Feeds

How secure are virtual desktops, really?

Lock and load

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Lab As we discussed in an earlier article in this series many “desktop virtualisation” solutions exist today.

Each has its own deployment architecture and comes complete with a range of operational benefits and challenges. Some work well in particular scenarios which would not suit others. With interest growing in the potential use of virtual desktops it is time to consider some of the security questions.

Little direct discussion has taken place about the security, or otherwise, of virtual desktops although there are some areas, notably more locked down environments (including public sector) and for example with respect to home working, where specific security benefits can be achieved. But, as in all areas of IT and other areas of business, security doesn’t come free or by default.

So what are the security advantages of virtual desktops versus those machines with which we have all become over familiar in the last decade or more? Whilst some are relatively clear, in truth it all depends on the particular type of virtual desktop being considered.

Clearly ‘thin client’ solutions offer all the security benefits long associated with holding all data centrally, hopefully on well managed servers. By leaving no data on the client access device, many challenges associated with desktops and laptops are made considerably simpler to address. In addition the management of the software that users employ is all held centrally and can thus be managed in a straight forward manner allowing patching and software updates to be introduced more rapidly with consequential security benefits.

There remains the need to secure the data held on the central systems, which is as always a two-edged sword – the level of risk increases with the quantity of data being held in one place, even as the risks of distributed, fragmented data storage reduce.

A raft of security benefits can be achieved with desktop virtualisation solutions that deploy out an entire VM at the request of the user and pull it back, complete with changed data files, at the close of a session. Not least that a remote computer can be lost, stolen or otherwise compromised with minimal data risk – a useful facility for both front line troops and careless business executives,

Then there are the alternative systems where a virtual machine may be resident ‘out in the field’ for some time. For these systems the problems of securing the virtual desktop are, in many ways, similar to those associated with standard desktops. Namely, data may need to be encrypted and should there be a security update for the software contained in the virtual desktop then a new copy of the updated VM must be downloaded by the user.

The ability to centrally manage the software on the desktop can help mitigate the physical challenge associated with the patching and updating software, as does the fact that the virtual desktop might consist of just a single file, or just a few at most rather than the thousands of files common in a standard desktop.

As always, and as was pointed out in an earlier article on security and virtual servers, it all really boils down to having the right processes and procedures in place to manage the systems and ensure that whatever the scenario that appropriate security is enabled. As with any other IT system, tools alone can never be the answer. Equally, making sure that users are fully aware of their responsibility and how to protect the ‘their system’ is equally important.

This is a rapidly changing area, in terms of both technologies available and best practice. So, if you consider yourself in the early adopter camp or if you have other real-world experience you would bring to bear on living with virtual desktops and securing them for production use, please do share.

Freeform Dynamics Ltd

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?