One of the many challenges of information security is ensuring that sensitive documents don’t make their way out of the organization. This can happen in a variety of ways, through people emailing sensitive documents to external addresses, copying them to cloud-storage drives, or even copying them to a personal USB storage device.
The challenge of controlling the flow of sensitive documents is even greater when users are empowered through programs such as Bring Your Own Device (BYOD). How do you allow users to access sensitive documents and control their distribution if you’re also allowing them to access those files from computers over which they have complete control?
The best way to ensure that sensitive documents don’t go AWOL is to only allow users to access those documents from a locked-down computer, where applications are tightly controlled and tasks are restricted by role. This is fine when the organization owns the computer. However, most employees won’t be happy about the IT department locking down their personal machines. Part of the attraction of BYOD is the perceived freedom from the shackles of corporate IT policies.
With VDI, however, it’s possible to create a locked-down virtual desktop that still gives the device owner control over their BYOD computer. By remotely connecting to the corporate desktop, employees can interact with the sensitive information securely, without the sensitive files ever touching the BYOD device’s storage.
It’s possible because one can use rights management technologies to restrict access to sensitive documents in such a way that they can only be accessed from those secure virtual desktops. That prevents users from emailing sensitive files or uploading them to cloud drives because the secure virtual desktop would be configured to prohibit any such activity.
VDI gives organizations the best of both words. They can allow employees to use their own machines, and, through VDI, restrict sensitive information so that it can only be accessed by locked-down virtual machines.
Underwritten by HPE, NVIDIA and VMware