A corporation’s digital assets are only as secure as the weakest link – and in most cases that weakest link is end users and their devices. Unfortunately, end users cannot always be relied upon to follow security best practices: they may neglect to update OS and applications right away, they may not strictly follow guidelines on password strength, reuse, and updating. Employees may also be sucked in by a phishing attack, and by clicking on the wrong link or opening the wrong attachment they may open the door for malware to work its way into the corporate network.
Best practices in data security are even more difficult to enforce on portable devices that are also used outside of the office, such as smartphones, tablets and laptops. Employees use these devices while on the road – connecting to the internet from hotel rooms and coffee shops, actions that could expose them to all sorts of malware on public WiFi networks. If any sensitive information is stored on the device, this poses a major corporate data security vulnerability. Back in February, malware was discovered on a University of Virginia Health Services physician’s laptop and other devices; compromising the medical information of 1,882 people.
Moreover, portable devices such as tablets and laptops can, and do, get lost or stolen. Several months ago, a laptop was stolen from the car of an employee of Coplin Health Systems in West Virginia. Data on the hard drive was not encrypted. Sensitive information on 43,000 people was on that drive – names, date of birth, addresses, financial data, social security numbers, medical data – an identity theft bonanza for the thief, and a HIPAA, public relations, and potentially financial nightmare for the company.
The fact that most laptops require a password to access them is no barrier to accessing the data. A thief could simply remove the hard drive, copy it, and use tools to read the data without needing to ever start the computer.
How can such data breaches be prevented?
Less is More…
Imagine a workspace where all your sensitive data remains locked in a vault at all times, never actually residing on your users’ vulnerable endpoints. Of course, this seems like an ideal scenario for maintaining proper data security procedures. But how are your employees going to get any work done?
Secure desktop and application delivery solutions allow employees to access virtual or hosted desktops, applications and data securely, from wherever in the world they may be located, over any internet connection and on any device that has an HTML5-compatible browser. Users can work as usual with their data and applications, without storing anything on the endpoint device – ensuring your valuable data remains secure within the corporate data center or cloud at all times.
Note that not all desktop and application delivery solutions are the same: some rely on installing a local client or configuration files on the device being used to access your network. Such clients or files can serve as attack vectors for hackers, allowing them to gain access as well. Clientless access solutions that work natively from a standard browser, with no plugins, offer superior security.
Security benefits of remote access
There are many advantages to switching to virtual client computing model:
- There’s no danger of sensitive data being compromised due to the physical loss or theft of a device.
- Minimizes the human factor – rather than relying on employees to follow proper data security practices on their device, your data and software remain secure in your data center – where trained professionals can enforce proper IT hygiene.
- There’s no need for IT to manage individual personal or corporate-owned devices, or worry that users may not be installing critical updates and patches on a timely basis. In fact, with HTML5 web-based access solutions, there aren’t even any special browser plug-ins to install or configure.
Naturally, when using a browser to connect to your organization’s sensitive data and applications, it’s important that you also consider how to secure the browser itself against attack. Secure browsing solutions are evolving rapidly, and technologies such as remote browser isolation offer an invaluable layer of security against browser-based attacks such as malvertising and cross-site scripting that can otherwise be used to nefarious ends.
In a way, we are coming full circle and going back to a much earlier model of computing. In the early days of computers, dumb terminals were used to access a mainframe computer. There was no data loss if the terminal was stolen – it wasn’t much more than a monitor and a keyboard. Advances in technology are allowing us to go back to that sort of structure, with the corporate network and cloud taking the place of the mainframe, portable devices of different sizes and capabilities taking the place of the terminal – and the internet taking the place of the cables connecting them. Last but not least, advances in HTML5 technology have made it increasingly viable to leverage the humble web browser as an access point.
Bottom line: Your end users can be productive from any location even when no software or data resides on the client device – a scenario that greatly reduces your organization’s attack surface.
In a future installment, we’ll examine some of the financial ramifications of moving to a virtual computing model.