Virtual Desktop Infrastructure (VDI) is not a new concept – in fact virtualized desktops can be traced back to the 1960s, when IBM divided up mainframes into virtual machines to allow for multiple, simultaneous users. The modern take on VDI emerged around 2007 with the Virtual Desktop Manager by VMware. Citrix entered the game in late 2008. Over the next years, VDI and grew steadily but slowly. Until recently. The emergence of cloud-hosted virtual desktop solutions has accelerated VDI adoption by enterprises and smaller organizations alike.
In a VDI environment, system applications and data are stored centrally on the server. Users access these applications and data from virtual desktops, via their PCs. This setup provides organizations with a number of benefits:
A VDI environment offers certain, specific security advantages. Because no data is stored on the laptop or PC, in the event of theft or loss, data is not compromised. And since VDI minimizes data distribution, it is commonly used to protect against the threat of data leakage and theft in specific industries. For example, VDI solutions are popular among healthcare providers to ensure patient privacy and comply with HIPAA requirements. VDI also makes data recovery easier in the event of a ransomware attack or other disaster.
Beyond these physical security benefits, however, virtual environments actually pose a greater security challenge. Security hazards such as remote access attacks and vulnerability exploits threaten both the physical desktop and the central virtual desktop server. The belief that because an image is isolated, and because an image is reset at the end of each session in a non-persistent or pooled mode, it is more resistant to end-user attacks and infections is misleading: By the time the system is rebooted, additional images on the server have already been infected. A single server can be accessed by many different users, all accessing their desktops and applications from a multitude of locations and devices.
VDI is a complex environment to protect with many constraints that make traditional anti-virus and resource-intensive security solutions unsuitable. Traditional security tools can actually hamper VDI deployments, countering the efficiency and cost savings benefits that companies turn to VDI for in the first place. The VDI itself requires substantial memory and CPU. Adding a resource heavy security solution can result in lower virtual machine consolidation ratios, immediately raising costs and complexity. In addition, a pooled, or non-persistent environment restarts images from scratch every time. The image startup cannot support retrieving a set of attack signatures or other updates from a central server each time it boots up. The optimal security solution for VDI needs to be very lightweight and one that does not require updates.
The right security technology protects your VDI’s systems and data without diminishing its benefits. Morphisec Endpoint Threat Prevention leverages Moving Target Defense technology to help secure your VDI from zero-days and sophisticated advanced attacks. Morphisec is an extremely lightweight, state-less agent that requires no updates and has minimal footprint, no run-time components or performance penalty, and no false positives. It seamlessly supports VDI environments such as Citrix VDI, VMware Horizon View and MS VDI, both persistent and non-persistent (pooled) running at the VDI level. It also supports Application Virtualization platforms such as Citrix XenApp.