Security meets flexibility: A checklist for virtual desktop infrastructure
More than ever, businesses labors under an overwhelming number of data privacy and security regulations. And as these regulations grow and evolve—particularly in the financial sector—many institutions seek solutions that support standardization and consistency to support compliance. That’s where Virtual Desktop Infrastructure (VDI) comes in. But what is it, exactly?
At a high level, VDI provides a central management point for infrastructure, data and security needs. Specifically, VDI refers to the process of running a user desktop inside a virtual machine that lives on a server in the data center or cloud. It allows each user a fully personalized desktop, consolidated and centralized in a way that streamlines their management. Cost reduction also results, through support for “thin clients”: mini desktop terminals without hard drives. They share the screen, send keyboard and mouse clicks upstream to the virtual machine running the VDI, and allow employee access to apps and data from anywhere, on any device.
VDI also keeps bank employees connected and able to access the network and resources regardless of location. And with tellers frequently changing user stations, for example, VDI allows staff to access just the information, tools and personal folders they need—which makes an organization’s computing system more efficient and cost-effective. The virtualized platform structure also makes it possible to scale much faster as staffing fluctuates.
Beyond basic VDI security
From a security and compliance standpoint, VDI minimizes risk for organizations by hosting endpoint data in a centralized, more isolated center through virtual desktops rather than on a device. In this way, lost or stolen devices are far less vulnerable to a breach, since only a screen image is sent down to the client—not the data itself.
Historically, high upfront costs and low performance hindered VDI adoption. Now as banks leverage technologies such as the cloud and Hyperconverged Infrastructure (HCI), virtual desktops are faster, simpler and cheaper to deliver to users than ever before. It’s clear that VDI carries with it a long list of benefits. So should your bank seize the opportunity that VDI presents?
In a word, yes.
However, it’s critical to keep in mind that while VDI offers security benefits, VDI alone cannot meet all your data security needs. The data and applications that previously resided on endpoint devices will now reside in the data center, which is not immune to its own risks at the physical and virtual layer. Moreover, data will now move from one point (device) to multiple points across the data center. That includes virtual hard drives, virtual machines and file servers—as well as backups and snapshots. Securing data and apps in the data center is especially critical as banks move to hybrid, multi-cloud models.
Four VDI security tips
So how can your bank both realize the benefits of VDI while you reduce security and compliance risks? Here are four tips to keep in mind:
- Take a cohesive approach to security. With VDI’s multiple vulnerability points—including virtual desktops, disks, file servers and endpoint devices used to access them—consider adopting the right security practices and platforms. These must protect data across all endpoints, the data center and the cloud to guarantee a comprehensive, unified approach to security. They should also allow you to easily view and manage the status of these crucial areas.
- Consider the multiple types of VDI. With many kinds of VDI solutions on the market, look for security offerings that can manage more than one type, or you may end up managing solutions from multiple security vendors. That makes oversight more challenging and leaves room for risk.
Know that different platforms have different security needs. VDI can run across Mac, Linux and Windows. It’s important to know if and how your security solutions can work with these different platforms to keep your data safe.
Employ encryption. As mentioned, the overwhelming number of data privacy and security regulations—locally, regionally and globally—poses a significant challenge for banks today. Data breach notification and failed audits can be mitigated with the use of FIPS 140-2 compliant encryption solutions and effective key management to protect confidential data wherever it resides.
Putting it all together: VDI done right
Clearly, banks cannot ignore the call to protect the data they hold, whether through VDI or other means of infrastructure management. If you don’t, your institution risks fines and lawsuits, along with significant reputation damage that most often follows a breach. Locking your data inside your bank’s vault isn’t an option, so take the above considerations into account as you move to a VDI environment. It will help you support compliance and data security, a win for your organization and your customers. Put another way, safe VDI represents a hallmark of Very Dependable Institutions.
Want more Banking Strategies? Sign up for our free newsletter!
Mark Hickman, chief operating officer at WinMagic, is responsible for direct and channel sales, marketing, professional services, and global business development. He previously held senior sales management positions with Computer Associates (CA), BEA Systems Inc., and RightNow Technologies.
For more articles like this, check out our recent Executive Report: “Fraud and cybersecurity: Staying steps ahead.”