alphaspirit - Fotolia
Nonpersistent virtual desktops wipe clean after each session, and that provides a security boost over persistent virtual desktops and physical PCs, but it also makes it harder to assess any attacks.
The biggest VDI security threat to any endpoint device is that attackers will exploit a weakness within the device and then use it as a platform to gain access to other resources. Administrators still have to worry about endpoints as part of their nonpersistent VDI security strategy, because it's entirely possible for a nonpersistent desktop to contain an exploitable security vulnerability.
However, nonpersistent VDI environments are inherently easier to secure for a few different reasons. For starters, nonpersistent virtual desktops reset to a pristine state after each session. This means the old technique of planting malware on an endpoint and using that malware as a mechanism to gain access to the network is not as effective. It is still theoretically possible for a hacker to plant malware on nonpersistent virtual desktops, but they usually contain hardened operating systems, so any malware that makes it onto the system may not even work. Furthermore, the virtual desktop will automatically remove malware at the end of the session when it resets.
The biggest security drawback to nonpersistent desktops is that they make it easier for a hacker to cover his tracks. Any audit logs that exist within the virtual desktop erase the moment the session ends, so the same feature that makes nonpersistent desktops more secure can also work against them. IT staff won't be able to rely on endpoint-level forensics, so organizations using nonpersistent desktops should implement strong monitoring tools at other levels of the IT infrastructure.
Patching, which can address VDI security flaws and other bugs, is also different across persistent and nonpersistent desktops. Persistent desktops retain users' profiles and data, so admins can treat them similar to physical desktops, usually centrally downloading patches and then distributing them individually. Often in nonpersistent VDI, users all share the same disk image, so admins have to patch the master image and deploy a new one.
When should you use persistent VDI?
Why nonpersistent VDI is now a viable option
Compare the options for VDI endpoints
Dig Deeper on Virtual desktop management
Related Q&A from Brien Posey
Microsoft Teams storage limits can be complex for organizations to track. Learn the details and how to add Microsoft 365 storage to avoid capacity ... Continue Reading
Consider the fine print of encrypting data at rest. For example, access control permissions can make or break a storage encryption plan. Continue Reading
It's critical for an organization to know what data it needs to retain and where to store it. Some data is required for retention by law, so a ... Continue Reading