Is VDI Secure?

On 8 November 2012 by Pete Petersen

VDI and Data Security

There have been recent concerns about VDI and data security. There are two sides to that argument.

1. VDI is less secure because you’re taking unpredictable users out of the field and placing them right into your data center.

2. VDI is more secure because you’re taking all of that data and centralizing it into a secure location. The data never leaves the security of the data center.

Inherently an out-of-the-box VDI solution can be less secure than a traditional fat-client PC solution–if the practices that led the organization to managing their PCs are not brought forward into the VDI solution. However, the experience of many VDI implementations, the case trends more the other way. Security and management practices that were developed over years of trying to wrangle the device management problem to the ground, while giving the user a good and productive experience, are integrated into the VDI project.

Many practices can and should be brought forward, such as Internet surfing policies, many of the security GPOs, and anti-virus/anti-malware practices.

Not all practices can and should be brought forward. For instance, the application update and image management process are factors more efficient in the centralized solution.

The bottom line is that the promise of VDI–if well-implemented–is that it is more secure, easier and less expensive to manage, faster to market for apps and updates and critical regulatory configurations for those organizations that are required to be under the guidance of those government organizations. There are hundreds of implementations to prove it.

Project Leadership Associates (PLA), a Chicago-based organization, with regions hubs in Houston, Boston, Detroit, St. Louis, and Sacramento, has helped several organizations implement over thousands virtual desktops in well-designed and well-implemented solutions that now have happy customers and happy users. And there are many more implementations that are successful across the world–and many that are not so successful. One of the key components, organizations are finding, is to pick the right vendors and partners. Citrix and Quest (now Dell), for example, as broker vendors; Dell as storage and server vendor, and PLA as implementation partner; all serve to produce a winning combination of technology and skills and experiences of those who have been there before and have seen it implemented both poorly and in ways that succeed in critical areas for those organizations (TCO, ROI, security, implementation, management, architecture, design, etc.).