How VDI can help organizations be more secure

I don’t envy corporate IT teams today. For every automation or convergence that’s made your jobs easier, you’ve been handed dozens of difficult cybersecurity concerns upon which the fate of your company rests (no pressure).

When my team at Wyse introduced thin clients 22 years ago, it was a different world. What’s interesting to see is that, while Server-based computing and Digital workspaces (I’ll refer to them as VDI for ease of reading) has fallen in and out of popularity over the past few years, organizations need it today more than ever.

Modern security use cases for VDI

There are several use cases for VDI that didn’t exist until the modern era of workforce transformation.

Working from home

If you have employees who regularly work from home, you face a range of security threats, from employees’ malware-magnet kids to the family’s relatively unsecure home network. If those same employees are accessing data using a thin client through VDI, there’s 1) no temptation for their kids to use the devices (because they can’t access anything fun), and 2) no risk of obtaining malware from a shared network, because VDI environments are isolated from other activity.

Unsecured WiFi

No matter how many policies you set against connecting to unsecured Wi-Fi, there will always be employees who roll the dice and work from the local coffee shop. Again, VDI makes this a non-issue. Workers can enjoy their lattes while securely accessing data through a secure, encrypted connection that’s impenetrable to the hacker at the next table.

Shared or public computers

Maybe last week, your CEO forgot her laptop when travelling to a conference. Using shared or public computers would normally create security issues, but if the CEO conducts her work using VDI, there will be no trace of her activities on public devices. She can conduct her work from an airport kiosk, or hotel business center securely.

State-sponsored threats

What if your CEO is flying to a country known to take part in state-sponsored cyberattacks and surveillance? A transit authority forces her to sign in to her laptop so he can “inspect” it. If the CEO uses VDI, there will be nothing of value stored on the device. And even with remote-access Trojans and other covert, malware-based methods, the government won’t be able to eavesdrop on what’s happening in the VDI environment.

Overseas contractors working with IP

VDI is offering companies the ability to employ contractors in other countries securely and affordably. Rather than shipping a full workstation loaded with proprietary files to a contractor in Europe or Asia, a company can simply ship a thin client with smart card access. When the contractor has completed the project, access can simply be revoked.

Methods for deploying VDI

The use cases are numerous, and so are the types of thin and zero clients available.

Zero clients are the most secure because they have no OS and no firmware, but have limited use cases. Thin clients are more popular and have a wider range of uses. These clients typically come with a few software options. The most secure option is to use a proprietary firmware technology, like Dell’s Wyse ThinOS, that has an unknown, unpublished API. Other software options include Linux or Windows. Both are inherently secure due to the low attack surface and the nature of VDI itself. Ultimately how you choose between them will depend on the applications and peripherals that you want to use with the devices.

If there’s something holding IT teams back from exploring VDI, it’s the perception that it’s a dated solution. But calling VDI a relic of a bygone era is like saying PCs can’t be useful because they came into vogue in the 1980s. Today’s VDI has evolved thanks to massive advancements in the technology powering servers, graphics cards and the endpoints themselves. It’s purpose-built for a new generation and a modern set of security challenges.

So, if you find yourself daydreaming about a world where mobile endpoints aren’t a constant threat to your security, VDI may be one way to get what you want without physically chaining your workforce to their desks.