Like many IT guys, my first job was desktop support, where my days consisted of dealing with computer malfunctions. The company I worked for had mainly identical desktops for each department, which were delivered in batches and ghost images then applied. However, there was always one or two which wouldn’t accept the image or randomly decided not to work properly. I remember at the time thinking it seemed crazy to put in place so many computers that can individually go wrong, when systems like mainframes that employ a terminal topography, are being made redundant.
I’m clearly not the only person to have thought this, and the trend for thin client services, and now cloud computing, have grown in popularity (I’m going to look at cloud computing in my next blog).
Over the last 5 years, I’ve seen this technology really mature, and the speed of connections improve so much, that when we put together the new service offering from Vigilante Bespoke (VB), I decided to have a serious look at whether we could offer a secure desktop environment for our clients; and thoroughly review the pros and cons of doing this.
VB offers tailored security solutions for people that fall outside the usual corporate structure, but deal with important and valuable information; such as celebrities, authors, and current and previous politicians. The idea of the virtual desktop is to enable our clients to connect from anywhere in the world, through and internet connection, and work on their desktop, with their files, e-mails and applications, which are all ready to use.
Let us start with the obvious major security concern; to access a virtual desktop you need to connect via the internet, rather than straight on to your laptop or corporate PC / server. This makes people feel nervous. However the other side of this argument is that having your desktop centralised, does remove some of the need for information to be stored on USB keys, laptops and other types of mobile devices, which can be lost, or stolen. It also removes the need for costly software or hardware encryption of these devices.
The next concern is authentication. If I’m sitting in a cybercafé on holiday in Spain and type in my credentials, will a backdoor or keyboard sniffer installed on the host I’m using, be able to copy my credentials? The solution is to use token-based security. So even if my credentials are copied, the hacker will not be able to replicate that third factor.
The next point of discussion: What about an external hack? Could a buffer overflow or other vulnerability be exploited in the software, to allow an attacker access to the environment? Well, this is a fear that every organisation faces, and the usual measures must be put into place. We operate a multi-tiered environment, with industry leading security devices, IDS, and 24×7 monitoring – to name a few!
So we’ve looked at external security risks, what happens if there is an internal issue, and one user is accidently allowed to view another data? We looked long and hard at the products available, and we have found a solution which logically separates both desktops and storage. There is no way that one user can stumble upon another user’s data.
The last aspect to consider was physical security. Will a customer allow us to store their information rather than keep it at home, or at their business? Well a major consideration when setting up VB, is that we must have a secure environment to host our IT equipment. We chose an ex-military nuclear bunker for this. The facility is incredibly secure, with ID, biometric validation, 24×7 guards, wired perimeter fence, and pre-authenticated validation control. The premises have systems to deal with fires, floods, and power-cuts, and are kept at a constant temperature to minimise kit failure. Finally the unit has several inbound and outbound network streams, with EMP protection. How many homes and businesses can offer the same? On top of this, our storage is encrypted, and multiple factor authentication mechanisms are required to access the systems.
So in conclusion; if properly implemented, with the right investment made on the right solution, virtual desktops can be secured to allow our clients a central place to view and store their information.
