VDI offers a cost-efficient method to prevent lost or stolen data by storing data on a centralized server rather than the mobile device itself. However, VDI poses its own security risks to the enterprise, according to ISACA’s new VDI white paper.
The risks introduced by VDI include single point of failure, IT governance complexity, malicious web content, and lack of visibility, the white paper explained.
“VDI increases the risk of single point of failure….Instead of having a number of independent desktops, everything is centralized in the data center”, explained Nikolaos Zacharopoulos, IT auditor for Geniki Bank and chair of ISACA’s project development team for the white paper. This means that a virus outbreak in the data center can devastate the organization, he told Infosecurity.
To address the single point of failure risk, the white paper recommends the use of high availability and disaster recovery methodologies. “Site resiliency mechanisms are easy to deploy, although in most cases, they are expensive and therefore not affordable except in large enterprises.”
In addition, effective governance requires the establishment of new policies and procedures to account for all virtual assets and ensure their compliance with security practices, the white paper stressed.
Compliance with regulations is complicated by the location of data centers across the globe. The information flows between multiple countries, which may have different regulatory requirements, explained Zacharopoulos.
The white paper warned that the spread of malware could be facilitated by the virtual environment. “In the physical world, attacks may be contained by physical boundaries; in the virtual world, boundaries may not prevent malicious software from expanding its reach.”
To mitigate the risks of malware being introduced into the virtual environment, the white paper recommended that VDI systems be managed centrally and have security updates and patches as needed. “Isolation of any potential infection can be accomplished by segmenting hardware components within the virtualization platform. Moreover, changes can be deleted every time a user logs out of the desktop so it always remains in its original state”, the paper noted.
Faster desktop deployment enabled by VDI may cause the enterprise to lose visibility of every asset that must be protected. “Fast provisioning should be performed in a controlled way, accompanied by use of a resource alerting/monitoring engine. Using this strategy, desktop provisioning is secured, without exhausting its supporting infrastructure resources”, the paper explained.