A bring your own device (BYOD) initiative allows employees to access corporate applications, data and network resources on personal smartphones and tablets. BYOD offers many benefits, especially increased productivity, but the consumerization of IT also raises concerns about data loss and unauthorized network access. Application streaming and virtual desktop infrastructure (VDI) can improve BYOD security by allowing applications and entire Windows desktop sessions to run on back-end servers, instead of on devices themselves.
BYOD security concerns
End user devices typically do not comply with corporate security policies, and they can be infested with malware. With VDI, the end user device communicates directly with back-end servers through an encrypted session. The remote operating system and streaming applications also run on those servers, which fully comply with the organization's security policy, ensuring that any resources passed to the device also comply.
With all the BYOD security fears floating around, it's easy to forget about another related challenge: End user devices usually do not natively support the applications business users want to run. Android tablets and iPad, for instance, can't natively run Windows applications such as Microsoft Office. That's where application streaming comes in, allowing these apps to run on a back-end server rather than directly on the device.
How client components boost BYOD security
For an end user to run hosted applications or access other network resources on his or her personal device, they simply need a client component that establishes a session with the VDI server or the server that's running the hosted application. However, client components are not universal, so that connection depends greatly on your virtualization vendor.
All vendors provide their own client components that are customized for application streaming with their own tools. Citrix Systems, for example, provides a client component called Citrix Receiver, which must be installed on the device if a user wants to connect to a VDI session or a hosted application running on Citrix.
The trouble with client components
Of course, the installation and maintenance of client components on end user devices does add work for the administrative or help desk staff. Still, installing client components is a one-time process. Once you install the client, users can access their VDI session or other hosted applications in much the same way they would from a corporate desktop.
More on BYOD security and management:
IT pros mix VDI with BYOD to simplify device management
VMware shops using View 5 for BYOD realize VDI challenges
Another issue with clients is that not all virtualization vendors support all client platforms. Most of the major vendors provide client components for Apple's iOS, Android and devices running the Remote Desktop Protocol (RDP), which are usually Windows tablets and phones. There's no guarantee that every end user device will support every client platform, but most of the vendors try to provide relatively broad support. You can use Citrix Receiver, for instance, on about 30 different platforms.
To avoid deployment issues and maintenance of client components altogether, some organizations have begun looking for ways around this requirement. Ericom Software released AccessNow, a desktop virtualization product that completely eliminates the need for end user devices to run client components. AccessNow runs on a back-end server and allows devices with HTML 5-compliant Web browsers to access RDP sessions without requiring dedicated client components. Other vendors are working on similar tools, and Web browser-based access from client devices could soon become the norm.
Desktop virtualization and application streaming technologies can address most concerns around BYOD security. Storing data and applications on back-end servers reduces the risk of data leakage and ensures that the connection to end user devices complies with company security policies.
ABOUT THE AUTHOR:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.