App and desktop virtualization: secure
• Resource centralization – Enterprise Windows apps and associated data are managed and protected in the data center and accessed securely from anywhere, rather than residing on the endpoint devices of every person in the extended enterprise. This model greatly reduces business risk. IT gains full visibility and control over centrally managed Windows apps and desktops, and can easily define and enforce policies regarding which resources specific users or groups can access, and whether or not they can install and configure apps themselves. Windows app and desktop access can be turned on and off instantly, as needed to accommodate new, transferring or departing staff and business continuity scenarios where designated people need to assume increased responsibility.
• Policy-based access control – IT can leverage preconfigured policies to determine the appropriate level of user access to Windows apps wherever they reside: in the data center, in a public or private cloud—even downloaded to a local device for offline use, where full isolation, encryption and strict control over save/copy functionality and peripheral usage prevent data from going astray. Policy-based access control supports multi-level security practices by letting IT deliver the right level of access based on the user’s current profile, device, network and location. For example, a user can be allowed to access one set of resources from the office, a subset of those resources from a personal computer at home and a smaller subset from a rented device or while connected via a public hotspot. In addition to controlling which resources the user may access, granular policies can determine what actions they may perform with each app. For example, a policy may indicate that when using an enterprisemanaged device the user can print, upload or download data, but when using an untrusted device such as a public kiosk or a personal tablet, the person can only view the data.
• Any-device access – Because virtual Windows apps and desktops are hardware independent, IT can enable secure access and collaboration for every employee, contractor or partner from any personal or corporate owned device they choose to use. Rather than making distinctions between enterprise owned and personally-owned devices, IT evaluates every device and user according to administrator-defined criteria as people attempt to connect to the enterprise network, then grants the appropriate level of access to each resource as indicated by the access control policies.
• Built-in data compliance – The centralization of resources, combined with strict access control, makes it much easier to protect against data loss and meet compliance and privacy standards by ensuring full activity logging, reporting and auditing. IT can define and implement policies to ensure conformance with the full spectrum of requirements the organization faces both internal and external— while maintaining the flexibility to respond to new mandates as they emerge.
App and desktop virtualization gives organizations a better way to secure their information and manage risk. The foundation of app and desktop virtualization is the centralization of IT resources in the data center—an inherently secure architecture that makes it far simpler to control both information and access. Centrally managed virtualized Windows apps and desktops are delivered on demand as a service to any device, providing an experience that looks, feels and acts like working on their traditional PC. A well-designed app and desktop virtualization solution offers important advantages over traditional security models.
Transform Desktop and Application Virtualization
VMware Horizon radically transforms traditional VDI, giving you unprecedented simplicity, flexibility, speed and scale – all at lower costs. VMware Horizon promises to have you up and running 30x faster than traditional solutions and cut costs by as much as 50%.
Support Workplace Mobility
Gone are the days of client/server computing where Windows ruled the day and end users were tasked to do their work from one device and one location. Today, end users are leveraging new types of devices for work, accessing Windows applications alongside non-Windows-based applications and are more mobile than ever.
But managing and delivering services to end users with traditional PC-centric tools has become time consuming and costly. VMware desktop and application virtualization solutions provide IT with a new streamlined approach to deliver, protect, and manage Windows or Linux desktops and applications on premises or in the cloud, while containing costs and ensuring end users can work anytime, anywhere across any device.
Desktop and Application Virtualization Products
Combine the benefits of virtual desktops and apps as-a-service with the flexibility of public, consumption-based IaaS and get a better, more cost-effective digital workspace.
Reasons to strengthen information security with app and desktop virtualization
1. Support workplace flexibility and mobility: Mobility is vital for today’s enterprise workforce. No longer bound to their desks, an increasing number of people routinely work at partner or customer sites, at home, on the road and in other locations outside the office. Wherever they work, their productivity depends on the ability to access apps and information, as well as share data, collaborate or join meetings, anywhere and at any time. Flexwork has become a key enterprise strategy as organizations move work to different locations, times and resources to ensure it is done by the right people, in the right place and at the right time. Flexwork can include everything from teleworking and desk-sharing programs to relocation of business processes or entire departments. Benefits include increased productivity and continuity of business operations, as well as reduced real estate, travel and labour costs.
