New ways of working call for new ways of managing risk. Mobility, flexwork, bring-your-own device (BYOD) and increased collaboration across organizations have changed risk profiles and undermined existing IT architectures. The challenge is to allow people the flexibility they need to be productive, while ensuring the security and compliance required by enterprises. What's needed is a new security layer -- one that makes it possible to manage risk more effectively.
Desktop virtualization provides exactly that, allowing organizations to embrace initiatives like flexwork and BYOD, and deploy personnel and resources wherever and whenever they're needed. Here, I take a look at the business case for harnessing desktop virtualization to strengthen security. I believe there are at least ten highly compelling reasons to do so.
The top 10 reasons to strengthen information security with desktop virtualization
1. Support workplace flexibility and mobility Increasingly, workers work outside the office, from customer sites, at home or on the road. Their productivity depends on 'anytime, anywhere' access to corporate data and applications. To accommodate this, 'flexwork' (shorthand for moving work to the most convenient times, locations, and IT resources) is a key strategy. As well as productivity benefits, this can also reduce real estate, travel and labor costs.
Desktop virtualization platforms like Citrix XenDesktop help organizations maintain security while providing staff with IT resources from more locations. Centralized application and data management mean that IT can provide secure access to anyone, anywhere, at a moment's notice. Desktop virtualization makes mobility simpler, less costly, faster to implement and secure -- enabling companies to realize the full value of flexwork.
2. Say 'yes' to consumerization Consumerization has increased people's ability to work in the most convenient, productive manner possible. Theoretically, this spells a win-win for people and the organization -- but it greatly complicates the security picture for IT. Different devices may have different security layers, or none at all. IT needs a way to securely partition business and personal data on consumer mobile devices.
Desktop virtualization frees IT from managing security complexity across a huge range of devices. It helps prevent data from residing on endpoints by delivering Windows applications, data and desktops only in virtualized form, isolated from any personal data or applications on the device. Policies can keep unmanaged (and potentially compromised) devices from interacting with sensitive data.
3. Prevent data loss, ensure privacy and protect intellectual property For optimal productivity and speed to market, partners, suppliers and contractors need to be able to access corporate applications and data, but without being given free rein within the firewall. IT needs to not only prevent data loss but also ensure client confidentiality and compliance.
By centralizing resources in the data center, desktop virtualization lets IT manage and secure Windows applications and associated data more simply and effectively in a single location, rather than thousands of different locations. Where offline or locally installed resources are needed, Citrix allows IT to encrypt data within a secure, isolated container on the endpoint which can be wiped remotely, ensuring security even if the device is lost.
4. Maintain global compliance Compliance with laws, industry regulations and organizational policies is both a rising burden and a moving target. With little ability to control the distribution of sensitive data, IT has struggled with trans-border compliance issues. Applying comprehensive controls may be overly restrictive, while a minimum set of controls may not meet the organization's security needs.
The centralized, granular controls enabled by desktop virtualization allow IT to set the information security strategy they need from the outset, rather than addressing security issues reactively. A single set of policies can govern whether users can add applications, copy data, access peripherals and other actions, depending on their location and other factors. Centralization also reduces the burden of achieving compliance and data privacy since data is accessed without actually leaving the data center.
5. Empower contractors Businesses are increasingly using contractors, temps, consultants and outsourcing partners. While this can increase flexibility and efficiency, it also presents the security challenge of providing the resources these contractors need quickly and easily -- and removing them once the engagement is over. The devices they use can also cause problems: allowing them to use their own equipment would reduce cost, but IT can't be certain that their devices will be able to run all the necessary applications.
Desktop virtualization solves both of these problems. Windows applications and desktops can be provisioned and de-provisioned instantly from a single, central point of administration, regardless of the contractor's location. Apps and desktops can also be delivered to any device, and access can be stopped instantly once no longer required.
