VMware Horizon

BYOD: Suitable for Some Situations but Not for Others

By Gary Sloane, Contract Technical Writer, End-User Computing, VMware, and David G. Young, Jr., End-User Computing Solutions Architect on the VMware Federal Solutions Engineering Team

Are you using a tablet to read this blog? Would you feel lost without your tablet or smart phone or MacBook Air?

If the answer is Yes, then you can empathize with the government employee tasked with analyzing secret or top-secret documents who would find it so much more convenient to be able to work on them at home, in a café, or at the airport while waiting for a delayed flight.

Unfortunately, these tempting use case scenarios tend to expose a rather large attack surface—to use a bit of jargon—because data at rest on these devices, or in motion over unsecured networks, also offers tempting opportunities to anyone who might want to gain illegitimate access. That’s why wireless access—and any kind of device that stores data—still present serious problems for the most secure sites and data, and why there are still places where their use is not advisable.

VMware Federal Secure Desktop and BYOD: Straight Talk About Security is a brief paper that explores the current state of the art for IT data security and looks at near- and medium-term solutions to problems that government agencies in particular need to take seriously. The paper examines promising protective technologies, such as Suite B Ciphers, and offers a practical, elegant solution for the hardware sprawl on many analysts’ desks.

Spoiler alert: The solution for many of these problems is to host managed Horizon View desktops on multiple networks at the appropriate levels of security. A single zero client (with as many displays as necessary) on the analyst’s desk addresses the data-at-rest problem and goes a long way toward cleaning up sprawl on the desktop.

That doesn’t mean the government wants to take your iPad away—you can still use it for nearly everything—but not to access the most sensitive sites and data.