A lot of companies have a system of virtual desktops that they use to make their business work. It could be a healthcare business, and the console follows the doctor around. Maybe it’s a bank and the tellers have to switch kiosks from time to time. Maybe it’s manufacturing, and there are a series of terminals that machinists access from time to time to update progress and get notifications. Or it’s a practical sense – virtualizing a lot of infrastructure means you can cut costs and rapidly provision and de-provision machines as you need. Whatever the reason, there are a lot of virtual machines also known as virtual desktop infrastructure technology (VDI), running around nowadays.
Like any desktops, virtual desktops slowly accumulate clutter. A lot of the time, it’s benign – a temporary file here, a spreadsheet you’re no longer using there – but sometimes it can be quite dangerous. Attackers gaining access to a virtual machine get the same perks as access to any other machine after all. One nice thing about virtual desktops is that you don’t have to worry about clutter (and viruses and other dangerous bits) because you have the option to simply remove the desktop and create another one, often on a regularly scheduled basis. Some places go as far as removing them each and every day: in some places, it’s monthly, and there are all kinds of other uses as well. Sometimes, in some places, it’s about faster deployment and cost savings vs. traditional physical machines. Other times it’s about having ease of deployment or customization and flexibility. Whatever the reason, businesses are using VDIs and the trend is to use them even more.
VDI Security Risks
While using VDIs helps provide some additional security, it also provides new security challenges. Establishing modern cloud-based security with brand new machines on a regular basis is a challenge. It’s like you’re hosting a series of parties and every single person you talk to is brand new. There’s no way to get to know anyone well, and in many ways there’s no point – the people you met at the last party are gone, and it’s all new folks the next time around. Which makes it very difficult to establish the kind of trust you need to feel secure about letting people into your place without some supervision, and even more difficult to trust that you’ll get back that new glass pitcher you just got for Christmas that they want to borrow.
Modern security is all about trust. When you’re trying to secure machines that you know are going to be under attack, you need to know who your allies are and who the enemies are. And in a modern cloud computing world that has gotten challenging. So at that moment when you’re in the digital factory minting out new machines to issue, trust needs to be established. On the other hand, you can’t just throw something onto the base image because that’s something that will be on every machine, and not something you can implicitly trust.
Making VDIs Safer and Easier to Use
The key is that you know things that the attackers don’t. It’s the same sort of thing that makes it simpler for your employees to know they’re logging onto the right machine, or at least one of the right machines. This is something you have. Add to that something you know and something you are, and you’ve got the three pillars of modern authentication. In this case the something you are phoenix-like, getting reborn but holding onto just enough of its past to allow you to identify it in its new body. In effect, you’re maintaining trust throughout the rebirth process.
This new security approach means you can have your cake and eat it too, in a digital way. By recreating machines on a regular basis, you eliminate a lot of potential persistent threats and make it much more difficult for attackers to gain a foothold. At the same time, you present a clean, consistent experience to your users. You can do it without having to compromise security by enabling modern passwordless and MFA approaches that could persist even after a machine has been binned and then recreated to serve again.
Modern Security meets Reincarnation. Sort of. Delivering modern digital security to your users and workstations in an automated, repeatable way. Modern computing can be pretty cool. I invite you to register for the upcoming webinar on Thursday Feb. 22, 2024, titled: Get VDI Security with a Frictionless Experience, at 8 a.m. PT | 11 a.m. ET.
