It’s easy to understand why virtual desktop security tops the list of priorities for a vast majority of companies today. One glance at business news and it’s clear that bad actors in the cybercrime arena are not going away anytime soon; instead, they are becoming ever-more sophisticated in their efforts to hack, ransom, and destroy systems and data.
To minimize this threat as well as maximize recovery as quickly as possible should an organization become a victim, it’s important to stay on top of current and evolving best practices.
What To Look for In The Cloud
More and more of the world’s systems, software and data are being stored in the cloud today. Evolve IP selected Microsoft Azure as its public cloud option with its service-oriented architecture in security. Businesses selecting a virtual desktop partner must take care to ensure that their third-party vendor provides state-of-the-art security features at the cloud infrastructure level including:
- Superior Firewall Protection: As the first and most important layer of defense, the firewall protects a company’s entire network from bad actors. Be sure that your virtual desktop partner offers sophisticated firewall protection such as the enterprise-grade firewall platform from Cisco, which is well-known for its superior performance and redundancy. Evolve IP offers intrusion detection and prevention through an add-on for Cisco’s firewall protection as well.
- Identity Management Protection: Correctly identifying authorized users is one key factor to ensure virtual desktop security. Virtual desktop systems that provide a single sign on with multi-factor authentication helps organizations minimize the chances of unauthorized access.
- Web Browser and Device Security: Depending on the job responsibilities of employees, they may only need access to specific web browsers or applications, requiring role based access control (RBAC). Organizations should restrict devices to only those necessary for completion of tasks for individual team members. Having a remote wipe and device lock capabilities can increase device and browser security .
- Malware and Virus Protection: Over time, malware and computer viruses have become more sophisticated. Companies must find a way to stay on top of the latest threats by employing or partnering with a vendor that can provide world-class malware and anti-virus protection on an ongoing basis. Evolve IP uses Mimecast email protection services, Cisco Umbrella web protection and Trend Worry Free Anti-Virus. In the future, Evolve IP will be offering Microsoft Defender for Endpoint Plan 2 to secure non-persistent desktops, which are “shared” desktops and require special software that can handle different user profiles.
- Remote Management: In a similar manner, the centralization of a virtual desktop system allows remote monitoring and management. This means the performance of all workstations, network equipment, and servers can be viewed around the clock from a central location, allowing suspicious activity to be flagged and addressed more quickly.
- Data Backups: In the case of a breach, one of the first components of a successful and rapid recovery is being able to access lost data including recovery from a Microsoft Office 365 backup. Finding a partner that provides automatic data and application backups on a regular basis can deliver peace of mind and increased security.
- Mobile Device Protection: As more employees want to use their own personal devices to access work-related systems, applications, and information, the security risks increase. Be sure a third-party vendor can configure, manage, and monitor these devices from a single application to maintain governance and control.
- DDoS Detection: Distinguishing distributed denial of service (DDoS) attacks from regular network activity can help significantly mitigate attack risks. Working with a leading edge provider such as Cloudflare can increase both detection and prevention.
- Partner Relationships: In today’s complex technology landscape, one company cannot provide all the best practices when it comes to security. It’s important that an organization can draw from the leading platforms and best-of-breed solutions including Microsoft, Veeam, VMware, Mimecast, N-Able, and Citrix to build a truly end-to-end secure infrastructure.
The BYOD Challenge
As previously noted, more and more employees want to access their work-related systems and data via personal devices. From the individual’s perspective, this makes a world of sense. Instead of carrying multiple devices for personal and professional needs, employees want to be able to access everything safely and security from their own smartphone, iPad, or other mobile device. This increases convenience in today’s remote and hybrid work environment.
From a business standpoint, however, this poses an entirely new set of security challenges. What happens when personal devices get lost? Successfully hacked? Can personal phones become a portal for bad actors to infiltrate an entire network posing a much larger security risk for the business?
Adopting best practices when it comes to dealing with the bring-your-own-device (BYOD) is one way to mitigate risk:
- Cloud-based Virtual Desktop Interface: The infrastructure itself can provide a significant level of protection by centralizing governance, security protocols, and backups. Personal devices are then used only as virtual endpoints, commissioned to allow only necessary access. As a result, if a desktop is compromised, Evolve IP can simply deploy a fresh new desktop, which is not a cost-effective option with a physical device.
- BYOD Policy Statement: Having a formal policy surrounding BYOD is important for both leadership and employees to understand expectations and consequences of non-compliance. Outline exactly which devices can be used, what protections must be taken by which party, how breaches and problems should be reported, and disciplinary consequences if policies are not followed.
- Employee Training: It’s likely that bad actors are constantly sharpening their attack strategies and skills; as a result, it’s imperative that companies continually remind and train employees on how to battle and protect themselves from these ever-sophisticated attacks. Provide information on the latest phishing scams and other risks so employees can be constantly on the lookout. Mimecast’s Awareness Training includes a content library, risk assessments and system information reporting.
- Limited Access: Organizations must successfully balance providing the access needed for all remote and hybrid employees to remain productive around the clock while eliminating all unneeded access points. Remember that this access balancing act is likely to change over time so that the commissioning and decommissioning of access through RBAC must be streamlined and easy.
- Decommissioning Process: Along the same vein, the process to block access and decommission personal devices must be immediate; departing employees can be one of the highest security risks to an organization.
Ready to talk about virtual desktop security? Reach out to Evolve IP today. Our team has years of experience in helping organizations like yours make smart decisions to support a secure remote and hybrid workforce. By partnering with industry leaders, we provide unmatched security when it comes to cloud-based virtual desktops.