Properly implemented HVDs can increase security, and help organizations and infrastructure leaders meet compliance requirements. However, before assuming HVD is the right answer to all security and compliance concerns, security professionals need to consider the alternatives available.
"Having the organization's data spread across hundreds or thousands of devices, many of which leave the physical security of office locations, presents a significant risk of data loss," said Neil MacDonald, vice president and Gartner Fellow.
"HVDs can help improve the security standing of the client computing environment by centralizing sensitive information and applications in the data center, giving IT system and security stakeholders the opportunity not only to improve support efficiency, but also security," MacDonald added.
HVD is a technology that enables client computing to shift from a device-centric to a user-centric workspace, application and data delivery technology while providing an endpoint-agnostic access solution where the user's workspace can be accessed from many different locations using many different devices.
Although HVD architecture holds the promise of a more secure environment, it can only do so if carefully planned, deployed and configured, then managed consistently on an ongoing basis. Security may be a native strength of the HVD architecture, but any solution under consideration must be cost-effective and compatible with the applications user's need, must be sized appropriately for capacity and performance and, most importantly, must deliver a good end-user experience.
"An HVD architecture is complex, and infrastructure and security stakeholders must consider multiple facets, such as device form factors, access methods and data security, to avoid potential issues," said Nathan Hill, research director at Gartner. "Chief among the concerns of organizations is how they capitalize on the opportunity to use HVDs and ensure that the environment is secure, and which areas of the architecture represent a change in risk profile from traditional client computing architectures.
Many traditional PC security considerations remain with the HVD architecture, including desktop OS antivirus protection, but the complex nature of the HVD architecture also introduces new areas where security must be considered. Security stakeholders must ensure that they address the security requirements of the access device and remote connectivity, in addition to the virtualization platform.
Emerging HVD security solutions promise enterprises and users more efficient and secure platforms tailored for the architecture's needs. Over the past four to five years, there has been an improvement in platform architecture, with the evolution of software and hardware tailored to the workload, including HVD appliances, reference architectures, storage virtualization and personalization software. The same is true for security solutions that are evolving to meet the demands of the platform, and to offer increased security and/or performance.
"Centralizing workloads gives organizations the potential to improve security, but because risk is aggregated in the data center and network with HVD, strong security controls are required to protect the infrastructure," said Mr. MacDonald. "As a result it's important to address data and HVD security requirements, and leverage the security capabilities of the Citrix and VMware product sets, when required."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.