Desktop security sanctuary found with DaaS

The bottom line to most articles about Desktop-as-a-Service is that DaaS will lower your security risks. Explaining the how and why isn’t often delved into in any great depth, but understanding the reasons behind this benefit will allow you to see why DaaS could work for you and your business. Particularly at the moment, when most teams are working remotely. By David Blesovsky, CEO at Cloudhelix.

  • 3 years ago Posted in

Firstly, to explain that when we talk about DaaS, we mean, the delivery of a fully managed virtual desktop instance (VDI), which is hosted on cloud infrastructure. It’s not a new concept, but 15 years on from its initial inception, Daas is finally coming into its own.

Now, DaaS enables users to access corporate applications and data via a familiar Microsoft Windows desktop experience on almost any device connected to the internet. But its origins were formulated on, and continue to focus on, increased defence in the face of security and compliance risks.

Control and cloud clarity
The modern workplace is agile, and full of freedom. But with given freedom, the ability to control essentials whilst being unrestrictive is a difficult balance for many. With DaaS, the risks that naturally will arise from your staff working anywhere and on any device. You don’t have to worry about what data is held on the user’s devices, and more to the point, where that device gets left at the end of a long day.

DaaS moves the security risk from hundreds of end-user devices and puts it all into the controlled and managed environment of a data centre. The data remains at the data centre, and you have control over all the company assets, able to revoke access at the touch of a button.

Management with no mis-
Whether it’s controlling orphaned accounts from leavers to ensuring everyone has the latest patches and applications, these common logistical issues melt away when it comes to DaaS. One central image (or a few based on personas) are operated so that once a change is made, everyone is up to date.

And there’s no need for standardised hardware builds for end-user devices, because DaaS will run on almost any device, no matter the configuration. Your IT team can manage virtual desktop security just like they manage their existing infrastructure today, with the same credentials and permissions.

Secure separation
Whilst working with a provider like Cloudhelix, and a solution such VMware Horizon DaaS, you can ensure you’re getting complete network separation from tenants (preventing address collisions and unwarranted access) and tiered roles (to ensure the access we have is the access you want to give). For those wanting a little more technical info, the resource separation is enabled across:

        Storage: every tenant is assigned its own unique storage unit.

        Connection brokers/web application.

        Databases: including tenant passwords for encryption.

        Directory Services: each tenant is able to use its own AD system without any risk of improper security privileges leading to a security breach.

        Tiered tenant roles: focused on three levels of IT Administrator, End User, and Service Provider.

Disasters, disabled
No business can truly escape real disasters, even with a plan. More often than not, disaster recovery (DR) plans cover servers and networks but won’t protect desktops at all due to expense duplication when it comes to the traditional desktop set-up. But if your desktops go down, how will your employees work for the foreseeable? Or what if they rely on physical desktops but can’t get to the office? Before a DR plan might have considered freak weather instances or power outages, but how are you considering your set-up in the face of the worldwide pandemic crisis that Coronavirus has brought?

The challenge presented by Coronavirus means business as normal, albeit from home, and DaaS can be seen as the “Desktop DR Insurance Plan”. Not only will you benefit from having your desktops in a secure and highly available data centre, but the likelihood is that your service providers will host across multiple centres to ensure you’re up and running, no matter what.

A-to-B sanctuary
Working with a provider, such as Cloudhelix, will ensure that the infrastructure as well as the DaaS solution is secure from back to front. Confidence in the platform that underpins your DaaS is key, and we recommend a robust, scalable and secure environment from a provider who understands your business needs. If you’re moving away from onsite hosting, look for UK Tier 3 data centres, and ISO accreditations (ISO 27001 and ISO 9001) to guarantee data sovereignty.

With built-in security capabilities such as secure point-to-point network connectivity, dedicated compute, and network isolation, with DaaS you can have the confidence that your corporate data and applications are secure.

 

 

 

 

By Frank Catucci, CTO and Head of Security Research, Invicti Security.
By Tom Printy, Advanced Design & Development Engineer, Zebra Technologies.
By Iain Sinnott, Head of International Carrier Sales, Enreach for Service Providers.
By Hope Lynch, Senior Director, Platform, CloudBees.
By Massimo Bandinelli, Aruba Cloud Marketing Manager.
By Paul Baird, Chief Technical Security Officer EMEA, Qualys.