User experience drives virtual desktop deployments and can either make or break them. If the user experience is awful, users will find other, often less secure methods for doing their jobs. VDI sits at an interesting crossroads where storage, memory, networking, CPUs, and GPUs must be properly tuned. Any adverse impact from any one of these resources could spell the doom of a virtual desktop user experience. The ProjectVRC team and others have taken a comprehensive look at potential adverse impacts, but they have only examined security from the viewpoint of those who implement antivirus and anti-malware solutions. While this is valuable, they do not cover the grander picture of security around virtual desktops. Even today, many years and versions after virtual desktops were first implemented, there are still fundamental functions missing in the realm of security. Continue reading State of the Art: Virtual Desktop Security
There was recently a rather heated twitter discussion between @Guisebule, @VirtualTal, and @Texiwill (myself) about using virtual desktops as a part of cyber defense. While this could be true, there is a need to ensure you know where your virtual desktop(s) start and end, not only within the network, but your applications in use. In addition, it is very important to fully understand the scope of a virtual desktop architecture as well as use. There are some use cases that work very well for use of virtual desktops as a part of cyber defense or for that matter just make sense for virtual desktops. There two ways to make virtual desktops part of your cyber defense but they both require more than network security.
Bromium have released vSentry 1.1 which will brings Bromium’s benefits of micro-virtualization and hardware based security to a far wider range of enterprise desktops. This is the release you’ve been waiting for: and if you’ve not been waiting, this is definitely the release to consider.
We’ve spoken before about Bromium when they unveiled their micro-virtualization trustworthy security vision. Bromium’s message and focus was simple “standard workspace security is reactive, not proactive“. Whatever you have in terms of anti-virus or malware detection is only good once a new threat is found, understood, a patch created and deployed. This poses the very important question “what is the impact of the time delay between threat found and threat contained?”. Bromium’s goal was to dramatically reduce that “and”.
You may contest, “ah, but I can solve this workspace threat issue by making physical desktops, virtual desktops”. This is not the case. We evidenced this in Virtual desktops (VDI) are different, but not hugely better in terms of security, than physical desktops. You do not deliver better security by simply virtualizing the desktop.
So what does vSentry v1.1 bring? How is it better than v1? What can this mean for your organisation?
Are virtualised desktops – be they hosted desktops (VDI) or session desktops (RDSH) more secure than physical? We’ve questioned before the benefits of a virtual desktop infrastructure with respect to security. Is VDI secure? Is VDI inherently more secure than “traditional desktops”? In our article Virtual Desktop Security? Are They Secure? We considered VDI vendor claims that there are several big virtual desktop security wins:
- Centralized Management
- Centralized Patching
- Improved Availability & Flexibility
- and importantly, data is held in the data center where it can be monitored and audited – not stuck out on end devices. Continue reading VDI Security – better than physical desktops?