virtual desktops: how secure can they be?
DESCRIPTION
This presentation by Danny Allan, Desktone's Chief Solution Architect, is an overview of virtual desktop security: concerns, risks, challenges associated with traditional PCs and (VDI) Virtual Desktop Infrastructure, and the benefits of moving virtual desktops to a cloud hosted model to reduce and eliminate security risks associated with traditional desktop management strategies.TRANSCRIPT
1©2009 Desktone, Inc. All rights reserved.
Virtual Desktops:How secure can they be?
Danny Allan, Chief Solution Architect
April 26, 2011
2©2011 Desktone, Inc. All rights reserved.
Agenda
Today’s Presenter
Danny AllanDesktoneChief Solutions Architect
1. Traditional Desktop
2. Virtual Desktop Infrastructure (VDI)
3. Cloud-based Desktops
4. Desktop Security5. Desktone Overview
3©2009 Desktone, Inc. All rights reserved.
Desktop Virtualization& Cloud Overview
TraditionalDesktop
4
• “Utility” billing (pay as you use)
• “Unlimited” processing and storage
• Elasticity to scale up or down
• On demand, self-service
• Highly automated
Maximize revenue
Reduce cost
Expedite time to market
Focus resources
Do more projects
AccessibilitySpeed
Cost
Dynamically scalable, virtualized resources provided as a service
Why the Switch to Cloud?
For a variety of reasons, cloud technologies are too compelling to ignore.
5©2009 Desktone, Inc. All rights reserved.
Desktop Virtualization& Cloud Overview
6©2011 Desktone, Inc. All rights reserved.
OSDataApps
SettingsPreferences
Desktop Management Today
Expensive
Support-heavy
Insecure
Tipping point for change is here...
Migration to Windows 7
New mobile access
Tighter IT budgets
Security
7©2011 Desktone, Inc. All rights reserved.
The Promise of Virtual Desktops (VDI)
Cost reduction IT consolidation Easier to manage Happy users
OSDataApps
SettingsPreferences
Virtual Desktops
Virtual desktops
Centrally managed
In IT data center
8
… but major BARRIERS exist
Traditional VDI Reality
©2011 Desktone, Inc. All rights reserved.
Start UpHuge up-front costs
Many Moving PartsComplex to design & build
Operationally IntensiveDifficult to maintain
Is It StrategicDo you want to be building and managing data centers
9©2011 Desktone, Inc. All rights reserved.
Ease of management Device independence Lower TCO Low cash out = low risk Customer satisfaction
Cloud-Based Desktops (DaaS)
Desktop Cloud
From Any Location
FIXEDTELEWORKERSTEMPORARY OFFICES
PARTNERS &SUPPLIERS BRANCH OFFICES
From Any Device
Business Benefits
10
Securing the
Desktop
11©2011 Desktone, Inc. All rights reserved.
End-to-end Desktop Security
Manage
Protect
Deliver
Assess
Ensure the desktop and OS have the needed AV, FW, patches and config
Verify that the delivery of the desktop is not monitored or altered
Assess user compliance with business conduct guidelines
Defend the desktop from malicious and unauthorized access
PersonalDesktop
12©2011 Desktone, Inc. All rights reserved.
A desktop management problem
20 M desktops infected with malware in 1H10 in USA
* http://www.microsoft.com/security/sir/
13©2011 Desktone, Inc. All rights reserved.
Desktop Management
• Challenge• Comprehensive and consistent OS patching and configuration• User controls / application controls• End point controls• AV/FW synchronization
• Real world example• LIHF – 8B security incidents every day• Rimecud, Stuxnet
• Ability to Deliver1. DaaS – Ability to deliver sandboxed solutions across the internet2. VDI – Multi-tenancy is impossible to achieve internally3. Traditional – Unmitigated disaster resulting in largest security spend segment
14©2011 Desktone, Inc. All rights reserved.
A desktop protection problem
1.7 M records known lost on stolen laptops in 2010
• http://www.microsoft.com/security/sir/ • http://www.datalossdb.org/
15©2011 Desktone, Inc. All rights reserved.
Desktop Protection
• Challenge• Defending the desktop against unauthorized access• Compartmentalization of duties (service and enterprise)• Providing effective desktop backup
• Real world example• Lost & stolen laptops (10K/w)• HILF – User identity in Orange County
• Ability to Deliver1. DaaS – Separation of roles2. VDI – Ensuring operations policy & procedures3. Traditional – Unmitigated disaster resulting in millions of records lost
16©2011 Desktone, Inc. All rights reserved.
Desktop Delivery
• Challenge• Eliminating the threat of eavesdropping• Ensuring the user can trust the communication from the server• Ensuring the server can attest to client actions
• Real world example• Critical vulnerabilities in RDP < 7.0 (eg. MS09-044, MS05-041)• CSRF vulnerabilities are exploding
• Ability to Deliver1. DaaS – Consider stronger encryption capabilities across the internet2. VDI – Many respected guides recommend disabling RDP encryption3. Traditional – Due to the significant variations and types of communication initiated
from the desktop, it is difficult to impossible to lock this down securely
17©2011 Desktone, Inc. All rights reserved.
