Feeds

How secure are virtual desktops, really?

Lock and load

  • alert
  • submit to reddit

The smart choice: opportunity from uncertainty

Lab As we discussed in an earlier article in this series many “desktop virtualisation” solutions exist today.

Each has its own deployment architecture and comes complete with a range of operational benefits and challenges. Some work well in particular scenarios which would not suit others. With interest growing in the potential use of virtual desktops it is time to consider some of the security questions.

Little direct discussion has taken place about the security, or otherwise, of virtual desktops although there are some areas, notably more locked down environments (including public sector) and for example with respect to home working, where specific security benefits can be achieved. But, as in all areas of IT and other areas of business, security doesn’t come free or by default.

So what are the security advantages of virtual desktops versus those machines with which we have all become over familiar in the last decade or more? Whilst some are relatively clear, in truth it all depends on the particular type of virtual desktop being considered.

Clearly ‘thin client’ solutions offer all the security benefits long associated with holding all data centrally, hopefully on well managed servers. By leaving no data on the client access device, many challenges associated with desktops and laptops are made considerably simpler to address. In addition the management of the software that users employ is all held centrally and can thus be managed in a straight forward manner allowing patching and software updates to be introduced more rapidly with consequential security benefits.

There remains the need to secure the data held on the central systems, which is as always a two-edged sword – the level of risk increases with the quantity of data being held in one place, even as the risks of distributed, fragmented data storage reduce.

A raft of security benefits can be achieved with desktop virtualisation solutions that deploy out an entire VM at the request of the user and pull it back, complete with changed data files, at the close of a session. Not least that a remote computer can be lost, stolen or otherwise compromised with minimal data risk – a useful facility for both front line troops and careless business executives,

Then there are the alternative systems where a virtual machine may be resident ‘out in the field’ for some time. For these systems the problems of securing the virtual desktop are, in many ways, similar to those associated with standard desktops. Namely, data may need to be encrypted and should there be a security update for the software contained in the virtual desktop then a new copy of the updated VM must be downloaded by the user.

The ability to centrally manage the software on the desktop can help mitigate the physical challenge associated with the patching and updating software, as does the fact that the virtual desktop might consist of just a single file, or just a few at most rather than the thousands of files common in a standard desktop.

As always, and as was pointed out in an earlier article on security and virtual servers, it all really boils down to having the right processes and procedures in place to manage the systems and ensure that whatever the scenario that appropriate security is enabled. As with any other IT system, tools alone can never be the answer. Equally, making sure that users are fully aware of their responsibility and how to protect the ‘their system’ is equally important.

This is a rapidly changing area, in terms of both technologies available and best practice. So, if you consider yourself in the early adopter camp or if you have other real-world experience you would bring to bear on living with virtual desktops and securing them for production use, please do share.

Freeform Dynamics Ltd

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.