a fresh instance of the desktop OS is loaded from a read-only template every time a user logs into the system and as a result, the OS typically lives no longer than 6 to 8 hours. That means when a user downloads a virus, the gestation period goes from months in a typical PC to hours in a non-persistent VDI environment. Since many viruses act over a period of days or weeks, as to avoid detection, non-persistent VDI can provide a higher level of protection against these threats.
Security Advantages of On-Premises DaaS vs Traditional DaaS
Traditional public DaaS options do provide the benefits of centralized data and improved user protection, but there is no guarantee the third-party provider’s standards, policies and procedures are up to par with organizational requirements. This is especially true for government agencies who need to remain FISMA-compliant. With on-premises DaaS, all data exists within an organization’s data center, giving agencies and organizations all of the security benefits of VDI, while also giving them the control they need over their own data.