Using desktop virtualization for BYOD security and management

Managing mobile devices is a major headache for IT departments, but desktop virtualization is here to help. Before you pop an aspirin, learn how VDI can improve BYOD security.

For organizations that adopt bring your own device (BYOD) programs, delivering applications to and securing data on mobile devices are key challenges. Desktop virtualization can help, but there are still come caveats.

With virtual desktop infrastructure (VDI), administrators run operating systems and applications on back-end servers, which improves BYOD security by keeping data off the endpoints themselves. Still, VDI doesn't always prevent data leakage. Plus, desktop virtualization should be user-friendly, but on mobile devices it can become just one more connection that end users have to manage.

The answers to these frequently asked questions about BYOD management and VDI will help you support mobility in a secure, simple way.

What is VDI's role in the consumerization of IT?

Some organizations are developing native or Web-based applications to run on mobile devices, but in the meantime, it's simpler and faster for many to deliver apps through VDI. Many vendors are getting in on the game, too, by offering clients that work with their platforms for managing mobile devices. Lots of innovation going on in the VDI market right now is solely for the purpose of enabling the Consumerization of IT, but we still have a long way to go.

How can VDI improve BYOD security?

If you connect to a virtual desktop session from a mobile device, the application you're running is actually hosted on a back-end server in the data center. IT has control over the apps and OSes, because they're not running directly on the device. To provide the best BYOD security, you need a client component that allows you to connect to the VDI session. That client component should be approved by IT, making the connection secure and preventing data leakage.

Is VDI the magic bullet for BYOD security?

Not exactly. Though VDI is a big help, you also need to focus on data access control. VDI addresses external threats, such as viruses or malware, and keeps data safe if a device is lost or stolen. Data access control methods, on the other hand, help prevent important corporate data from leaking outside the network through other means -- even simply forwarding emails from a work account to an external account. You need a BYOD policy that determines where and when users can access data.

What are some challenges of managing mobile devices with VDI?

Managing mobile devices with VDI isn't always easy. Lots of organizations use VMware View to provide employees with desktop access on iPads and other devices, but View has some shortcomings. Many IT pros find the Persona Management feature not mature enough yet, so they turn to third parties for profile management. Plus, it's difficult to see and diagnose issues with remote virtual desktops -- on any VDI platform.

More on BYOD management:

BYOD FAQ: Answers to IT's burning questions

BYOD management also comes with human challenges. IT needs to educate the virtual desktop users, find the right hardware to use and enforce the organization's BYOD policy.

How can VDI simplify BYOD management?

Desktop virtualization simplifies BYOD management by letting IT manage the VDI session and apps instead of the hardware. It also brings flexibility, because users can connect to a desktop anytime and through any device, whether it's a tablet or smartphone. Virtual desktops often provide better performance, and depending on your deployment, users can still customize their desktops. Overall, VDI provides a centralized way for IT to manage disparate devices.

How does BYOD fit into VDI licensing rules?

This is a tricky one. Many vendors are still working to revise licensing rules to accommodate mobile devices. Until recently, it seemed that Microsoft wouldn't set BYOD licensing rules until Windows 8 came out. However, the company updated Windows 8 VDI licensing with a new Companion Device License (CDL), which employees have to purchase for any devices connecting to a virtual desktop.

For many companies, the CDL will bring more harm than help. The CDL licenses users for one primary device and a total of up to four devices -- a limitation that could be difficult to enforce. It also means most shops have to purchase a CDL on top of the Software Assurance license they already paid for, adding costs and complexity.

Dig Deeper on Virtual desktop infrastructure and architecture