Trust between an employer and its employees is a fundamental pillar of business success. The problem is that the world of enterprise communications has become so complex, with so many ways of connecting to corporate networks, that often it’s simply not enough to trust employees to follow corporate security procedures and protocols.
Serious data breaches aren’t always caused by carelessness or maliciousness – even the best-intentioned and conscientious employee can mislay a device or fall victim to a sophisticated spear phishing attack.
The battle against cybercrime is being fought through every layer of enterprises’ organisation and infrastructure, but it is the endpoint in particular that should be causing CIOs sleepless nights. According to a 2015 report from Verizon, 9 out of 10 cyberattacks targeted endpoints in the last year, while Dell’s recent Annual Threat report highlighted the increasing sophistication of attacks, with criminals employing a range of new, stealthy and shape-shifting tactics.
Enterprises need to balance security with the need for employees to be productive, but relying on disjointed or outdated point solutions leaves them open to all manner of attacks. This is why we are seeing more and more businesses choosing virtual desktop infrastructure (VDI) to secure endpoints and bring them fully under the organisation’s control, without sacrificing any of the functionality or accessibility that makes these devices so important to employee productivity.
Virtualising applications and desktops enables enterprise control over access to corporate data, whether that access is from a corporate owned device or an employee owned one. A centralised management console also enables system administrators to apply security policies and software, and control access permissions depending on the location and ownership of the device.
The traditional model of managing endpoints suggests that businesses must typically install multiple and complicated pieces of security software across all of their premises’ systems. This takes time to coordinate, and can include setting up patches and updating them uniformly across every desktop, laptop, tablet or mobile device. There is also the ongoing requirement to supervise installations and address potential threats on every device.
With VDI, however, it’s easy and intuitive to deploy security onto any number of devices. The VDI blueprint codifies the ways for companies to deploy security solutions seamlessly. Doing so according to the provider’s reference architectures automatically delivers to a pre-agreed number of users and is scalable depending upon the needs of the organisation.
Recent IDC research shows that three out of four employees at European companies will fully buy into the mobile way by 2018. The devices they need to achieve this are rich repositories of corporate data, applications and resources, much of it highly confidential, which require the most stringent protection – while, of course, ensuring that this does not hamper the mobile employee. A recent Forrester report shows that this new breed of worker needs to access sensitive data 24/7 from any place or device, with as many as one in two having access to customer data they don’t necessarily need for work.
Against the background of more endpoints, devices, and data and with security threats intensifying in number and impact, companies benefit from a centralised VDI solution in the following ways:
- Data can be managed centrally, securely and flexibly. Companies gain 360 degree visibility over their data and more easily assess and detect threats as they arise. This could also make IT departments more coherent. As endpoint security sits between the desktop/workplace IT and network teams, a VDI deployment could help bridge that gap.
- Data does not sit on any particular device. This could undercut ransomware attacks as it deprives hackers of the ability to hold individual employees to ransom and also disincentives them using email spam as they wouldn’t be able to extract any data from the victim’s device. This is especially important as the number of devices used by each user continues to grow.
- Thin clients are far more resistant to malware with the most secure thin clients having no published API which can be exploited. This is significant given that malware attacks reached up to 8.19 billion in 2015, according to Dell’s Annual Threat Report.
- End-to-end advanced threat protection, file-level encryption and authentication. As referenced above, cyberattacks are becoming increasingly diverse and shape-shifting and companies need to put in place comprehensive security solutions and enable privileged access to data.
One enterprise that has made huge efficiency gains through VDI is the Israeli Electric Corporation (IEC), which switched to Dell Wyse endpoint devices. Over the course of 18 months, the team deployed around 10,000 individual devices. Not only was user feedback highly positive, but because the endpoints don’t store data locally this removed a host of potential vulnerabilities. Prior to virtualisation, IEC experienced hundreds of security alerts from their desktop devices every day; this has now been reduced to just eight a month “at most”, enabling the IT team to focus on creating new solutions for the business and coming up with ways to further streamline security issues.
While the IEC project focused on desktop devices, exactly the same principles apply to mobile devices. In deploying VDI to these endpoints, businesses are able to provide an answer to the perennial question of how to marry flexible working with security, and remove any worries they have about trusting their employees to follow security practices and protocols.