Enterprises are looking to virtual desktop infrastructure to make secure remote work possible, hopefully without sacrificing productivity, cost, and security. Credit: Ree Want to know who has the most stressful job in the enterprise these days? It’s the CISO, or chief information security officer. This is typically a senior-level executive responsible for developing and implementing information security programs and the person first on the hook if a breach occurs. Many of these brave men and women took on the role prior to the pandemic when vulnerable applications and data could be placed within a secure domain—typically, a well-defined firewall. Today, that’s not possible. With employees forced to work remotely during the early days of COVID-19 and many still working from home, maintaining enterprise security suddenly has gotten more interesting. One of the weapons that CISOs keep leveraging is virtual desktop infrastructure or VDI. VDI is a technology and an approach that uses virtual machines to provide and manage virtual desktops. In other words, it provides a standard, approved desktop configuration, including all applications and data needed for employees to do their job remotely over the open Internet. VDI hosts desktop environments on a centralized server and deploys them to users on demand. Although VDI in one form or other is not new, it has recently increased in popularity as a way to provide standard, secure, work-from-home platforms that use applications and data from centralized, secure locations in public clouds or enterprises data centers. If you’re working for a large enterprise or government agency, chances are you’ve used a VDI from a cloud provider or are using one now. Parallels conducted a survey with the objective of understanding the state of VDI and cloud computing. It found that 31.3% of respondents cited the ability to enable remote work as the most important reason for choosing VDI, and 24.1% of respondents listed security as the most important reason. A smaller group (18.8%) prioritized the ability to enable a flexible work environment, including working from any device, such as a computer, phone, or tablet. I understand the need to leverage VDI from public cloud servers to get remote work up and running quickly. However, several VDI issues are popping up that CIOs will need to overcome at some point. Performance is the core problem. Not all home-based Internet connections support high speeds and low latency. Indeed, even if you pay for the faster stuff, a few days of detailed monitoring will show that latency and speed are pretty bursty overall. VDI, depending on what you’re leveraging, indeed keeps data and applications centrally located and thus hopefully secure. But both application images and data must be constantly transmitted to the employees’ devices and interactions transmitted back to the virtual servers. They are very chatty. This is unlike applications that run locally and have data stored locally, where the response is nearly instantaneous. Most of us are used to this kind of performance. Latency, even if it’s not noticeable by most remote workers, can add up to productivity losses that run into many millions of dollars a year. Many of the savvier remote workers have worked around the performance issues by moving some of the data to local storage on their devices (such as with email), thus causing a potential security problem if the device is hacked or stolen. The bottom line is that although VDI may be a good fit for some types of remote workers, such as those who don’t interact with dynamic applications and a great deal of data, most remote workers will feel its limitations quickly. However, those who are charged with security for remote workers really have no better solutions at this point that they can implement as quickly. That said, I believe we’ll need to find a better option that’s able to provide performance, usability, and security. This will come in the form of a better hybrid solution, where applications running locally and natively on the device are able to access data remotely using encrypted connections. Moreover, if it does so with an intelligent data-caching mechanism, the remote worker won’t see any significant performance issues that impact productivity. This exists today, of course. The approach and technology are well known. The trouble is we’re now dealing with the native device platform on its terms and not just providing an interface into a virtual platform through some app. I’m not sure that VDI will be the long-term solution for remote work. I think that those responsible for supporting an ever-growing remote workforce may start thinking about what’s next. I am. Related content feature A GRC framework for securing generative AI How can enterprises secure and manage the expanding ecosystem of AI applications that touch sensitive business data? Start with a governance framework. By Trevor Welsh Nov 19, 2024 11 mins Generative AI Data Governance Application Security news Java proposals would boost resistance to quantum computing attacks OpenJDK proposals would provide Java implementations of a quantum-resistant module-latticed-based digital signature algorithm and key encapsulation mechanism. By Paul Krill Nov 08, 2024 2 mins Java Quantum Computing Application Security news ‘Package confusion’ attack against NPM used to trick developers into downloading malware Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control. By John E. Dunn Nov 06, 2024 4 mins Vulnerabilities Open Source Security news analysis What Entrust certificate distrust means for developers Secure communications between web browsers and web servers depend on digital certificates backed by certificate authorities. What if the web browsers stop trusting your CA? By Travis Van Oct 30, 2024 9 mins Browser Security Web Development Application Security Resources Videos