Securing Virtualized Desktop Infrastructures (VDI)
The idea behind what is called a
Virtual Desktop Infrastructure (VDI) is to run desktop operating systems and
applications inside virtual machines that reside on servers in the data center.
Desktop operating systems inside virtual machines are also referred to as virtual
desktops. Users access the virtual desktops and applications from a desktop PC client
or thin client using a remote display protocol and get almost the full features
as if the applications were loaded on their local systems, with the difference being
that the applications are centrally managed.
Similar to server virtualization, VDI offers many benefits such as:
- Simplifying desktop administrative and management tasks
- Users access virtual desktops running in a data center
- Technology supports both PCs and thin clients
- Desktop security and data protection are centralized
- Access can be easily extended to remote users
Corporate Challenges using VDI
VDI environments, such as Citrix, require users to run as administrators to access
applications and install associated DLLs. Malware and hackers can exploit these
administrative privileges. Additionally, they allow users to:
- Change standard desktop configuration settings
- Install unlicensed software and disable security settings
Similarly, in Microsoft or VMware environments, users with administrative access
often inadvertently delete printers for other users, causing disruption in business
and creating unnecessary helpdesk overhead.
Attaining Least Privilege User posture in virtualized desktop environments is challenging
and customers are consistently forced to make compromises on security in favor of
cost-savings. According to Gartner,
Virtual Desktop Infrastructure (VDI) adoption is growing at a rapid rate. By 2013,
it is expected that more than 40 percent of the worldwide professional PC market
and 70 percent of organizations will have adopted PC application virtualization.
Because of privilege requirements associated with application delivery, customers
are forced to run their users as administrators in VDI environments. Since the desktop
application support cost reduction,
Forrester estimates of 80 percent are compelling, customers accept the relaxed
security posture, opening themselves up to risks from accidental, intentional and
indirect misuse of privilege.
PowerBroker for Desktops Secures VDI
BeyondTrust
PowerBroker for Desktops enables organizations to remove administrator rights
and allow end-users to run all required Windows applications, processes and ActiveX
controls based on preapproved policy. This enables heightened security and compliance
even in virtualized desktop environments, while allowing organizations to harness
the cost efficiencies of VDI. As more businesses move to VDI as part of their Windows
7 upgrade cycle, PowerBroker for Desktops will be a key component to ensure secure
successful migrations.
Managing Privilege in Virtualized Desktops
PowerBroker for Desktops supports multiple desktop virtualization vendors including Microsoft, Citrix and VMware. BeyondTrust is a gold certified partner in the Microsoft Partner Program and is a member of the VMware Technology Alliance Partner program.
BeyondTrust also offers PowerBroker for Server Virtualization, providing centralized risk reduction from the misuse of privilege at both the hypervisors and guest VM levels. BeyondTrust has solutions for both Public and Private cloud infrastructures, and is an active corporate sponsor of the Cloud Security Alliance. With PowerBroker for VDI, BeyondTrust offers a cross platform package for privilege management in virtualized environments and cloud infrastructures.
"Organizations adopting virtualized desktop infrastructures are struggling with
the issue of privilege management. They are just amazed at how easy it is to re-securitize
their VDI with PowerBroker for Windows Desktops, without compromising the productivity
of their employees."
HÃ¥kan Andersson CEO, Cloud Solutions AB