Can VDI Save IT from BYOD Headaches?
With the demands of BYOD, VDI adoption is accelerating at a rapid pace.
By: Jon Senger
Oct. 7, 2013 09:45 AM
There's no doubt, personal mobile devices have permanently, and in many cases positively, altered the workplace. They've given employees flexibility in terms of where, when and how they work, offered new ways to collaborate and even delivered cost savings for employers.
However, with the good comes the bad. There's no arguing, BYOD has made corporate data more vulnerable than ever before. From unsecured laptops to rogue employees who maliciously attack the network through their own devices, the challenges facing IT are immense. In fact, a recent study shows that the majority of businesses (79%), had a mobile security incident in the past year, including 16 percent who put the cost at more than $500,000. 
At risk is money, as well as brand reputation.
Institutional control is essential, but approaches like mobile device management (MDM) and other solutions have proven ineffective on their own because they are too heavy handed and end users find ways to work around them.
Organizations need something that's lightweight and unobtrusive to the end user, but powerful enough to meet the needs of IT. Virtual Desktop Infrastructure (VDI) has been used for many years to manage desktops, and with the demands of BYOD, VDI adoption is accelerating at a rapid pace.
Bringing the Perimeter Back to the Data Center
By moving to a virtual desktop infrastructure, organizations can greatly reduce the risk associated with BYOD while still allowing IT professionals to easily deploy, configure and manage the entire end user computing experience. VDI ensures tight security across the enterprise, regardless of device, addressing significant concerns such as: securing data at-rest; authentication, authorization and accounting (AAA); and compliance.
Benefit #1: Securing Data At-Rest
One way to secure data at-rest is to keep it in the data center where it is physically secure and managed within a server-based computing solution. In virtualized desktop environments, users edit data via remote sessions. During the sessions, users see a visual representation of the applications and operating systems they are accustomed to using, however, the visual representation consists entirely of pixels - the data itself does not move over the network and is never stored on the endpoint device. With VDI, all data remains secure within the data center, removing the risks associated with data on-the-move - protecting corporate IP, customer and employee data and much more.
Benefit #2: Authentication, Authorization and Accounting (AAA)
VDI controls user access down to the device level. Before a user can access data or applications using a mobile device, VDI requires data center or desktop authentication. That means upon connection, the user must authenticate via a directory - usually Active Directory or LDAP - and receive authorization before proceeding. This level of authentication is superior to PC-level security methods, in which a user who cannot successfully authenticate to a network presumably already has access to the physical device and its contents.
Authorization determines which devices, desktops, applications or networks a user can access. With desktop virtualization, network authorization is required even before a user connects to his or her personal desktop -- which is the same way authorization is handled with a BYOD device. Absolutely no information is viewable until the user has been given access to the network.
Once authentication and authorization are complete, accounting tracks and records the user's interaction with the network and the desktop cloud infrastructure at a granular level. Administrators can audit this information, filtering by specific users, events and networks as needed.
Benefit #3: Application and Regulatory Compliance
In addition to auditing application use, many VDI solutions can also track and control data flow itself. This ensures that when users access network data - whether from a mobile phone or tablet -- they are doing so within the compliance policies and parameters set forth by the network manager.
It is important to note that the VDI solution can control both the data and the data paths themselves. With traditional device management, giving a user access to a network share on a physical PC results in data moving across the network to the endpoint, whether through a VPN or the public Internet. With a desktop virtualization container, by contrast, data never leaves the data center. The data moves from the data store to the application that is using it, but all movement takes place within the data center. This ensures a completely isolated and secure environment, especially when BYOD is involved.
That sort of complete control of the device, applications, data and networks is particularly critical in instances in which data and data flow require tight control to meet regulatory compliance laws such as HIPAA.
Desktop virtualization also offers the ability to separate auditing data, user data and system data throughout the data's lifecycle. IT can keep audit logs and backup media separated per security regulations, allowing different backups to different targets - an important part of the compliance lifecycle. Backup and control is simpler because everything remains under the system administrator's control, and in one physical location - not on the end user's mobile device.
BYOD is Growing, Ready to Explode
As the number of devices rises, so does the need for a comprehensive security strategy. One that doesn't just add heavy layers of management complexity, but instead tightens the perimeter without impacting the user experience. While a lot of technologies are trying to solve the challenge, my bet is on VDI.
For more information, download the whitepaper, How VDI Reduces the Risks of Bring Your Own Device (BYOD)
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week