A Brief History
Virtual Desktop Infrastructure (VDI) is not a new concept – in fact virtualized desktops can be traced back to the 1960s, when IBM divided up mainframes into virtual machines to allow for multiple, simultaneous users. The modern take on VDI emerged around 2007 with the Virtual Desktop Manager by VMware. Citrix entered the game in late 2008. Over the next years, VDI and grew steadily but slowly. Until recently. The emergence of cloud-hosted virtual desktop solutions has accelerated VDI adoption by enterprises and smaller organizations alike.
In a VDI environment, system applications and data are stored centrally on the server. Users access these applications and data from virtual desktops, via their PCs. This setup provides organizations with a number of benefits:
- Standardized environment: All organizational users can run the exact same image, easing management and troubleshooting.
- Centralized control: Allows streamlined deployment, which simplifies maintenance and support.
- Data management: Data sharing and backup is easier to facilitate since it is located centrally. Central storage location also lowers storage costs.
- Patch management: Patching of vulnerabilities is a best practice in cyber security. VDI allows quick patching of Windows instances. Distributing any types of updates can be more rapidly accomplished than for dispersed or disconnected machines.
- Flexibility: VDI provides the ability to switch between operating systems, making it perfect for testing environments.
- Savings / Cost Reduction: Reduced complexity, support and maintenance efforts, cheaper central storage, better use of old hardware, all adds to savings driven by VDI.
- Choice of different models: Virtual environments are ideal for a centralized private or public cloud. They also assist in moving to an OPEX model where you pay for what you use and keep up-front investments low for scaling your enterprise.
- Hardware costs: Virtual environments extend the life of older clients. For example, legacy computers that run Windows XP can be transformed into perfectly fine, thin VDI clients for employees who don't use CPU- and RAM-intensive applications.
- More comprehensive disaster recovery strategy: In the event of a power outage, flood or other event, or if a device is lost or stolen, recovery of the data is simpler because the virtual desktop can be made available from a different device that has access to the datacenter.
The VDI Security Myth
A VDI environment offers certain, specific security advantages. Because no data is stored on the laptop or PC, in the event of theft or loss, data is not compromised. And since VDI minimizes data distribution, it is commonly used to protect against the threat of data leakage and theft in specific industries. For example, VDI solutions are popular among healthcare providers to ensure patient privacy and comply with HIPAA requirements. VDI also makes data recovery easier in the event of a ransomware attack or other disaster.
Beyond these physical security benefits, however, virtual environments actually pose a greater security challenge. Security hazards such as remote access attacks and vulnerability exploits threaten both the physical desktop and the central virtual desktop server. The belief that because an image is isolated, and because an image is reset at the end of each session in a non-persistent or pooled mode, it is more resistant to end-user attacks and infections is misleading: By the time the system is rebooted, additional images on the server have already been infected. A single server can be accessed by many different users, all accessing their desktops and applications from a multitude of locations and devices.
The Bad - Why VDI is Hard to Protect
VDI is a complex environment to protect with many constraints that make traditional anti-virus and resource-intensive security solutions unsuitable. Traditional security tools can actually hamper VDI deployments, countering the efficiency and cost savings benefits that companies turn to VDI for in the first place. The VDI itself requires substantial memory and CPU. Adding a resource heavy security solution can result in lower virtual machine consolidation ratios, immediately raising costs and complexity. In addition, a pooled, or non-persistent environment restarts images from scratch every time. The image startup cannot support retrieving a set of attack signatures or other updates from a central server each time it boots up. The optimal security solution for VDI needs to be very lightweight and one that does not require updates.
Securing Your VDI
The right security technology protects your VDI’s systems and data without diminishing its benefits. Morphisec Endpoint Threat Prevention leverages Moving Target Defense technology to help secure your VDI from zero-days and sophisticated advanced attacks. Morphisec is an extremely lightweight, state-less agent that requires no updates and has minimal footprint, no run-time components or performance penalty, and no false positives. It seamlessly supports VDI environments such as Citrix VDI, VMware Horizon View and MS VDI, both persistent and non-persistent (pooled) running at the VDI level. It also supports Application Virtualization platforms such as Citrix XenApp.