2. Prevent data loss, ensure privacy and protect intellectual property: For optimal productivity and speed to market, organizations need to provide collaborative access to sensitive data and intellectual property across the value chain and the supply chain. At the same time, IT must not only prevent data loss and protect intellectual property but also ensure data privacy and client confidentiality, honor contractual commitments and maintain compliance. Partners, suppliers, contractors and other third parties need to access and share apps and data with the organization’s staff to keep operations running at peak performance, but without being given free rein behind the firewall. By centralizing resources in the data center, app and desktop virtualization lets IT manage and secure Windows apps and associated data more simply and effectively in a single location rather than in thousands of different locations across the organization and beyond. Instead of worrying about data being saved on removable media such as USB drives, emailed among users, printed out or otherwise exposed to loss or theft, IT can set policies to control users’ ability to save, copy, print or otherwise move data through a central point of administration. In use cases that require offline or locallyinstalled resources, the Citrix solution allows IT to encrypt data within a secure, isolated container on the endpoint, which can be wiped remotely, helping to protect data even if the device is lost or stolen.
3. Maintain global compliance: Compliance with national and international laws, industry regulations and organizational policies is both a rising burden and a moving target.With little ability to control the distribution of sensitive data and a lack of session-specific location data, IT has struggled with trans-border compliance issues. Applying a full set of controls to information usage is overly restrictive. Applying a minimum set of controls may fail to map to the organization’s own unique security needs and risk tolerance. Centralized, granular policy control enabled by app and desktop virtualization helps IT stop handling compliance and data privacy in a reactive manner and instead allows development of the right information security strategy for the organization’s industry and business needs and risk profile. A single set of policies can govern whether users can add applications, copy data, access peripherals and perform other actions, depending on their location and other factors. Industry specific rules can be applied to business units and worker types that fall under regulations such as European Union privacy mandates, the Health Insurance Portability and Accountability Act (HIPAA) and the SarbanesOxley Act in the United States and the PCI information security standard for the payment card industry. Citrix Xen App and Xen Desktop are recognized as compliant with Federal Information Processing Standards (FIPS) and have achieved the evaluation milestone for Common Criteria.
4. Empower contractors: Businesses are making greater use of contractors temporary workers, consultants, outsourcing partners, offshoring resources and other contingent workers. While contracting can increase flexibility and efficiency, it also presents a challenge for IT quickly and easily providing the resources these workers need and provisioning them just as effectively once the engagement is over. The devices used by contractors can be problematic as well. Allowing them to use their own equipment can reduce costs but there is no guarantee that these devices can run all the apps required for the engagement. App and desktop virtualization provides a solution to both of these problems. Windows apps and desktops needed by contractors even those located on the other side of the world can be provisioned and de-provisioned instantly from a single, central point of administration.Virtualized apps and desktops can be delivered to any type of device, whether owned by the contractor, a business partner orthe enterprise, or even leased for project. Following the engagement, access to resources can be turned off instantly, with no apps or data left behind on the device.
5. Support rapid business growth: When organizations open new branch offices, expand existing locations or merge with or acquire another company, an overly complex, distributed security model can delay time to value while employees wait for IT to secure each endpoint. App and desktop virtualization provides the ability to extend the organization’s existing security model to new locations, people and groups quickly, easily and cost-effectively. It simplifies remote office and branch management in several ways such as local lockdown, rapid setup and high availability enabling IT to provide instant access to virtual desktops with no need for network integration. Adding new users to existing groups according to their security profile and work requirements means that the right policies are applied from day one.
6. Increase the value of security investments: Trying to manage security for hundreds or thousands of individual endpoint devices is extremely challenging and time intensive, leading to inevitable delays and oversights in implementing the latest protections.In fact, studies have shown that an over whelming proportion of successful attacks took advantage of previously known vulnerabilities for which a patch or secure configuration standard was already available. By centralizing maintenance, app and desktop virtualization simplifies and accelerates endpoint security. Patches, antivirus updates and hotfixes can be quickly installed on a single master image before being deployed throughout the organization. IT can focus more effectively on what matters most: protecting data in the data center and responding quickly to new security requirements. To strengthen the inherent security of Citrix app and desktop virtualization, the company has forged strong partnerships with leading security vendors to deliver a complete, multilayered security solution. Citrix Ready security solutions provide additional security customization and freedom of choice for protecting sensitive data assets.