A previous post, Secure VDI – What it does and why you need it, explains that virtual desktop infrastructure (VDI) is the practice of hosting a desktop operating system within a virtual machine running on a centralized server and that it allows for secure remote computing with the accessibility and ease of use, as if your personal laptop was tucked away safely in a data center.
Picking up where that post left off, another advantage of Secure VDI is that it meets the managed access compliances for regulated or sensitive data industries, such as healthcare and financial organizations.
Secure VDI provides the ability to audit and measure user permissions and functions by utilizing the Active Directory services. User’s logon/logoff times and session duration are still captured by their Active Directory user object, allowing for full audit capability for all user access, dates, and times. These Secure VDI users and groups can be joined to the existing AD environment, or created as new. Both are supported.
This is the key element that is enforced by leveraging unique credentials for each remote user and placing those user objects into specific security groups. This is the same process for providing access to the Secure VDI environment, and the file or folder structure permissions. Active Directory Group Policies enforce unique logins and access not only by the username and password, but also by multi-factor authentication.
The combination of secure Active directory user groups and multi-factor authentication mitigates the chance of non-authorized access, and/or username and password sharing. This also speaks to fraud protection, so the users are able to alert their administrators if there are unauthorized attempts, or if enough logon failures occur the administrator and user are alerted.
Each of the Secure VDI machines are 100% virtual, including the user file and directory structure. Information that is stored during active sessions is 100% deleted upon logging out. This is enforced by local security policies applied at the server and Active Directory level. This process ensures that any and all data, either gathered as cookies, browser data, or temp files while creating and/or editing documents, are 100% deleted when the user ends their session. By creating these security rules, you are ensuring that no user will be able to log on to a session and be able to view or edit another user’s content.
We’ll get into how Secure VDI allows for a dedicated desktop profile on a Terminal Server in an upcoming blog post. In the meantime, visit fpweb.net/cyber-security/vdi for more information and to try out a free demo. Fill out this form, or contact the Fpweb.net cyber security specialists at firstname.lastname@example.org or 866-780-4678 to get Secure VDI set up for your organization.