search-icon

Virtual Desktop Security Best Practices

Scott Arnold, Product Manager at Evolve IP

Blog / Virtual Desktops / Virtual Desktop Security Best Practices

It’s easy to understand why virtual desktop security tops the list of priorities for a vast majority of companies today. One glance at business news and it’s clear that bad actors in the cybercrime arena are not going away anytime soon; instead, they are becoming ever-more sophisticated in their efforts to hack, ransom, and destroy systems and data.

To minimize this threat as well as maximize recovery as quickly as possible should an organization become a victim, it’s important to stay on top of current and evolving best practices.

 

What To Look for In The Cloud

More and more of the world’s systems, software and data are being stored in the cloud today. Evolve IP selected Microsoft Azure as its public cloud option with its service-oriented architecture in security. Businesses selecting a virtual  desktop partner must take care to ensure that their third-party vendor provides state-of-the-art security features at the cloud infrastructure level including:

  • Superior Firewall Protection: As the first and most important layer of defense, the firewall protects a company’s entire network from bad actors. Be sure that your virtual desktop partner offers sophisticated firewall protection such as the enterprise-grade firewall platform from Cisco, which is well-known for its superior performance and redundancy. Evolve IP offers intrusion detection and prevention through an add-on for Cisco’s firewall protection as well.
  • Identity Management Protection: Correctly identifying authorized users is one key factor to ensure virtual desktop security. Virtual desktop systems that provide a single sign on with multi-factor authentication helps organizations minimize the chances of unauthorized access.
  • Web Browser and Device Security: Depending on the job responsibilities of employees, they may only need access to specific web browsers or applications, requiring role based access control (RBAC). Organizations should restrict devices to only those necessary for completion of tasks for individual team members. Having a remote wipe and device lock capabilities can increase device and browser security .
  • Malware and Virus Protection: Over time, malware and computer viruses have become more sophisticated. Companies must find a way to stay on top of the latest threats by employing or partnering with a vendor that can provide world-class malware and anti-virus protection on an ongoing basis. Evolve IP uses Mimecast email protection services, Cisco Umbrella web protection and Trend Worry Free Anti-Virus. In the future, Evolve IP will be offering Microsoft Defender for Endpoint Plan 2 to secure non-persistent desktops, which are “shared” desktops and require special software that can handle different user profiles.
  • Remote Management: In a similar manner, the centralization of a virtual desktop system allows remote monitoring and management. This means the performance of all workstations, network equipment, and servers can be viewed around the clock from a central location, allowing suspicious activity to be flagged and addressed more quickly.
  • Data Backups: In the case of a breach, one of the first components of a successful and rapid recovery is being able to access lost data including recovery from a Microsoft Office 365 backup. Finding a partner that provides automatic data and application backups on a regular basis can deliver peace of mind and increased security.
  • Mobile Device Protection: As more employees want to use their own personal devices to access work-related systems, applications, and information, the security risks increase. Be sure a third-party vendor can configure, manage, and monitor these devices from a single application to maintain governance and control.
  • DDoS Detection: Distinguishing distributed denial of service (DDoS) attacks from regular network activity can help significantly mitigate attack risks. Working with a leading edge provider such as Cloudflare can increase both detection and prevention.
  • Partner Relationships: In today’s complex technology landscape, one company cannot provide all the best practices when it comes to security. It’s important that an organization can draw from the leading platforms and best-of-breed solutions including Microsoft, Veeam, VMware, Mimecast, N-Able, and Citrix to build a truly end-to-end secure infrastructure.

 

The BYOD Challenge

As previously noted, more and more employees want to access their work-related systems and data via personal devices. From the individual’s perspective, this makes a world of sense. Instead of carrying multiple devices for personal and professional needs, employees want to be able to access everything safely and security from their own smartphone, iPad, or other mobile device. This increases convenience in today’s remote and hybrid work environment.

From a business standpoint, however, this poses an entirely new set of security challenges. What happens when personal devices get lost? Successfully hacked? Can personal phones become a portal for bad actors to infiltrate an entire network posing a much larger security risk for the business?

