Secure Virtual Desktops


Stop me if you’ve heard this one, “This is the year of the virtual desktop”!!  Hell, I think I’ve even said it a few times!!  It’s usually met with the same response “Seriously Trogden, if I hear that one more time, I’m going to pull my hair out!!”.  You know what usually happens after that, I say it again just for effect 🙂

Truth be told, a year ago there probably wasn’t that big of a justification to do a VDI Proof of Concept. A lot of the reasons for this had to do with how the industry was positioning VDI (me included).  Consider over the last few years, most vendors and consultants were trying to justify VDI on CAPEX reduction.  I remember spending time with a few partners of ours working through the different price models of “traditional desktop purchases” vs. Virtual Desktops etc.  I think for the most part, it’s difficult to get these numbers close to making it a wash.  I’ve always felt that you have to be either the same ($$$ wise), or lower ($$) on the overall desktop acquisition to justify deploying Virtual Desktops.

Over the last few months, my opinion as well as opinions of others I’ve talked with is shifting.   For those of you that have an open mind, and are looking for further justification, let me give you a little more food for thought.  If you’ve been to, watched any sort of news program, I’m sure you are aware of the site  The Wikileak site has escalated the need for secure desktops.  Most of us associate Wikileaks with the US Government scandal of a soldier e-mailing out a ton of classified and confidential information.  Wikileaks brought to the forefront the topic of information governance.  On the vSpecialist team we have a few individuals that focus squarely on RSA and the information governance solutions we carry.  I can tell you that they are OVERWHELMED with request to discuss information security.  If you ask them, they’ll tell you that a lot of their conversation is around utilizing Virtual Desktops to help secure corporate information.  There is more to desktop security then just making sure your corporate information is saved inside the datacenter.

What you need to further think through is things like identity verification.  Utilizing things like RSA’s two-factor authentication solution (Those sweet fashionable FOB’s we all love to carry around).  Published Author and well know information governance speaker Erin Banks (You should REALLY follow her on Twitter) likes to point out that hacking a cached Windows password is relatively easy.  I’ve heard her mention many times that a large part of information governance is making sure the right people have access to the right data and in the case of windows authentication, it’s not nearly as secure as many think.  “In some cases high School kids with a relative understanding of computers can hack a windows domain password” is what I’ve heard her say on a number of occasions.  When you take the inherent ability of securing your information inside the datacenter, coupled with RSA’s two factor Authentication solutions you get one step closer to securing your data.  Now, Virtual Desktops add a layer of security, RSA Data Loss Prevention allows  you need to focus on the disgruntled employee or nefarious individual attempting to print or send an e-mail outside the firewall with company confidential information. This can even be “laptop stolen” type scenarios. 

My opinion is that Wikileaks has the potential to go down in precedent-setting history just like Enron did for the accounting rules.  I firmly believe that it will be the example set by others on why information governance is so important.  When you add RSA Data Loss Prevention (DLP) solution, on top of a virtualized desktop you move one step closer to managing, from a security perspective, potential information governance issues.  If you are not familiar with DLP, check out this quick YouTube demo (thanks Chad!!) of its features when coupled with VMware View.

The net-net is DLP is a suite of products that enable companies to discover and classify their sensitive data and report on policy violations.  Whether the violation is simply reading information you shouldn’t have access to, or reporting when the data is moved to USB, printer or e-mailed out the company firewall.  I like to think of it as adding a little “Wikileak Repelent” to the datacenter!!  Don’t get me wrong, as my dad would say “a lock is to keep an honest man honest”, nothing is 100% full proof but putting your best foot forward, and documenting as much as possible, can sure keep you out of hot water in the future.  Unless you like to see your CEO/CFO on CNN discussing what happened!! 

So, if you’ve looked at Virtual Desktops in the past and just couldn’t make the justification based on price, now might be a great to re-evaluate.  If nothing more, you owe it to your company to further investigate the usefulness of this architecture.  The last thing anyone wants to see happen is your company confidential information being sent to your competitor, or worse, front page news on WikiLeaks !!



2 thoughts on “Secure Virtual Desktops

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s