Simplify security but tighten management to keep virtual desktops in check: Imation

  • David Braue (CSO Online)
  • — 30 September, 2013 15:51

Built-in encryption makes removable USB-based desktop images intrinsically more secure against loss or compromise than conventional desktops, but a virtual-desktop expert warns that companies must still look to two-factor authentication and innovations such as biometrics to ensure security is easy enough that employees won’t circumvent it.

The issue of employee participation in security initiatives has come to the fore as a growing number of companies embrace mobile desktops using capabilities such as Windows 8’s Windows To Go, which stores an entire Windows desktop image on a removable USB drive.

Those drives are winning popularity in some environments as a totally portable way for employees to bring their desktops in the field. However, without appropriate controls, that approach decentralises corporate data and desktops, and creates a virtual honeypot for hackers.

As a result, Imation Mobile Security chief architect Larry Hamid told CSO Australia, it’s incumbent upon CSOs and CIOs to ensure that mobile employees are given a mobile desktop that can be protected even away from the controls of the network.

“When you’re bringing your laptop into work, you’ve got all the controls that the organisation puts in place around you,” he explained.

“In that situation your desktop can be like any other desktop you’ve had issued to you. But with travellers heading around the globe, they don’t have the corporate network to protect them. They’re completely on their own. That’s why these products need to be fully integrated with company workflows: it’s a desktop, and needs to be managed as a desktop.”

As a precautionary measure, he added, desktop images should be limited to restrict the number of applications that are allowed to be run on those images, and what type of data can be stored on it.

On-board encryption – as found within a new breed of USB sticks like Imation’s IronKey range, which automatically encrypt data based on stored passwords or biometric signatures – offers an additional layer of protection, particularly since the security hashes are stored deep within the hardware and cannot be retrieved through conventional brute-force tactics.

“With a hardware device,” Hamid said, “you only have so many times to try a password before it locks up, and there’s nothing you can do to the device when it locks up.”

Yet while hardware security may be improving, users are still focused more on productivity than on security – and when the two clash, productivity will always win out. This leaves mobile data and desktops potentially compromised, with users prone to looking for ways to simplify their day-to-day work experience – for example, by storing data in unmanaged cloud services rather than on heavily controlled virtual desktops.

“As we talk to customers, we’re starting to see that there are all kinds of interesting nuances within these use cases that we never even knew about,” Hamid said.

“You can stop them copying data onto USB devices or storing data in the cloud, but the more you do this the less productive everybody is because you’re cutting off things that make your work easier and more efficient.”

That’s why users always need to be kept on board as companies explore new security paradigms, such as virtual desktops.

“The best security is still to have an educated user,” Hamid warned. “If your employee knows why certain measures are being followed, they’re going to be more likely to follow them. If anything is a burden, or you make the security more difficult for the user, they’re likely to resist it and go around it. It’s not so much that they don’t care; it’s just that they’re going to take the risk.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: security, imation, virtual desktops

Hackers prepping for OpenSSL Heartbleed attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.