Tackling Security and Compliance with Desktop Virtualization

Todays tight regulations

Its not just financial institutions that are wrestling with compliance issues. Public sector organizations like healthcare, education, and government offices are challenged with a raft of federal regulations, including the Health Insurance and Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), the Federal Information Security Management Act (FSMA), and the Federal Educational Rights and Privacy Act (FERPA). Individual states and industries may supplement these regulations with standards of their own. Internationally, companies have to deal with privacy regulations set forth by multinational coalitions like the European Unions Data Protection Directive, and by individual countries, like Japans Personal Information Protection Law. Each of these regulations has its own set of standards and requirements, but in just about all cases, they revolve around protecting private citizen, student, and patient information from unauthorized access and malicious theft. Regulatory compliance is complicated even more by the sheer volume of digital information that must be protected, thanks to electronic health records and retention rules that demand electronic informationwhich includes e-mail messages, IM transcripts, faxes, documents, and imagesbe archived for decades or longer. Aside from compliance, major data breaches often become public information that can prove embarrassing, economically damaging, and legally problematic for the targeted organizations. In 2010, for example, military and government agencies mistakenly exposed the personal data of thousands of citizens in at least 104 incidents, up from 90 in 2009, according to a study by the Identify Theft Resource Center.1 Protecting information in the data center has its challenges, but the challenges mount when it comes to protecting end-user laptop and desktop PCs. Much of an organizations most current information often resides on these devices, which not only sit outside the more secure data center, but travel across the country or the world with their mobile users, along with USB thumb drives and smartphones. Portable devices are frequently lost or stolen, and keeping them up to date with security patches and upgrades can be difficult when theyre not always connected to the corporate network. Moves, adds, and changes can take days or even weeks, exposing sensitive data to unauthorized use by internal personnel, former employees, or malicious third parties. Many of todays organizations have a large variety of user client systems and mobile devices, requiring IT to manage and maintain numerous types of client system images in a compliant state. Many IT organizations harness virtual machines and tools such as Symantec Ghost to manage image compliance, but these tools increase complexity and administrative overhead. Theres also the problem of user error. Careless or poorly trained employees may download questionable files and applications, disable passwords, look for ways to get around security policies, and neglect their data backupall leading to compromised data protection.

Advantages of desktop virtualization

Organizations looking to address compliance and security challenges should seriously consider desktop virtualization. Similar to server virtualization, desktop virtualization abstracts the user desktop or laptop computing environment, including operating systems, user preferences, applications, and data storage, from the physical user hardware. While users may be using their laptops or desktops for work, the

1 http://www.idtheftcenter.org/artman2/uploads/1/ITRC_Breach_Stats_Report_20101229.pdf

resources and applications theyre using can be stored securely on a centralized server and accessed over a corporate network or the Internet. How can organizations take advantage of desktop virtualization to secure user applications and data? Virtualize desktops in the data center. Once you host your user desktop images in the data center, you address the most common problem of laptop and data theft. Since the desktop image and data are not actually stored on the physical PC, theft or loss does not expose applications and data directly to thieves or other unauthorized users. IT can easily block data center access from the compromised device. Another advantage involves leveraging the superior physical security of the data center and putting virtual desktops within much easier reach of IT. Administrators can manage access and implement moves, adds, changes, patches, and updates on virtual desktops much more easily than when devices are widely dispersed. Centralizing virtual desktops and laptops in the data center makes it much easier to adopt other best practices for security: Create hardened templates. Its easy to implement and maintain standard, hardened desktop image configurations across your centralized virtual systems using image template tools. You can even link master images to individually customized desktop and laptop images, so you can push out new security patches and policy changes with a simple image configuration update. In addition, recent provisioning technologies allow you to create catalogs of system snapshots that can be re-used and referenced in case of compliance and security audits. Lock down or manage access to USB ports. Its easier to set and enforce policies and security measures, such as data encryption or locking down USB ports, across virtual systems. This policy prevents users from copying data to USB memory or other portable devices. Prevent malicious downloads. IT can monitor system changes more easily in the data center, so if a user violates download policies, IT can quickly revert the offending virtual system back to its previous, secure state.

Back up virtual desktops. Rather than depending on unreliable users to back up each individual client device when and if they have time, IT can simply back up all the server-based virtual user desktops at once to a networkattached or remote store and recover them quickly when necessary. If a laptop or desktop is damaged or stolen, user information is still accessible in the data center and can be assigned quickly to another desktop or laptop device. Update security software. Users working on the road or at home on their personal devices are more likely to pick up viruses, worms, and other malware than when they are working at the office. When you store virtualized desktops in the data center, its easier to apply security updates across virtual systems to prevent malware infections. If there is an infection, you can run security scans and address potential problems without fear that a remote device may download malware and then infect your environment when it reconnects. Centralize Web and SaaS access. Because all users are accessing virtual systems in the data center, you can enforce a single secure point of access to the Web and software-asa-service applications. Virtualize your contractors. If you want to protect confidential data when working with contractors or temporary employees, give them a secure virtual desktop on the server. They get to use their own hardware devices, and you get to enforce whatever security measures are necessary, including encrypting, locking, and deleting sensitive data or terminating users immediately when necessary.

Security and compliance with Dell virtual desktop solutions

Whether your organization wants to pilot a desktop virtualization initiative or take the plunge entirely, Dell can provide the right solution for your IT environment. Dell offers a complete spectrum of virtual desktop service delivery models, including subscription-based desktopas-a-service, solutions hosted and managed by Dell, and solutions and services to support customers with building and managing an in-house solution. You can also take a gradual, phased approach or transform your desktop infrastructure all at once. Dell simplifies the process of assessing, designing, implementing, and maintaining a solution with its best practices methodologya repeatable,

consistent process that connects your business needs to the most appropriate delivery scenario provided by Dell and tailors the underlying technology implementation to mesh with your existing systems. Dell consultants will help you configure a comprehensive virtualization solution, including desktop devices, servers, storage, and services. You can also, as mentioned, take advantage of Dells virtual Desktop-as-a-Service (vDaaS) solution, where Dell implements and manages your virtual desktop infrastructure from Dell Cloud and delivers an SLA-class experience to ensure high availability and smooth operations. Dell starts with an in-depth IT assessment of your virtualization needs, including costs, savings, and total economic impact, to help you make an informed decision.

It provides a digital blueprint of your IT environment to help you choose the best virtualization options and plan for the future. Then, Dell designs a comprehensive solution that meets your security and compliance requirements and budget, gets you up and running quickly, and scales to meet future IT and organizational challenges. Meeting your IT security and compliance needs can seem daunting, but investing in desktop virtualization can solve a raft of security and compliance issues at once and lower risk dramatically.

Contact your Dell representative or visit www.dell.com/virtualdesktop to learn more about Dell Desktop Virtualization solutions.

Copyright 2011 Ziff Davis Enterprise