With BYOD and the popularity of mobile devices on the rise, data is becoming increasingly vulnerable. As a result, organizations worldwide are under pressure to find new ways to connect users to their applications, data and documents, while increasing operational control and reducing security risks.
From its inception, a Virtual Desktop Infrastructure (VDI) has held an inherent advantage when it comes to security. In virtualized desktop environments, all data remains exclusively and entirely within the data center. Although users of virtualized desktops experience the same interaction with data that they always have, and can even enjoy the flexibility of using their preferred devices, such as personal tablets and laptops, no data actually flows across the network and no data resides on end-user systems in virtualized desktop environments. The scope of securing the environment therefore narrows to securing the data center – a much more manageable exercise.
By moving to a virtual desktop infrastructure, organizations can greatly reduce risk in key areas that present challenges, including BYOD, compliance. and business continuity. Concero Cloud Desktops is VDI-as-a-Service. It offers all the advantages of VDI and makes them available on-demand to any organization.
Cloud Desktop Security Benefit #1: Securing Data at Rest
Solving the challenge of data at rest – keep it in the data center and off the desktop.
Inactive data, such as a document stored on a user’s desktop and not currently in use, presents a challenge to information security professionals. Regardless of how long it has been since someone last accessed the document, the document must remain secure, with appropriate encryption and backup, and it must remain readily available to the user.
One way to secure data at rest is to keep it in the data center, where it is physically secure and managed within a server-based computing solution. In virtualized desktop environments such as Concero Cloud Desktops, data and documents never leave the data center. Rather, users work interactively with a “display” of their desktop, applications, data and documents on the screen of their end-point device, which may be a workstation, a laptop, a tablet, or a smartphone. The display consists entirely of pixels – data never moves over the network and is never stored on the endpoint device. All data, including data at rest, remains securely within the data center.
Cloud Desktop Security Benefit #2: Authentication, Authorization and Accounting
Desktop virtualization, like Concero Cloud Desktops, addresses three critical criteria in securing your environment.
Authentication, authorization and accounting, known as AAA, are critical criteria for securely controlling and monitoring access to a network and its resources. Desktop virtualization addresses each of these by:
- Verifying identity before allowing any access at all (Authentication)
- Determining exactly which desktops, applications or networks any user can access (Authorization)
- Tracking and recording a user’s activity on the network at a level (Accounting)
Just like a personal computer, Concero Cloud Desktops control user access down to the desktop level. However, even before a user can access data, documents, applications or even the desktop itself, Concero Cloud Desktops requires network-level authentication. That means that upon making a network connection, the user must authenticate via Active Directory to receive authorization before proceeding. Authentication can also be restricted geographically or by trusted MAC address to filter out unauthorized attempts at network-level authentication even before they can be made.
This level of authentication is superior to PC-level security methods, in which a user who cannot successfully authenticate when attempting to connect to a network presumably already has access to the physical PC and its contents.
Authorization determines which desktops, applications or networks any user can access. With Concero Cloud Desktops, network authorization is required even before a user reaches the desktop. Concero utilizes a two-factor authentication process that includes standard user/password login requirements and, optionally, a second layer of authentication through third-party services that integrate with Concero Cloud Desktops are available for only a few dollars per user per month.
Even through a BYOD device, absolutely no information is viewable until the user has received access to the network.
Once authentication and authorization complete, accounting tracks and records the user’s interaction with the network and the desktop cloud infrastructure at a granular level. Concero can audit this information, filtering by specific users, events, networks when needed for at least 30 days.
Cloud Desktop Security Benefit #3: Application and Regulatory Compliance
Concero Cloud Desktops addresses both licensing and regulatory compliance out-of-the-box.
Licensing compliance is simple because Concero Cloud Desktops are a service. Concero is fully responsible for all licensing and support agreements related to the delivery of the service up to and including the application layer for Microsoft Office and Office 365 applications. But even for other third-party application, Concero Cloud Desktops make it easy to control and report on which users are using what.
In addition to licensing compliance, Concero Cloud Desktops make regulatory compliance much easier. With Concero Cloud Desktops, users must work within the compliance policies and parameters set forth by your organization. With a PC, giving a user access to a network share on a physical PC results in data moving across the network to the endpoint PC, whether through a VPN or the public Internet. With Concero Cloud Desktops, by contrast, your desktops, application, data, and documents never leave the data center. This sort of complete control is key in instances in which data and data flow require tight control to meet regulatory compliance laws.
Moreover, organizations using Concero Cloud Desktops get the added benefit of leveraging the security certifications, such as SSAE 16 SOC II, that are already in place for the data center where your data always resides. This foundation makes it far easier and less expensive to achieve other industry-specific security certifications, from PCI to HIPPA.