Virtual desktops and DaaS have gained traction in the emerging hybrid work environment. However, the security risk caused by human error is as prevalent as ever. In this article, Vadim Vladimirskiy, CEO, Nerdio, reveals how VDI and DaaS can be a powerful security asset in the work-from-anywhere world,an aspect of virtualization not fully explored to date.
The 2021 Verizon Data Breach Investigations ReportOpens a new window estimates that 85% of breaches last year involved the human element. Given this incidence of human error, IT labor shortage and the lack of access controls, it wouldn’t be surprising if this number has grown in 2021 as well. Layered over this all is the hybrid work environment, which is fast becoming the new standard as enterprises accommodate employees’ wishes for a flexible workspace.
To support the hybrid environment, IT architects are deploying virtual desktops and desktop-as-a-service (DaaS), further relying on virtualization and the cloud to support a distributed workforce. The best-kept secret is that while some of this deployment has been driven by the pandemic, there is a valuable, long-term upside. Virtual desktops are a perfect illustration of how a strong access management control system can limit an organization’s exposure to security threats, especially when looking at end-users.
DaaS and VDI Evolution
Previously, virtual desktop infrastructure (VDI) and DaaS were avoided for concerns such as prohibitive hardware investment and intensive IT deployment and support demand (VDI) or DaaS for concerns such as licensing and cloud provider costs. Now, the landscape has changed to make VDI and DaaS more palatable. Azure Virtual Desktop (AVD) and Windows 365, for example, have made virtual desktops and cloud computing more manageable and affordable at scale. For example, the setup for AVD is simplified so there is less IT time involved, plus enterprises can use existing eligible Window licenses to save costs and streamline investments.
Enterprises wanting to implement VDI and DaaS for the first time need to throw out the rulebook they’re used to and start afresh with a new set of security rules and protocols tailored to VDI. In the long run, this will save headaches and unnecessary costs.
One of the first tasks is to analyze enterprise workloads and look several years out to estimate the percentage that will be on-premises, cloud-managed or hybrid. Reticence still exists among enterprises to go fully virtual. Take a reality check on what percentage of workloads may still reside on-premises in a few years. With that knowledge, you may be tempted to use existing desktop or server solutions and migrate them to VDI or DaaS. However, these likely will not support VDI operations like single image management or multi-user sessions. Fortunately, there are virtual desktop solutions in the marketplace that can help IT get started in moving workloads to the cloud and make it easier to calculate the costs of moving to services like AVD.
See More: 8 Tips To Implement an Effective Disaster Recovery
Implementing Security Controls
Identity and access management are essential to ensuring the hybrid workforce has sufficient application and access controls while at the same time supporting their productivity. With proper IAM and controls in place, enterprises can protect sensitive data by making sure only those who absolutely need it have access. This seems like a tightrope to maneuver at times and in larger organizations, but there are practices to make security more effective and less invasive to the end-user. They include:
- Utilizing Zero Trust works on the logic that no one user or device is automatically trusted. It requires going beyond typical identity authentication and looking at user session behavior and other attributes to authorize access. Zero Trust is a dynamic process and is most effective when incorporating AI and machine learning to make access decisions. Since end-users may switch jobs within the enterprise, for example, dynamic Zero Trust can stay apace of these changes and keep identity management current and able to provide end-users the applications they need.
- Offering Windows in the cloud enables enterprises to more securely store data and applications while using DaaS to provide end-users with their authorized applications. It affords the end user the convenience of using any device, at any endpoint location, by signing into their user profile – an important asset in the hybrid workspace environment.
- Ensuring operational updates are as important in VDI and cloud workspaces as they were with traditional PC computing. AVD, for example, posts updatesOpens a new window that include access and security fixes. These can range in severity, but timely updates must be a routine practice as it hopefully was in the pre-virtual era. Virtual desktops help with operational efficiency as they can be managed in groups making tasks like patching easy, quick and centrally administered.
See More: How Disaster Recovery In The Cloud Reduces Your Risk: It’s About Time
Making the Virtual Worker Less of a Data Threat
Preventing human errors from generating threats and continually communicating the need for secure practices at the workspace are the tasks IT has going forward. Cloud computing and virtual desktops offer increased security, but the end user’s actions must always be considered as a possible risk. To remedy this, think of intelligence, education, and cooperation.
According to MicrosoftOpens a new window , 97% of attacks are automatically remediated on endpoints using AI within Microsoft 365 E5. Preventing and/or containing threats at the endpoint before they enter the network is most effective using AI and machine learning tools.
Educating end-users, whether employees or contractors, on security access and identity controls in place is important across the enterprise. Phishing threats, unsecured ‘rogue’ devices in use and letting other individuals share passwords for convenience in getting a file are the types of behavior that can be dangerous. An end-user must believe that restricted access to applications unrelated to their task is being done for protection and not as a frivolous annoyance to them. How education is implemented can be challenging. The previous in-person meetings or company newsletters must be replaced with Zoom/Teams tutorials if it’s a major security upgrade or a brief mention at the top of team conferences that certain log-in procedures might be different. Each enterprise has its own culture. Having departments take responsibility for communicating with their respective team members is one way to personalize the information.
Hopefully, with education and understanding comes cooperation. The expectation is that automation, AI and machine learning will identify anomalous behavior to prevent threats. Nevertheless, it’s a good idea to encourage all end users to quickly report suspicious activity and offering an incentive for the best tip goes a long way to nurture engagement!
Virtual desktops are here to stay and, thanks to advancements in VDI, enterprises can deploy virtual workspaces with less cost and headache. It’s important to think past the current hybrid workforce environment, plan your VDI a few years out, then thoughtfully build a strategy that will enable IT to securely scale more desktops. Add to this best practices in access control and user identity, and an enterprise can deliver a productive end-user experience at scale.Â
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.