There has been quite a bit of hype on whether virtual desktops provide more security than traditional desktops. All the marketing literature I have read says that it does improve overall security, but I believe this marketing literature makes several assumptions that are just not true in most organizations, and really do not account for the myriad ways data can be accessed, by limiting our scope to just virtual desktops instead of the full desktop experience we are thereby limiting our thoughts on security. Are virtual desktops more secure?
So your CIO has listened to the hype on virtual desktops and there is a new initiative, move to virtual desktops. But a few things questions pop up immediately, with the most pressing being, was a risk analysis done? if so what was the scope of this analysis? In addition, how would these desktops be used?
The vendors claim are several big virtual desktop security wins, which include:
- Centralized Management
- Centralized Patching
- Improved Availability
- Data Never Leaves the Data Center
But there are several aspects of security that are missing from this list, namely Integrity and Confidentiality. Improving just availability does not mean you have improved security. Yes it is one aspect, but we have two other aspects that seem to be ignored. Does ignoring these imply security is improved?
In general, most organizations already have centralized management of all desktops, so how does this improve overall security? Perhaps because with a virtual desktop, there is a centralized method to patch the desktops? However, this is a key component of existing centralized management, so I see centralized management and patching as a wash between virtual and physical desktops. You most likely have this capability already using the tools from the OS vendor.
Using a virtual desktop does improve overall availability as you are no longer relying on a single point of failure for the desktop, but wait I am now, the network. So if the network is not available, neither is my desktop, therefore, I have a single point of failure once more and no work gets done if the network is not available. We all know networks fail, so are we running redundant networks to each desk and outside of the environment? I recently experienced a fibre cut and any virtual desktops I had were completely inaccessible unless I happened to also be within the machine room, not something I see happening any time soon in an enterprise.
But that was external access, but this also includes network failures within the data center as well. A hosting provider I work with recently moved a bunch of customers from one set of switches to another, while it worked for 900+ customers, it failed for one, and they were off the network for over 5 hours. If this happened to your virtual desktop environment, what are your backup mechanisms?
So even though we have virtual desktops, do we really gain availability, or do we increase the risk associated with other subsystems upon which those desktops depend, such as network connections?
Given that we need to depend on sometimes non-existent networks, the data housed within those virtual desktops most likely will end up on mobile devises somewhere unprotected. Users have a way of moving data around so that they can access it easily at need, without the requirement to always go back to the data center. Just one outage during a critical meeting will change their behavior and will help themselves instead of waiting for a enterprise solution. However, in general, virtual desktops can keep your data within the data center. But the risk of it leaving may be higher depending on the business needs.
In addition, we know the desktop environment whether physical or virtual are the most attacked environment and as such is a danger to any environment. The reason is that users use these systems and advanced persistent threats will target these users. Since the users are the targets, we need to worry about such things as network segregation, anti-virus, anti-malware, and forensics. We have to increase our vigilance when user desktops are involved. Can we do that easier within a virtual environment?
This leads to several questions:
- Are virtual desktops, today, designed with segregation in mind? or is everything a flat network? Do you treat virtual desktops as a new trust zone?
- These are juicy targets that were moved into your data center, can your data center survive an attack that happens to be within your virtual environment?
- Is your virtual environment following best practices with the use of virtual desktops?
What this really means, is do you treat your physical desktops as a segregated trust zone? Is your physical desktop fully locked down, or will you impact useability by moving to a virtual environment?
All these and other questions were be answered on (10/10/11) BrightTalk’s Next Generation Desktop Summit: Webinar: Are Virtual Desktops More Secure?
Ed, all good points! There are a couple of VDI security aspects dear to my heart: access and storage . VDI is only useful if it is accessible by a client. Allowing all sorts of clients to communicate with a hosted desktop requires protection that the local desktop does not usually need. Secondly, if virtual desktop is a VM, its virtual disk is often a file that gets moved around and otherwise handled by the service admin. It better be protected (cryptographically and policy-based).
Hello Misha,
In today’s world, I believe most people can already RDP to their own desktops (even physical ones) to do work from home tasks. If this is the case then most communications of that nature already exist and should already be protected. Are they is always a good question to ask. As for encryption of the virtual desktop, it does have some benefit but only for those who really need that level of confidentiality. Encryption at rest has its place, but encryption of data at all times is really the key.
Good points.
Best regards,
Edward L. Haletky aka Texiwill