1©2009 Desktone, Inc. All rights reserved.

Virtual Desktops:How secure can they be?

Danny Allan, Chief Solution Architect

April 26, 2011

2©2011 Desktone, Inc. All rights reserved.

Agenda

Today’s Presenter

Danny AllanDesktoneChief Solutions Architect

danny.allan@desktone.com

1. Traditional Desktop

2. Virtual Desktop Infrastructure (VDI)

3. Cloud-based Desktops

4. Desktop Security5. Desktone Overview

3©2009 Desktone, Inc. All rights reserved.

Desktop Virtualization& Cloud Overview

TraditionalDesktop

4

• “Utility” billing (pay as you use)

• “Unlimited” processing and storage

• Elasticity to scale up or down

• On demand, self-service

• Highly automated

Maximize revenue

Reduce cost

Expedite time to market

Focus resources

Do more projects

AccessibilitySpeed

Cost

Dynamically scalable, virtualized resources provided as a service

Why the Switch to Cloud?

For a variety of reasons, cloud technologies are too compelling to ignore.

5©2009 Desktone, Inc. All rights reserved.

Desktop Virtualization& Cloud Overview

6©2011 Desktone, Inc. All rights reserved.

OSDataApps

SettingsPreferences

Desktop Management Today

Expensive

Support-heavy

Insecure

Tipping point for change is here...

Migration to Windows 7

New mobile access

Tighter IT budgets

Security

7©2011 Desktone, Inc. All rights reserved.

The Promise of Virtual Desktops (VDI)

Cost reduction IT consolidation Easier to manage Happy users

OSDataApps

SettingsPreferences

Virtual Desktops

Virtual desktops

Centrally managed

In IT data center

8

… but major BARRIERS exist

Traditional VDI Reality

©2011 Desktone, Inc. All rights reserved.

Start UpHuge up-front costs

Many Moving PartsComplex to design & build

Operationally IntensiveDifficult to maintain

Is It StrategicDo you want to be building and managing data centers

9©2011 Desktone, Inc. All rights reserved.

Ease of management Device independence Lower TCO Low cash out = low risk Customer satisfaction

Cloud-Based Desktops (DaaS)

Desktop Cloud

From Any Location

FIXEDTELEWORKERSTEMPORARY OFFICES

PARTNERS &SUPPLIERS BRANCH OFFICES

From Any Device

Business Benefits

10

Securing the

Desktop

11©2011 Desktone, Inc. All rights reserved.

End-to-end Desktop Security

Manage

Protect

Deliver

Assess

Ensure the desktop and OS have the needed AV, FW, patches and config

Verify that the delivery of the desktop is not monitored or altered

Assess user compliance with business conduct guidelines

Defend the desktop from malicious and unauthorized access

PersonalDesktop

12©2011 Desktone, Inc. All rights reserved.

A desktop management problem

20 M desktops infected with malware in 1H10 in USA

* http://www.microsoft.com/security/sir/

13©2011 Desktone, Inc. All rights reserved.

Desktop Management

• Challenge• Comprehensive and consistent OS patching and configuration• User controls / application controls• End point controls• AV/FW synchronization

• Real world example• LIHF – 8B security incidents every day• Rimecud, Stuxnet

• Ability to Deliver1. DaaS – Ability to deliver sandboxed solutions across the internet2. VDI – Multi-tenancy is impossible to achieve internally3. Traditional – Unmitigated disaster resulting in largest security spend segment

14©2011 Desktone, Inc. All rights reserved.

A desktop protection problem

1.7 M records known lost on stolen laptops in 2010

• http://www.microsoft.com/security/sir/ • http://www.datalossdb.org/

15©2011 Desktone, Inc. All rights reserved.

Desktop Protection

• Challenge• Defending the desktop against unauthorized access• Compartmentalization of duties (service and enterprise)• Providing effective desktop backup

• Real world example• Lost & stolen laptops (10K/w)• HILF – User identity in Orange County

• Ability to Deliver1. DaaS – Separation of roles2. VDI – Ensuring operations policy & procedures3. Traditional – Unmitigated disaster resulting in millions of records lost

16©2011 Desktone, Inc. All rights reserved.

Desktop Delivery

• Challenge• Eliminating the threat of eavesdropping• Ensuring the user can trust the communication from the server• Ensuring the server can attest to client actions

• Real world example• Critical vulnerabilities in RDP < 7.0 (eg. MS09-044, MS05-041)• CSRF vulnerabilities are exploding

• Ability to Deliver1. DaaS – Consider stronger encryption capabilities across the internet2. VDI – Many respected guides recommend disabling RDP encryption3. Traditional – Due to the significant variations and types of communication initiated

from the desktop, it is difficult to impossible to lock this down securely

17©2011 Desktone, Inc. All rights reserved.

A User Monitoring Problem

3M records known stolen by malicious insiders in 2010

• http://www.datalossdb.org/ • http://www.kwtx.com/

18©2011 Desktone, Inc. All rights reserved.

