Security

VDI: The answer to keeping tablets safe in the workplace

Tablets are everywhere. The question isn't whether to use them, but how to secure them in the workplace. VDI is the answer.

 

tablet-pile-3650_610x407.jpg
 

My dentist punctuated the bad news by using a tablet to show me the x-ray. I'd like to say the coolness of using the tablet offset the pain, but I still asked for a shot of local anesthetic.

I was feeling much better as I left the dentist office — the anesthetic finally started working. Being hungry, I decided to get some lunch. I knew the numbness would be a challenge, so I went to a restaurant known for its excellent soups. As I sat down, I picked up a tablet looking to see which soup looked the best. When I decided, I placed my order using the same tablet.  

The soup and service were great, so I made sure to give the waiter a good tip when I paid my bill —using the tablet. Next, I was off to my afternoon consulting gig. As I walked into the conference room with the CEO, I noticed he had a new tablet. I smiled, already knowing how this meeting was going to turn out. The topic to be discussed: do tablets make sense for their company.

The debate is over

The debate about tablets making sense in the workplace is over. They're everywhere. The onus is now on IT departments to figure out how to keep an already fragile company infrastructure safe with the influx of tablets — personal and company-owned. The learning curve is especially steep when personal tablets are allowed, each with its own idiosyncrasies.

Is there an answer?

Lots of people and companies say they have the answer. For example, MobileDevice Management technologies (MDM) have been proclaimed the way to control mobile devices attaching to the company network. MDM is not a panacea, and there are several seemingly insurmountable hurdles.

Knowing that, I'd like to discuss an approach that gets past those hurdles by using proven technology that's already hard at work in homes and offices throughout IT-land.

Virtual Desktop Infrastructure

It's called Virtual Desktop Infrastructure (VDI). I was happy to see that TechRepublic Senior Editor Teena Hammond referred to VDI in VDI growth fueled by need for flexibility, mobility. Where she explains how VDI has proven to be an effective method to secure desktops.

IT departments — by applying VDI technology to tablets — have a fighting chance against most if not all known BYOD technical challenges. VDI does that by forcing tablets to use a controlled desktop environment when they are connected to the company's IT infrastructure.

Another plus is the removal of the usually overlooked legal issues I discussed in Security policies must address legal implications of BYOD when VDI technology is employed, simply because company data does not reside on the tablet.

How does VDI work on tablets?

VDI for mobile devices uses two approaches:

  • Client-based mobile VDI: This approach uses an installed client on the tablet. The client creates a virtual session between the tablet and the company's servers, giving the illusion of residing in the normal work-computing environment.
  • Browser-based mobile VDI: If there is a compatibility problem between the VDI client application and the tablet's operating system, the browser-based version will work. All the tablet needs is an installed mobile web browser.

One of the nice things about using a virtual desktop is user familiarity. If the office environment is Windows-based, but the employee prefers an Apple product, mobile VDI allows the employee to have the best of both worlds. Some additional benefits:

  • VDI for mobile devices allows the user to access personal data, work data, and the two do not intermix.
  • Using virtual environments eliminates the need to install business-related applications on every tablet, especially useful when business-specific apps are not ported to mobile operating systems.

Still not the full answer

Mobile VDI comes close, very close to solving the security and technical challenges that have stalled IT departments from blessing the use of tablets. However, I would be remiss by not acknowledging that there are challenges.

For example, Mobile VDI is completely reliant on having a connection back to the company's servers. A more pressing challenge will be the increased demands, as mentioned by TechRepublic's Scott Matteson in this article, on the company's internal network and Internet portal because of the additional bandwidth required by devices using VDI technology.

As I alluded to in the beginning, tablets are here to stay, and they should. I would be lost without mine. We just have to make sure we are not opening yet another door, making it easier for bad guys to sneak-in.

If you are interested in more details, this white paper sponsored by CDWG.com is a good resource.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

12 comments
Rohit Benny
Rohit Benny

Hi...just look the new "OPPO find 7" phone post on Transform Technology

Blair Groves
Blair Groves

Somehow, pod slurping has become a constitutional righ.... Meh....

TRgscratch
TRgscratch

How do you print from the VDI environment?

Douglas Ladesic
Douglas Ladesic

We use a next generation solution called SecurAccess by SecurEnvoy to authenticate all our BYOD users on our networks.  It sits on our server and leverages LDAP.  We save a bunch of money and time not having to carry around hardware tokens to authenticate users with tablets, smart phones and remote users / VDI.  Gartner just released a report showing the trends to leverage cloud in 2FA.  There are a ton of legit new solutions out there.

andygravett
andygravett

Hi Michael,

Just read your VDI article and wanted to point out some solutions offer a hybrid approach of a mix of both VDI and published application (the applications can then be streamed for offline use) as well as full remote access to your VDI or for serious mobile users a hypervised client that enables multiple VDI on the endpoint to be fully managed by the IT team remotely, obviously a good design based on business requirements is key to implementation of the right solution.

Regards

Andy Gravett

Rann Xeroxx
Rann Xeroxx

A better solution for true mobile apps are to have them authenticate to a backend system using something like OneLogin against the enterprise domain.  The app can be encrypted along with its data and the only way to run it is to login.  This is just a short burst of traffic and you can do this in the cloud with ADFS federation.   


If the device is stolen, they will not have the login. If the employee leaves the company, you disable the login.  Either Way, the wrong person cannot get to the data.


This is a far better solution then MDM, which some employees consider intrusive, or VDI, which requires backend connections and heavy bandwidth. 

Michael Kassner
Michael Kassner

Actually, Blair


VDI is to protect the employee as much as the employer. The "Plain-view Doctrine" comes into play only if work data and personal data are co-mingled. 

Michael Kassner
Michael Kassner

@TRgscratch  


Good question, and I will find out. I actually think you will have a better chance of being able to print. The only way I know of printing from iOS or Android is using a cloud print service. Windows tablets are able to print, so a different thing altogether. 

Michael Kassner
Michael Kassner

@Douglas Ladesic  


Question, Douglas


Where does the data reside? On the device or the servers. That will become a huge issue in the not too distant future.

Michael Kassner
Michael Kassner

@andygravett  


Thank you, Andy. One big concern is if data remains on the mobile device. If it does then there are legal implications. 

Michael Kassner
Michael Kassner

@Rann Xeroxx  


Interesting. I have a question for you. Does the data reside on the mobile device? If so, there are legal implications that come into play, whereas with VDI no data remain on the mobile device.

Editor's Picks