Securing the organization edge - VDI and DaaS reborn
As the work from anywhere trend continues to grow even after the pandemic, adapting to business changes becomes a growing challenge. Since 2020, most businesses were hastily increasing VPN capacity in order to meet users' demand. Now it is becoming apparent the traditional endpoint management tools, including their security and policy controls, were not built to handle the new distributed environment, nor are they equipped to manage devices remotely over the internet, or at such scale.
Furthermore, as organizations increasingly shift to cloud-based services and connect less to the organization offices, VPN becomes less relevant and adequate.
For over 25 years, organizations have commonly deployed Windows across their PCs and laptops to support the hundreds and thousands of applications today’s businesses run on. However, while this familiar, well-known desktop operating system delivers productivity, it has prominent security and management challenges that have only increased in the ‘work from anywhere’ era. Constant vulnerability patching, updates, reliance on VPNs, and a wealth of security agents such as XDR, make managing endpoints a full-time job with less predictable results.
The work from anywhere trend together with unprecedented attacks on endpoints, means IT admins and leaders are grappling with the best course of action to solve the challenges of large-scale modern remote access.
In this new context, Virtual desktop infrastructure (VDI) and Desktop-as-a-Service (DaaS) can become appealing as a new alternative to growing endpoint management concerns. In particular, DaaS offerings by Vmware, Citrix, Amazon, Microsoft and others are lowering the bar for adoption, as a more affordable alternative to high capex and maintenance intensive on-prem VDI solutions.
What are the benefits in the new modern context?
For IT pros, what's needed is a versatile and cost effective endpoint OS that can be centrally managed, reduce the Windows management costs and complexities. Companies such as IGEL, providing hardened operating systems for thin and zero clients, can alleviate the modern "fat client" issues, in particular:
Keeping apps and data in the cloud centralizes access to sensitive data and mitigates the risk of lost data due to endpoint theft, loss, or damage.
Fast endpoint updates, simpler technical support, elimination of remote Windows patching, VPN and other management and security tooling, together with lower software licensing costs cut recurring endpoint management costs.
Providing a simpler hardware agnostic OS makes it easy to convert any compatible x86-64 device, regardless of manufacturer or form factor, into a highly secure, standardized endpoint.
All of the above can be achieved with full support for endpoint devices such as speakers and headsets, and for applications traditionally viewed as problematic with VDI: video conferencing, video streaming, 3D CAD model rendering, embedded video in Powerpoint, etc.
How to succeed with VDI or DaaS projects?
Although VDI and DaaS sound appealing, projects often fail because important factors are ignored and they are incorrectly focused only on cost savings.
Here are some of the factors to consider:
The audience must be carefully identified: users are not equal and there is no one-fits-all solution. Some require more bandwidth than others, like executives or mission-critical employees with above-average data analysis needs. A user’s job function needs to be carefully considered when defining any remote use case, which means DaaS will mostly co-exist with traditional fat clients.
Focus on security. Minimize and reduce attack surfaces and optimize the management of highly distributed endpoints by prioritizing thin-client architectures for desk-based workers.
Reduce endpoint OS complexity in parallel with virtual desktops. It doesn't make sense to add management overhead for cloud PCs without reducing the client footprint. Therefore, a hardened thin client OS not dependent on hardware vendors is the most reasonable longer term approach.
Reduce VDI infrastructure complexity: prefer outsourcing infrastructure management via DaaS approach to reduce overall management overhead and security concerns.