Every week, we hear about data breaches, and they hit companies and organizations of all industries and sizes. While it’s much harder to hack into a corporate database, the proliferation of BYOD policies and mobile workers have exposed organizations to an increased amount of breaches caused by stolen devices. While the latter aren’t as high up on the “massive” breach scale, breaches caused by stolen devices are still very much a real threat and source for embarrassment.
An answer to the situation of laptop loss is hosted virtual desktops, or hosted workspaces. Using their existing laptops, users stream their virtual desktop to their local machine. Users can access their applications, documents, and corporate data securely, but without it residing locally on their laptop. Instead, the data and applications are hosted out of a virtual private data center via a cloud provider.
This article will discuss the need for enhanced physical security around BYOD, and how utilizing secure workspaces in the cloud can help protect end users and clients from data breaches.
Why Data Breaches Cannot be Overlooked
Privacyrights.org tracks and publishes information on data breaches occurring around the U.S. These encompass the big headline breaches where sophisticated and professional groups of hackers infiltrate a company and compromise its security. Then over time, they extract bits of sensitive data.
Another type of breach in corporate data occurs when a device is physically stolen or lost. This might occur accidentally, during a worker’s commute on a train, or it could be malicious based on tracking individuals known to oversee sensitive data. Once the laptop is stolen, the company has little knowledge about whether the data on the laptop is actually compromised. However, particularly in certain industries, such as healthcare and financial services, the company must notify authorities and often must report the embarrassing news that will ultimately hit the mass media.
Types of Data on Laptops
Employees tend to hoard data of all types. This might mean that a stolen or lost laptop might contain several years of data, but also different types of data. For example, a financial services employee in insurance might have data on their laptop, such as customer lists, PII (personally identifiable information), and customer-specific performance of their account. A retail employee might have data on multiple stores, revenue comparisons in different regions, customer data, financial figures, product details, roadmaps, and future plans.
We sometimes forget all the type of data we keep on our laptops, but as you start to think about it, you realize that a competitor, or a maliciously minded individual could take advantage of the different files on your laptop, and if not directly harm your company, at least make it embarrassing.
Protecting Data on Virtual Desktops
A hosted virtual desktop is similar to a virtualized server. Many, if not most, companies have already gone through virtualization of their servers as a cost savings measure. Instead of buying one server for each application and workload, they can now load multiple “virtual machines” on a server and better utilize the capacity of today’s powerful servers. A virtual desktop is different in that the user is the employee directly at the company trying to accomplish their day-to-day work.
Resiliency and Data Protection
Since virtual desktops are streaming from a data center, corporate data, documents, future plans, payroll data, and other sensitive information is stored in a private cloud for each customer. By using a cloud provider for this service, companies leverage higher grade security protection. Generally, cloud providers have data centers that are physically secure and have multiple layers of cyber-security. Some also add additional layers of security to ensure customers don’t have to do all the work themselves to secure their private cloud.
When using more security-minded cloud providers, a company can expect additional resiliency. Not only is the data for employees stored in a hosted private cloud, but there is also an additional backup of the data available. A cloud provider can offer companies the ability to take regular backups of their data. These snapshots not only keep the data in a secure environment, but also allow a company to avoid being held up for ransomware. Since a “snapshot” of the data for each virtual desktop can be held for 10 days, an infected employee due to a ransomware attack can go “back in time” and refresh their virtual desktop at a point in time before they were infected.
Using other cloud-based backups, companies can also add a third layer of backup to their data. Often, users like to have their data on their laptop because they control the device and feel better knowing it is “in their hands.” This triple protection can assure employees that their data is available to them, so they feel more at ease in using a virtual desktop where sensitive data isn’t stored locally on their laptop.
Added Benefits of Virtual Desktops
We already covered the benefit of hosted virtual desktops saving the day from ransomware attacks. Yet, there are other malicious events that occur that can also infect or corrupt user data. Examples include a virus infection that deletes or corrupts files. The ability to “re-issue” a brand new virtual desktop instantly to the user allows them to remain productive instead of wasting time quarantining and remediating their laptop. And because they can “go back in time” they can also retrieve any corrupted files.
For users on Windows that have seen the “blue screen of death”, a fatal or critical Windows error, it means being stopped in your tracks. With a hosted virtual desktop, the user can get a new desktop issued to them and available if this happens with their virtual desktop. And if it happens with their physical laptop, they can simply obtain a different device and stream their virtual desktop to that device.
In fact, users who have to deal with a new laptop often struggle and spend time re-installing applications or adjusting their settings and migrating documents and other data. When users have a virtual desktop, they simply turn on their new laptop and access their virtual desktop instantly, bypassing the time consuming task of setting up a new laptop.
Adoption of Hosted Virtual Desktops
Many enterprises have adopted virtual desktops. You see it most often at large banks or other financial institutions, primarily because of the security benefits. Today, these hosted virtual desktops, more commonly referred to as desktop as a service (DaaS) are available as a turn-key service from cloud providers. The cloud providers range in the level of security they provide and in the types of deployment options that customers can choose.
Looking at DaaS may be the easiest way to avoid data breeches without going through costly software purchases, security assessments, and capital expenditures. And it also saves you from having to be a part of an embarrassing headline in the news.