A User Monitoring Problem
3M records known stolen by malicious insiders in 2010
• http://www.datalossdb.org/ • http://www.kwtx.com/
18©2011 Desktone, Inc. All rights reserved.
Desktop User Assessment
• Challenge• Ensuring user behavior conforms to corporate policy• Monitor for malicious user behavior• Collecting and evaluating desktop logs across a complex, multi-geo environment
• Real world example• Data loss prevention is a growing problem (eg. PFC Manning)• Employee spends all his time Facebook
• Ability to Deliver1. DaaS – Central point of deployment allows for centralized visibility2. VDI – Still need to set up IPS, DLP, reverse proxy, etc3. Traditional – Difficult to impossible to achieve in a distributed environment
19©2009 Desktone, Inc. All rights reserved.
Desktone Overview
20©2011 Desktone, Inc. All rights reserved.
Who is Desktone
= Cloud-based Virtual Desktops
• Built from the start for cloud-hosted desktops as a service (DaaS)
• Security, end-user performance and customer support is JOB #1
• Frictionless try and buy experience
• Optimized, tested & deployed with the worlds largest companies and service providers
21
BenefitSimplified desktop deployment Centralized desktop management Walk-off data security Simplified issue resolution and recovery Genuine, customizable Windows client environments No upfront CAPEX Pay as you go Time to value in weeks, not months Leverage carrier-class scale Expand geographic coverage Reduce complexity and risk Data Center Scale Democratic – Small, Medium, Enterprises, EDU, Gov’t
DaaS
VDI vs. Cloud based Desktops
VDI
22©2011 Desktone, Inc. All rights reserved.
1. IT Friendly Solution
Easy to manage On demand desktops: add,
remove, & modify at will
Centralized (security) management from any device
Visibility into user activity
No data on devices
Easy to try Free trial in minutes: (
www.desktone.com)
Pilot ease – no infrastructure required
23©2011 Desktone, Inc. All rights reserved.
2. Device & Location Independence
Embrace next-generation of employees
Work and access corporate apps and data from any device: Mac, Ipad, Droid, thin client, laptop, PC (http://www.youtube.com/user/Desktone)
Work from anywhere: home, office, or Starbucks
Leverages “Bring Your Own PC” (BYOPC) movement
“Instant on” experience
24©2011 Desktone, Inc. All rights reserved.
3. Lower Total Cost of Ownership (TCO)
No complicated infrastructure to configure and build
Centralized support and management
No expensive management resources required
No hidden costs
25©2011 Desktone, Inc. All rights reserved.
4. Low Cash Out = Low Risk
No infrastructure investment
Pay for only what you need
OPEX budget consistency
26©2011 Desktone, Inc. All rights reserved.
5. 100% Customer Satisfaction
Services – rapid deployments Support – dedicated virtualization experts Operational Excellence – 4 years of hosted
desktop delivery Training – rich library of self-paced training
modules and live knowledge transfer sessions
27
How it Works
©2011 Desktone, Inc. All rights reserved.
IT Shared Resources
Desktone’s Delivers
End User Devices
• Active Directory• User Data
• Storage
• High performance network• Secure & Compliant
• Personalized desktops
• Bring your own licenses
• Centralized management & reporting• Provisioning on demand
Client Manages
Remote Display
Network Connection (VPN)
•Access from anywhere
Access Anywhere
28
The Desktone Cloud Consists of
two primary interfaces
Desktone Enterprise CenterUsed by desktop admins to manage the Desktone Cloud
Desktone PortalUsed by end-users for access to resources on the Desktone Cloud
29
End Point Devices
1. Mobile DevicesiPad “DaaS Mobile Client” avail in the iTunes Store
2. Thin clientsAll leading vendors supported
3. Standard PCsAccess through their preferred web browser or DaaS Client.
End-User Access
30
What the Analysts Say
“Enterprises want to take advantage of virtual desktops, but are
stymied by cost and complexity. With its attractive price point and
easy on-ramp, the Desktone Cloud lowers the barrier to entry. “
“If nobody had influenced you in any way and you were just asked to
draw out a sense of a virtualization of services to end users, you would
head in this direction. I have no doubt about it. It’s very appealing.”
“This idea of desktops as a service is gaining a lot of interest in the market. IDC believes it is very valid model; the technologies are coming together and I expect it will gain in adoption."
31©2011 Desktone, Inc. All rights reserved.
Summary
• Cloud computing is changing the world of IT
• The current desktop management market is ripe for change
• Virtual desktops have a significant security advantage• No data on lost and stolen laptops
• Centralized desktop management, control and visibility
• VDI was supposed to solve the problems – but has introduced other issues for most especially cost and complexity
32©2011 Desktone, Inc. All rights reserved.
Resources
• Free Desktop Security White Paper http://bit.ly/slidesharedesktopsecuritywp
• Free Trial: www.desktone.com
33©2011 Desktone, Inc. All rights reserved.
Questions??
Questions / [email protected]
Schedule a Live Demo866-691-5660 or [email protected]
Desktop in 90 Seconds!Check out our Free Trial of a Cloud Hosted Desktop – in less than
90 seconds you’ll be up and running! http://bit.ly/securedesktopfreetrial