Securing Virtual Workspaces

One of the challenges of adopting virtual workspaces is ensuring that the published resources —whether applications, remote desktops, documents, Web applications, or network folders — are accessed securely. Although the technologies typically employed in virtual workspaces, like VDI (virtual desktop infrastructure) and RDSH (remote desktop session host), are inherently secure, some security gaps still need to be addressed.

Virtual Workspaces are Exposed to Certain Risks Too

If you look at the basic makeup of technologies like VDI and RDSH, wherein you have published resources delivered from a central location, you can see that these technologies already have some form of inherent security.

Even if a device is stolen, the person who swiped it won’t be able to extract any meaningful information because the data and even the applications themselves reside in that central location. However, that doesn’t mean these technologies are devoid of vulnerabilities.

First, there’s the risk of unauthorized access. A threat actor might still be able to somehow connect to that central location and gain access to those resources.

Secondly, because resources delivered via VDI or RDSH will always traverse a network, they can be subjected to man-in-the-middle attacks. An eavesdropper can intercept the connection and steal login credentials or other sensitive data.

These vulnerabilities will undoubtedly be exploited if there’s enough incentive to them. Unfortunately, many organizations that employ virtual applications and desktops do have valuable information worth stealing.

Meeting PCI DSS, HIPAA, and Other Regulatory Requirements

When virtual applications and desktops are used in business operations that involve personal information, they’re usually in the scope of specific regulatory mandates. For example, if they involve credit card data, they could be subject to the Payment Card Industry Data Security Standard or PCI DSS requirements. Or, if they involve electronically protected health information (ePHI), they could be governed by the Health Insurance Portability and Accountability Act or HIPAA mandates.

In these situations, companies must implement adequate security controls to comply with those requirements/mandates or risk getting fined or penalized.

How to Secure Published Resources

To ensure the security of their published resources and, consequently, virtual workspaces, businesses should only use virtual applications and desktop delivery solutions that, at the minimum, mitigate the risks pointed out earlier.

In other words, these solutions should at least have reliable authentication and data-in-motion encryption capabilities. A reliable authentication feature can ensure that only clients with valid credentials will be allowed access to the published resources. On the other hand, data-in-motion encryption can protect against man-in-the-middle attacks.

The most accepted course of action is to employ a virtual application and delivery solution that support SSL/TLS. This widely used cryptographic protocol offers both authentication (through digital certificates) and data-in-motion encryption.

However, it’s not enough to go with any solution that allows you to tick the checkboxes for these security features. Popular solutions like Citrix, for example, can meet these security requirements. They’re usually too expensive, difficult to set up, and, as in the case of Citrix, require you to purchase an additional product to achieve the desired security.

Simplified Virtual Workspace Security with Parallels RAS

A better alternative is Parallels® Remote Application Server (RAS). This virtual application and desktop delivery solution is substantially more affordable than Citrix, but it’s also much easier to set up. The Parallels RAS Secure Client Gateway, which offers SSL/TLS protection, is already included in the Parallels RAS license.

In addition, the easy-to-set-up Parallels RAS Secure Client Gateway also enables load balancing (when used in conjunction with High Availability Load Balancing (HALB), integrates with Active Directory, and filters client access via MAC address.

Conclusion

When adopting a virtual workspace environment, don’t get too caught up in all the pretty stuff. Sure, it’s nice to have and offers many productivity benefits. But you also need to pay attention to the other important aspects that come with it, like securing virtual workspaces.

Try Parallels RAS!

Download the Trial