Leveraging VDI to Enable BYOD
by: Rick Varju, Director of Engineering and Operations at Foley & Lardner LLP
The consumerization of IT and BYOD in the corporate enterprise are quickly and dramatically changing how we all work and the technology we use to get our work done anytime, anywhere and from any device. While deploying VDI does not eliminate all of the security risks associated with embracing BYOD, it does mitigate a good deal of it.
For starters, with VDI, the virtual desktop stays within the secure confines of the data center. So, any device used to connect to the virtual desktop essentially becomes a remote monitor and keyboard with very little data ever needing to be stored on the endpoint device. In my opinion, delivering the desktop as a service via VDI provides the most secure desktop delivery model available today for embracing BYOD.
At Foley & Lardner LLP, we provide our BYOD users with a thin client device on their desks. So, they use their BYOD equipment to connect to their virtual desktop when working remotely or in a conference room with a client. All they need is an Internet connection and the VMware View client to access their fully loaded and fully functional corporate virtual desktop. No other software is needed on the BYOD equipment to do this. No special software packages or desktop images to build, maintain, and support for an ever-growing list of BYOD equipment types now being used in the corporate enterprise.
As a matter of policy, we do not allow BYOD equipment to be plugged into the Foley corporate “wired” network. While I could spend a ton of dollars on network access control technology to police this, our VDI deployment and a robust office wireless infrastructure really make this a non-issue for the most part. We provide our users with their own personal wireless access code that they can use to connect all their wireless devices to a dedicated “wireless-personal” network, which provides an Internet connection that is completely separated from the Firm’s corporate network. Our users REALLY like this as nobody wants to be tethered to a wired network jack anymore and their wireless devices connect automatically when they’re in the office. If you’re planning to embrace BYOD, make sure your wireless infrastructure is robust enough to handle the influx of personal wireless devices your users will want to connect. The average person uses three or four personal wireless devices.
As hard as many IT organizations may try, you can never truly control everything your users do when off the corporate network and on their own personal compute devices. This lack of control presents a number of challenges form an information governance and security standpoint. There simply is no way to completely control or secure every piece of data individuals create on personal devices, nor is there a way to completely control where they’re storing that data. As such, I believe information governance and security efforts need to be focused on user risk awareness and avoidance education rather than just on trying to control everything individuals do – because we can’t anymore. Like it or not, services such as Dropbox, iCloud, Skydrive and Google Drive (just to name a few) are being used and usage is on the rise. These services are extremely easy to use and provide a convenient way to share or make data available to anyone via the Internet from any compute device. So, from a BYOD perspective, it’s important to establish a strong corporate BYOD or Use of Technology policy that clearly identifies what is and is not supported. This at least makes everyone aware of the rules they’re expected to play by. Some organizations don’t allow cloud storage and file sharing services to be used period as a matter of policy. Others, like Foley, only permit corporate use when it’s a client requirement. When that’s the case, all sensitive data must be encrypted.
In my opinion, BYOD is happening in every corporate environment today to one degree or another whether it’s officially embraced or not. If securely delivering anytime, anywhere, from any device computing is a strategy you’re pursuing, the best and most secure way to get there is to deploy VDI and embrace BYOD together. This has been an incredibly powerful business enabling combination for Foley for about three years now. I can’t imagine embracing BYOD without having our VMware View virtual desktop infrastructure in place.
For More Information please visit the full Foley & Lardner Case Study