Desktop User Assessment

• Challenge• Ensuring user behavior conforms to corporate policy• Monitor for malicious user behavior• Collecting and evaluating desktop logs across a complex, multi-geo environment

• Real world example• Data loss prevention is a growing problem (eg. PFC Manning)• Employee spends all his time Facebook

• Ability to Deliver1. DaaS – Central point of deployment allows for centralized visibility2. VDI – Still need to set up IPS, DLP, reverse proxy, etc3. Traditional – Difficult to impossible to achieve in a distributed environment

19©2009 Desktone, Inc. All rights reserved.

Desktone Overview

20©2011 Desktone, Inc. All rights reserved.

Who is Desktone

= Cloud-based Virtual Desktops

• Built from the start for cloud-hosted desktops as a service (DaaS)

• Security, end-user performance and customer support is JOB #1

• Frictionless try and buy experience

• Optimized, tested & deployed with the worlds largest companies and service providers

21

BenefitSimplified desktop deployment Centralized desktop management Walk-off data security Simplified issue resolution and recovery Genuine, customizable Windows client environments No upfront CAPEX Pay as you go Time to value in weeks, not months Leverage carrier-class scale Expand geographic coverage Reduce complexity and risk Data Center Scale Democratic – Small, Medium, Enterprises, EDU, Gov’t

DaaS

VDI vs. Cloud based Desktops

VDI

22©2011 Desktone, Inc. All rights reserved.

1. IT Friendly Solution

Easy to manage On demand desktops: add,

remove, & modify at will

Centralized (security) management from any device

Visibility into user activity

No data on devices

Easy to try Free trial in minutes: (

www.desktone.com)

Pilot ease – no infrastructure required

23©2011 Desktone, Inc. All rights reserved.

2. Device & Location Independence

Embrace next-generation of employees

Work and access corporate apps and data from any device: Mac, Ipad, Droid, thin client, laptop, PC (http://www.youtube.com/user/Desktone)

Work from anywhere: home, office, or Starbucks

Leverages “Bring Your Own PC” (BYOPC) movement

“Instant on” experience

24©2011 Desktone, Inc. All rights reserved.

3. Lower Total Cost of Ownership (TCO)

No complicated infrastructure to configure and build

Centralized support and management

No expensive management resources required

No hidden costs

25©2011 Desktone, Inc. All rights reserved.

4. Low Cash Out = Low Risk

No infrastructure investment

Pay for only what you need

OPEX budget consistency

26©2011 Desktone, Inc. All rights reserved.

5. 100% Customer Satisfaction

Services – rapid deployments Support – dedicated virtualization experts Operational Excellence – 4 years of hosted

desktop delivery Training – rich library of self-paced training

modules and live knowledge transfer sessions

27

How it Works

©2011 Desktone, Inc. All rights reserved.

IT Shared Resources

Desktone’s Delivers

End User Devices

• Active Directory• User Data

• Storage

• High performance network• Secure & Compliant

• Personalized desktops

• Bring your own licenses

• Centralized management & reporting• Provisioning on demand

Client Manages

Remote Display

Network Connection (VPN)

•Access from anywhere

Access Anywhere

28

The Desktone Cloud Consists of

two primary interfaces

Desktone Enterprise CenterUsed by desktop admins to manage the Desktone Cloud

Desktone PortalUsed by end-users for access to resources on the Desktone Cloud

29

End Point Devices

1. Mobile DevicesiPad “DaaS Mobile Client” avail in the iTunes Store

2. Thin clientsAll leading vendors supported

3. Standard PCsAccess through their preferred web browser or DaaS Client.

End-User Access

30

What the Analysts Say

“Enterprises want to take advantage of virtual desktops, but are

stymied by cost and complexity. With its attractive price point and

easy on-ramp, the Desktone Cloud lowers the barrier to entry. “

“If nobody had influenced you in any way and you were just asked to

draw out a sense of a virtualization of services to end users, you would

head in this direction.  I have no doubt about it.  It’s very appealing.”

“This idea of desktops as a service is gaining a lot of interest in the market. IDC believes it is very valid model; the technologies are coming together and I expect it will gain in adoption."

31©2011 Desktone, Inc. All rights reserved.

Summary

• Cloud computing is changing the world of IT

• The current desktop management market is ripe for change

• Virtual desktops have a significant security advantage• No data on lost and stolen laptops

• Centralized desktop management, control and visibility

• VDI was supposed to solve the problems – but has introduced other issues for most especially cost and complexity

32©2011 Desktone, Inc. All rights reserved.

Resources

• Free Desktop Security White Paper http://bit.ly/slidesharedesktopsecuritywp

• Free Trial: www.desktone.com

33©2011 Desktone, Inc. All rights reserved.

Questions??

Questions / Feedbackdanny.allan@desktone.com

Schedule a Live Demo866-691-5660 or info@desktone.com

Desktop in 90 Seconds!Check out our Free Trial of a Cloud Hosted Desktop – in less than

90 seconds you’ll be up and running! http://bit.ly/securedesktopfreetrial