Simplify security but tighten management to keep virtual desktops in check: Imation

Built-in encryption makes removable USB-based desktop images intrinsically more secure against loss or compromise than conventional desktops, but a virtual-desktop expert warns that companies must still look to two-factor authentication and innovations such as biometrics to ensure security is easy enough that employees won’t circumvent it.

The issue of employee participation in security initiatives has come to the fore as a growing number of companies embrace mobile desktops using capabilities such as Windows 8’s Windows To Go, which stores an entire Windows desktop image on a removable USB drive.

Those drives are winning popularity in some environments as a totally portable way for employees to bring their desktops in the field. However, without appropriate controls, that approach decentralises corporate data and desktops, and creates a virtual honeypot for hackers.

As a result, Imation Mobile Security chief architect Larry Hamid told CSO Australia, it’s incumbent upon CSOs and CIOs to ensure that mobile employees are given a mobile desktop that can be protected even away from the controls of the network.

“When you’re bringing your laptop into work, you’ve got all the controls that the organisation puts in place around you,” he explained.

“In that situation your desktop can be like any other desktop you’ve had issued to you. But with travellers heading around the globe, they don’t have the corporate network to protect them. They’re completely on their own. That’s why these products need to be fully integrated with company workflows: it’s a desktop, and needs to be managed as a desktop.”

As a precautionary measure, he added, desktop images should be limited to restrict the number of applications that are allowed to be run on those images, and what type of data can be stored on it.

On-board encryption – as found within a new breed of USB sticks like Imation’s IronKey range, which automatically encrypt data based on stored passwords or biometric signatures – offers an additional layer of protection, particularly since the security hashes are stored deep within the hardware and cannot be retrieved through conventional brute-force tactics.

“With a hardware device,” Hamid said, “you only have so many times to try a password before it locks up, and there’s nothing you can do to the device when it locks up.”

Yet while hardware security may be improving, users are still focused more on productivity than on security – and when the two clash, productivity will always win out. This leaves mobile data and desktops potentially compromised, with users prone to looking for ways to simplify their day-to-day work experience – for example, by storing data in unmanaged cloud services rather than on heavily controlled virtual desktops.

“As we talk to customers, we’re starting to see that there are all kinds of interesting nuances within these use cases that we never even knew about,” Hamid said.

“You can stop them copying data onto USB devices or storing data in the cloud, but the more you do this the less productive everybody is because you’re cutting off things that make your work easier and more efficient.”

That’s why users always need to be kept on board as companies explore new security paradigms, such as virtual desktops.

“The best security is still to have an educated user,” Hamid warned. “If your employee knows why certain measures are being followed, they’re going to be more likely to follow them. If anything is a burden, or you make the security more difficult for the user, they’re likely to resist it and go around it. It’s not so much that they don’t care; it’s just that they’re going to take the risk.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityvirtual desktopsimation

More about BuiltCSOImation ANZImation Mobile Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place