3 Critical Ways That VMware Horizon Bolsters Security
With security as a top, C-level concern today, leading organizations look to VMware Horizon to help drive enterprise security. As part of our ongoing blog series on security, let’s take a look at three critical ways Horizon can help:
- Centralized Data and Delivery
- Trusted Images
- Secure, Policy-Based Access
1. Centralized Data & Delivery
Virtualizing means centralizing where the desktops live, either on premises or in the cloud, and then deliver those desktops and apps to any device. Centralizing data results in a number of security benefits:
- First, IT never has to worry about data loss from lost or stolen devices—no more worries about phones inadvertently left behind in taxis or laptop thefts from employees’ homes.
- Centralizing data in the data center also means that the data is protected by enterprise-class safeguards. For organizations with many remote or branch offices, virtualization means that less infrastructure and expertise is needed at these offices where IT resources to secure infrastructure vulnerabilities are limited.
- And finally, centralizing data also means that it is easier to back up and recover to a previous known good state, if needed.
2. Trusted Images
Our Just-in-Time desktops and apps leverage VMware Instant Clone Technology and VMware App Volumes. Instant clones enable the same golden operating system (OS) image to be used for multiple desktops, and App Volumes enables the same application images to be delivered to each desktop.
Imagine the benefits of managing one image instead of thousands of images—that’s a huge management benefit, but our Just-in-Time Management Platform (JMP) delivers a huge security benefit, as well. Every time the user logs off, the desktop is destroyed and reassembled when the user logs back on. This means that malware that is inadvertently or intentionally activated during a user session is obliterated every time the user logs off, and the desktops and apps start from a pristine, trusted image every time the user logs on.
3. Secure, Policy-Based Access
Since we’ve made security an integral part of the Horizon solution, users can get a great user experience and seamless access to the apps they need to stay productive. Users can securely access corporate data and applications across sessions through single sign-on (SSO) with one set of login credentials.
Virtual desktops and published applications with Horizon also provide IT teams with increased consistency across system settings and policies because key features can be dynamically enabled, disabled or controlled based not only on who the user is but also on many different variables, such as client device and IP address. Organizations can use Smart Policies to enable or disable features, such as clipboard redirection, USB access, printing and client drive redirection. For example, they can create a policy that disables security-sensitive features, such as cut-and-paste or USB drive access, when a user logs into their desktop off the corporate network. Smart Policies can be enforced based on role and evaluated at login and logout, at disconnect and reconnect and at predetermined refresh intervals.
With all these capabilities and fine-grained control, IT teams can use virtualization to address many different use cases. Horizon desktop and application virtualization introduces a desktop and application delivery model that improves security posture by design, and that also provides businesses the policy-based access they need to manage security for their environments.
But that’s just the start—Horizon also integrates with the VMware Software-Defined Data Center to provide a comprehensive answer to security threats. We’ll explore that further in this blog series, so stay tuned!