Secure Workspaces: Enhancing Physical Security around BYOD
November 28, 2017 No CommentsNew data breaches hit companies and organizations of all sizes, in all industries just about every day. And, while it’s much harder to hack into a corporate database, the proliferation of BYOD policies and mobile workers have sadly increased the amount of breaches caused by stolen devices. While the latter isn’t high up on the “massive” breach scale, breaches caused by stolen devices are still very much a real threat.
Hosted workspaces, or hosted virtual desktops (HVDs) can be an easy and solid answer to the situation of laptop loss. With hosted desktops, users access their applications, documents, and corporate data securely, but without it residing locally on their laptop. Instead, the data and applications are hosted out of a virtual private data center via a cloud provider.
- Q. What type of data is at risk in a breach, such as a stolen laptop?
A. Most employees like to hold on to their data. This might be several years of data. You also have some users that are “power users” in their organization, meaning that they have access to lots of sensitive data. This may mean that a manager or executive might have payroll data about their employees, confidential comments for annual reviews, or in the case of a sales environment, they might have data on revenues by location, individual performance information, or documents mentioning future products or plans their organization is planning to execute.
- Q. Are you saying all this sort of data is out in the open and easy to steal?
A. Larger enterprises have put a lot of investment into protecting their networks and environments. For example, they have DLP (data leakage protection) software to help manage the company’s intellectual property. But, imagine how easy it is for someone to go into a Starbucks and swipe a laptop when they go to fill up on their coffee. Today, employees tend to store their data locally on their laptop, which is physically accessible very easily.
- Q. Aren’t most corporate laptops encrypted and secure?
A. With workforce transformation, the modern workforce demands options in their devices. So it is common to see most organizations’ IT departments supporting BYOD (bring your own device). This means that employees’ laptops are only as secure as they decide and are capable of making them. Since it is a personal device, the corporate policy cannot be enforced on the laptop.
- Q. So how does a secure workspace work?
A. A secure workspace is delivered as a cloud service, meaning that a virtual desktop is provisioned for each user. This virtual machine, “VM”, is then allocated to an employee for their dedicated use. To access it, they connect to a hosted private cloud. All the applications and data are therefore stored in a secure data center. The data center typically has physical security and the hosted private cloud has multiple layers of cyber security built-in.
- Q. How does a secure workspace compete with BYOD?
A. Don’t look at secure hosted workspace as competing with BYOD, but rather something that complements it. Whether someone has a corporate laptop or their own personal laptop, the virtual desktop is streaming from a data center to the device, so it is compatible with multiple operating systems and device types, such as Windows 2 in 1, Macbooks, and Chromebooks. It allows users to keep corporate data and sensitive documents protected within the confines of a hosted private cloud, while allowing users mobility to work from home, office, or a café.
- Q. How does a company go about setting up a secure workspace?
A. Many large enterprises have embarked on their own on-premises virtual desktop infrastructure. However, it is capital intensive up-front, and there is significant maintenance to ensure performance and security are kept up to user expectations and corporate standards. An alternative to doing it themselves is to utilize Desktop as a Service (DaaS) from a cloud provider. DaaS providers vary in the level of security they offer as a foundation, and also what additional backup and resiliency they offer.
Ali’s IT channel career in the last 20 years spans product development, finance, and most recently, marketing and brand management. Currently, he is the chief marketing officer at dinCloud, a cloud services provider that helps organizations rapidly migrate their IT infrastructure to the cloud. There, Ali is responsible for products, alliances, and demand generation. For more information, visit: www.dincloud.com or follow @dinCloud on Twitter.