Feeds

How secure are virtual desktops, really?

Lock and load

  • alert
  • submit to reddit

HP ProLiant Gen8: Integrated lifecycle automation

Lab As we discussed in an earlier article in this series many “desktop virtualisation” solutions exist today.

Each has its own deployment architecture and comes complete with a range of operational benefits and challenges. Some work well in particular scenarios which would not suit others. With interest growing in the potential use of virtual desktops it is time to consider some of the security questions.

Little direct discussion has taken place about the security, or otherwise, of virtual desktops although there are some areas, notably more locked down environments (including public sector) and for example with respect to home working, where specific security benefits can be achieved. But, as in all areas of IT and other areas of business, security doesn’t come free or by default.

So what are the security advantages of virtual desktops versus those machines with which we have all become over familiar in the last decade or more? Whilst some are relatively clear, in truth it all depends on the particular type of virtual desktop being considered.

Clearly ‘thin client’ solutions offer all the security benefits long associated with holding all data centrally, hopefully on well managed servers. By leaving no data on the client access device, many challenges associated with desktops and laptops are made considerably simpler to address. In addition the management of the software that users employ is all held centrally and can thus be managed in a straight forward manner allowing patching and software updates to be introduced more rapidly with consequential security benefits.

There remains the need to secure the data held on the central systems, which is as always a two-edged sword – the level of risk increases with the quantity of data being held in one place, even as the risks of distributed, fragmented data storage reduce.

A raft of security benefits can be achieved with desktop virtualisation solutions that deploy out an entire VM at the request of the user and pull it back, complete with changed data files, at the close of a session. Not least that a remote computer can be lost, stolen or otherwise compromised with minimal data risk – a useful facility for both front line troops and careless business executives,

Then there are the alternative systems where a virtual machine may be resident ‘out in the field’ for some time. For these systems the problems of securing the virtual desktop are, in many ways, similar to those associated with standard desktops. Namely, data may need to be encrypted and should there be a security update for the software contained in the virtual desktop then a new copy of the updated VM must be downloaded by the user.

The ability to centrally manage the software on the desktop can help mitigate the physical challenge associated with the patching and updating software, as does the fact that the virtual desktop might consist of just a single file, or just a few at most rather than the thousands of files common in a standard desktop.

As always, and as was pointed out in an earlier article on security and virtual servers, it all really boils down to having the right processes and procedures in place to manage the systems and ensure that whatever the scenario that appropriate security is enabled. As with any other IT system, tools alone can never be the answer. Equally, making sure that users are fully aware of their responsibility and how to protect the ‘their system’ is equally important.

This is a rapidly changing area, in terms of both technologies available and best practice. So, if you consider yourself in the early adopter camp or if you have other real-world experience you would bring to bear on living with virtual desktops and securing them for production use, please do share.

Freeform Dynamics Ltd

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.