As CEO of Molten Technologies, an independent virtual desktop specialist, I often find myself enthusing about VDI, especially as a service, vs the traditional fat-client PC model and I have heard every push-back in the business (and some that ought not to be). In this series of articles, I will expose the most common and a few of my favourite rarer ones.
A statement like “but it isn’t sufficiently secure for our needs”, or an insinuation of the same, has been a part of a large number of my conversations about Desktops as a Service and even a surprisingly high proportion of my conversations about Virtual Desktop Infrastructure. Part of the problem is that there are a range of options and solutions which result in a range of different security outcomes (which is true of any technology). An additional part of the problem may also be that we have all become so used to laptops that we have forgotten what a dreadful architecture they embody from a security point of view (albeit that the risk is somewhat mitigated by the very mature ecosystem of security solutions that have grown up around them). Whatever the cause, I see a measure of security mistrust out there for virtual desktops that I find at odds with the technology’s ability, if set up correctly, to result in a substantially more secure answer than any laptop or even desktop estate that I have seen. I equate it to someone with piles of cash under their mattress at home picking holes in the security systems at the bank and saying that they don’t trust them.
Let’s start with the basics: running virtual desktops on a server in your data centre is, at it’s core, a better security answer than having physical PCs on the office desks and a giant leap above running them on a laptop in the airport. Using my analogy above, it is like carrying a debit card instead of all of your cash (data being the closest analogy to money here). It is relatively easy to lock virtual desktops down so that they don’t map local drives, thumb-drives and the like and to disable cut and paste with the local machine so that your precious data remains where it should be, in your data centre. I once heard of a very large and respected energy company that used to pour super-glue into the USB ports on some of their laptops to try to achieve this. Don’t get me started on the implications of a laptop out there connected to an untrusted network with your data on it and an intent to come and plug back into your network later. There is a different and less tasteful analogy I could use here, with an acronym very similar to, but slightly shorter than, VDI.
So virtual desktops have the inherent advantages that they stay permanently on your corporate network and in the datacentre, so what is the problem then, why the security concerns? Like most technologies, there are lots of choices and you can easily make them less secure if you set them up wrong. For example you could allow cut and paste to the local device, allow access to thumb drives or spool your print files through the local device. However, this is just a competence question and doesn’t really get to the heart of the problem. The crux becomes clear when we start to explore some of the flexibility that this new approach allows us, like accessing our corporate desktops from untrusted devices (e.g. Our home PCs) and having a third party host the desktops for us.
Access from an untrusted and uncontrolled device is unconscionable for most corporates in the fat-client PC model. It becomes possible with a virtual desktop because the untrusted device can remain outside of the corporate network even while it is controlling the corporate desktop, which is inside the network. This means we don’t have to worry about viruses, because the remoting protocol provides an effective security barrier and only allows through recognized commands. The question arises, “what happens if the uncontrolled device has a rogue key-logger?”. This is a risk, because it would allow a potential hacker access to user-name and password information. However, the risk is relatively easily managed with a second factor authentication (e.g. RSA token). This represents a substantial project if you don’t already do it, but it is hardly a reason to move away from virtual desktops.
Third party hosting, particularly if anyone mentions the word “cloud”, is probably the biggest challenge. I completely recognise that if we are talking pure cloud, where you don’t know where it is or what network it if on, this would be a problem for most corporates and I accept that. However, there are organisations that offer hosted virtual desktop solutions where you do get a fully network-segregated solution within your own “tenant” and some can even host it in your DC if you prefer (I should know, I run one of them). This way all the corporate security features are inhereted, with your firewalls, active-directory controls etc..
I am convinced that virtual desktops have the potential to be more secure than fat-client PCs if they are set up right and we avoid the temptation to let the flexibility they offer distract us from the security implications. The forward-thinking security teams out there are demanding this stuff and managing it appropriately rather than pushing back on it.