Protecting physical desktops & laptops are a challenge in a daily administrator tasks. Physical desktops & laptops have the of being de-centralized. Centralizing your end-points in a data center will give you several security benefits.
Sensitive data remains in the data center where security can protect against leaks. There is no more sensitive data spread over employee's physical desktops & laptops possible to integrate virtual desktops in your backup strategy.
Virtualized desktops are created on demand from the same security compliant template. Templates can be created, based on your security standards, and are independent from underlying hardware
Virtualized desktops allow you to stay up to date with supported guest operating systems. When a guest os will become obsolete, and you are running them still on > 80% of your physical desktops, it becomes a race against time and budget to phase out that obsolete OS. When using virtualized desktops, you can prepare a new master template in advance, and roll-out new virtual machines gradually without having to acquire new hardware. The migration for end-users will also be much more smoother then having to restage their physical desktop.
Thin clients can be used to approach the virtual desktops. They have several benefits regarding security.
- Thin clients are managed centrally regarding security policies & upgrades.
- Data can not be copied to another location than the server.
- It is not possible to install unauthorized software.
- There is no introduction of viruses.
- Besides this, they have some more benefits: lesser energy consumption and a faster setup & repair time.
End Point Recovery
Virtualized desktops also helps to lower the costs of disaster recovery and business continuity processes. Restaging physical desktops after an outbreak can take weeks, not to say months. This will be very costly regarding man hours, not to say about the unproductively this causes for your employees. Virtual desktops have the benefit that they can be deleted and rebuilt based on the master templates in several hours.
In combination with Anti-Virus on the hyper visor level, end points are automatically protected once deployed. Often deployment of agents is forgotten and leaves end points & servers unprotected. This will augment the level of security of your end-points and lower the total TCO as less time is spent to maintain the agents.
Anti-Virus on the hyper visor level
When using Anti-Virus on the hyper visor level, it unlocks several other possibilities. You can automatically disconnect the virtual machine from the network when a threat is detected. More detailed information about this approach is found on this blog.
Distributed Security Approach: Virtual Networking
In a data center we have 2 types of traffic:
- North-South Traffic: This is known as traffic towards the internet (up & download). North-South Traffic is protected by your perimeter firewall, anti spam, reverse proxy.
- East-West Traffic: This is known as traffic between the virtual machines. East-West traffic is often not protected. Once a hacker has compromised one server, he has a free pass to go around to other servers.
When using a distributed security approach, security rules will be implied for East-West Traffic. More detailed information about this approach is found on this blog.
Stay tuned for next weeks topic: Backup & Recovery Strategy
We have experts available that are able to assist you with the best practices for each line of defense.
Contact us to see how EASI can share our experience and help you to implement the correct security strategy!