6. Increase the value of existing security investments Managing security for hundreds or thousands of endpoint devices is extremely challenging and resource-intensive, leading to inevitable delays and oversights. In fact, studies have shown that an overwhelming proportion of successful attacks took advantage of known vulnerabilities, for which a patch was already available.
By centralizing maintenance, desktop virtualization simplifies and accelerates endpoint security. Patches, antivirus updates and hotfixes can be installed on a single master image, then deployed almost instantly throughout the organization. Freed from the time and expense of endpoint-by-endpoint security updates, IT can focus on protecting data in the data center and responding quickly to new security requirements.
7. Safeguard information and operations during a disaster or other business disruption A business disruption, whether natural or man-made, can make organizations vulnerable as ordinary practices change, people access applications and data in new ways, and perimeter or endpoint security measures may be compromised. If disaster strikes, organizations need to ensure not only that data and applications remain secure, but also that business operations can continue as normally as possible.
By its nature, desktop virtualization supports business continuity. The centralization of resources supports a dual-data center strategy in which people are automatically switched from one to the other in the event of a critical incident. They can continue working, and IT can focus on protecting Windows apps and data within the data center, and securing, provisioning and controlling access to these resources via XenDesktop and XenMobile, rather than having to manage local apps and data on myriad user devices. Endpoints that may no longer be secure--such as laptops left behind in an evacuation--hold no data in usable form, and IT can easily remove their access to corporate applications or wipe data remotely.
8. Minimize the impact of information security breaches No strategy can guarantee perfect information security in perpetuity. An essential part of risk management is being able to limit the damage when things go wrong. Centralized management enables IT to react quickly to a security breach or misconfiguration. The first line of defense is using virtualization to isolate sensitive applications and data and run them on user privilege accounts (instead of user controlled machines), minimizing the impact of the breach of a single component. Even if the machine becomes compromised, the second line of defense resets the image through virtualization upon machine reboot. If the integrity of a user is compromised, such as in a zero-day attack, IT can quickly take down the user's profile and restore it to an uncompromised state by reverting to a golden image. With security measures installed and enforced on every virtual system, damaging attacks are prevented from spreading to other systems -- and IT can immediately update access policies across the environment.
9. Support rapid business growth When organizations open new branch offices, expand existing locations or acquire other organizations, complex distributed security models can delay the migration process as IT works to secure each new endpoint.
Desktop virtualization allows the organization's existing security model to be extended to new locations, people and groups quickly, easily and cost-efficiently. It simplifies remote office and branch management in several ways, including local lockdown, rapid setup and high availability -- enabling IT to provide instant access to virtual desktops, with no need for network integration. Adding new users to existing groups according to their security profile means that the right policies are applied immediately. As rapidly-growing organizations need flexibility to scale their operations, they can provide secure access to any type of worker in any location on any device.
10. Get security out of the way of users Traditionally, security has been enforced at the expense of users. They've been allowed to work in limited places, access minimal resources, rely on standard corporate equipment, sacrifice mobility and spend more and more time managing an array of security credentials. In response, even loyal employees can come to view security as an obstacle to productivity and look for ways to get around it.
Desktop virtualization turns this model on its head. Instead of having to deal with endless details of endpoint security, people simply sign on once to a virtual desktop, with their virtual applications delivered on-demand anywhere they need to work, on the device of their choice. This unaccustomed freedom improves productivity and satisfaction -- all while minimising the risk of a security breach. Policies are set and automatically enforced -- regardless of user or access method.
Conclusion Desktop virtualization provides a secure-by-design solution to simplify security, protect intellectual property, ensure data privacy, meet compliance and manage risk, while promoting business productivity and growth. These compelling benefits have already made it a top agenda item for most IT organizations. By leveraging it as a security layer, organizations can support key priorities such as mobility, flexwork and BYOD while managing risk more effectively. Applications and associated data are no longer scattered beyond IT's control because they remain where they belong -- in the data center -- where they enable greater business value than ever before.
Victor Tsao is the Area Vice-President and General Manager, Greater China, Citrix