Adopting best practices when it comes to dealing with the bring-your-own-device (BYOD) is one way to mitigate risk:

  • Cloud-based Virtual Desktop Interface: The infrastructure itself can provide a significant level of protection by centralizing governance, security protocols, and backups. Personal devices are then used only as virtual endpoints, commissioned to allow only necessary access. As a result, if a desktop is compromised, Evolve IP can simply deploy a fresh new desktop, which is not a cost-effective option with a physical device.
  • BYOD Policy Statement: Having a formal policy surrounding BYOD is important for both leadership and employees to understand expectations and consequences of non-compliance. Outline exactly which devices can be used, what protections must be taken by which party, how breaches and problems should be reported, and disciplinary consequences if policies are not followed.
  • Employee Training: It’s likely that bad actors are constantly sharpening their attack strategies and skills; as a result, it’s imperative that companies continually remind and train employees on how to battle and protect themselves from these ever-sophisticated attacks. Provide information on the latest phishing scams and other risks so employees can be constantly on the lookout. Mimecast’s Awareness Training includes a content library, risk assessments and system information reporting.
  • Limited Access: Organizations must successfully balance providing the access needed for all remote and hybrid employees to remain productive around the clock while eliminating all unneeded access points. Remember that this access balancing act is likely to change over time so that the commissioning and decommissioning of access through RBAC must be streamlined and easy.
  • Decommissioning Process: Along the same vein, the process to block access and decommission personal devices must be immediate; departing employees can be one of the highest security risks to an organization.

Conclusion

Ready to talk about virtual desktop security? Reach out to Evolve IP today. Our team has years of experience in helping organizations like yours make smart decisions to support a secure remote and hybrid workforce. By partnering with industry leaders, we provide unmatched security when it comes to cloud-based virtual desktops.
Author Image

Scott Arnold, Product Manager at Evolve IP

Scott Arnold works as the Compute Product Manager for Evolve IP and has worked in the compute product space for over 15 years. He works with leading technology solution vendors, security experts, and world-class engineers to deliver reliable, secure and high-performing compute products. When he is not working he spends time with his wife and kids enjoying the outdoors riding bikes and playing soccer. When the weather doesn't cooperate he loves to play arcade and pinball games with his family.

Categories

Your essential IT ally for the enterprise hybrid workforce.

MSG_Arena_Primary_Logo-full-blue Nike_logo ford-img marriott-img chk-img apria-img
Friedman
International accounting firm increases productivity by 30% during COVID with fully integrated Work Anywhere™ solutions.

Everything was flowing, everyone's connecting...Just seamless! And everything just worked. We haven't been down since we went remote."

– Chief Information Officer, Friedman, LLP

View All Case Studies
Friedman Case Study Video Thumbnail
Dermatology Logo Partners
One of the nation’s largest and fastest-growing dermatology businesses estimates savings of $6.45 Million over 5 years

Evolve IP’s digital workspaces have allowed us to acquire more practices in a faster and more profitable way. That is resulting in bottom-line cost savings and top-line business benefits."

– Jeff Francis, Vice President of IT USDP

View All Case Studies
Dermatology Partners Case Study Video Thumbnail
Ogletree Deakins Logo
International Law Firm Drives Communications Reliability Across 60+ Worldwide Locations and Saves Over $300,000 a Year

That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!"

– Ken Schultz CIO of Ogletree Deakins

View Case Study
Ogletree Deakins Case Study Video Thumbnail

Simplify and future-proof your technology footprint with Evolve IP

Microsoft_logo partner_cisco_logo_120 VMware_by_Broadcom_Gray-Black_logo partner_citrix_logo_sized partner_zerto_logo_120 veeam-logo dubber-logo

It's nearly impossible to stay on top of every change in technology. Partner with Evolve IP and gain the combined experience of hundreds of technologists, all acting as an extension of your IT team. Helping you do more with less.

Featured By
Frost and Sullivan Logo Gartner Logo Inc 5000 Logo Fox Business Logo
Certified By
Hitrust Logo AICPA Logo