Analysts to Discuss Security Trends at Gartner's 2013 Security and Risk Management Summits, June 10-13 in National Harbor, Md., August 19-20 in Sydney and September 18-20 in London
One of the most commonly cited motivations for implementing hosted virtual desktops (HVDs) is to increase the security of end-user computing, according to Gartner, Inc. Gartner said that properly implemented HVDs can increase security, and help organizations and infrastructure leaders meet compliance requirements. However, before assuming HVD is the right answer to all security and compliance concerns, security professionals need to consider the alternatives available.
"Having the organization's data spread across hundreds or thousands of devices, many of which leave the physical security of office locations, presents a significant risk of data loss," said Neil MacDonald, vice president and Gartner Fellow. "HVDs can help improve the security standing of the client computing environment by centralizing sensitive information and applications in the data center, giving IT system and security stakeholders the opportunity not only to improve support efficiency, but also security."
HVD is a technology that enables client computing to shift from a device-centric to a user-centric workspace, application and data delivery technology while providing an endpoint-agnostic access solution where the user's workspace can be accessed from many different locations using many different devices.
Although HVD architecture holds the promise of a more secure environment, it can only do so if carefully planned, deployed and configured, then managed consistently on an ongoing basis. Security may be a native strength of the HVD architecture, but any solution under consideration must be cost-effective and compatible with the applications user's need, must be sized appropriately for capacity and performance and, most importantly, must deliver a good end-user experience.
"An HVD architecture is complex, and infrastructure and security stakeholders must consider multiple facets, such as device form factors, access methods and data security, to avoid potential issues," said Nathan Hill, research director at Gartner. "Chief among the concerns of organizations is how they capitalize on the opportunity to use HVDs and ensure that the environment is secure, and which areas of the architecture represent a change in risk profile from traditional client computing architectures.
Many traditional PC security considerations remain with the HVD architecture, including desktop OS antivirus protection, but the complex nature of the HVD architecture also introduces new areas where security must be considered. Security stakeholders must ensure that they address the security requirements of the access device and remote connectivity, in addition to the virtualization platform.
Emerging HVD security solutions promise enterprises and users more efficient and secure platforms tailored for the architecture's needs. Over the past four to five years, there has been an improvement in platform architecture, with the evolution of software and hardware tailored to the workload, including HVD appliances, reference architectures, storage virtualization and personalization software. The same is true for security solutions that are evolving to meet the demands of the platform, and to offer increased security and/or performance.
"Centralizing workloads gives organizations the potential to improve security, but because risk is aggregated in the data center and network with HVD, strong security controls are required to protect the infrastructure," said Mr. MacDonald. "As a result it's important to address data and HVD security requirements, and leverage the security capabilities of the Citrix and VMware product sets, when required."
More detailed analysis is available in the report "Know the Security Implications of Adopting Hosted Virtual Desktops." The report is available on Gartner's website at http://www.gartner.com/resId=2414215.
Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summits 2013 taking place June 10-13 in National Harbor, Maryland, August 19-20 in Sydney, Australia and September 18-20 in London, U.K. More information on the U.S. event can be found at www.gartner.com/us/securityrisk. Details on the Australia event are at http://www.gartner.com/technology/summits/apac/security/. More information on the U.K. event is at http://www.gartner.com/technology/summits/emea/security/.
Information from the Gartner Security & Risk Management Summits 2013 will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior information technology (IT) leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to supply chain professionals, digital marketing professionals and technology investors, Gartner is the valuable partner to clients in more than 10,000 distinct enterprises. Gartner works with clients to research, analyze and interpret the business of IT within the context of their individual roles. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has almost 9,000 associates, including 1,900 research analysts and consultants, operating in more than 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.