We have been doing security wrong for a number of years. This is a poorly kept secret, as everybody knows that technologies invented in the days of floppy disks are woefully inadequate for protecting today’s business. The industry pours huge amounts of resources into extending the life of schemes that try to identify attacks or deviations from corporate security policies in order to protect the business against service disruptions or loss of confidential data. The mistake is the misunderstanding that security itself is a business solution; security is a critical feature of a successful business solution. Today’s best-practice security approaches not only ineffectively secure the business, they impede new business initiatives. The answer to reducing runaway security investments lies in virtualization-based application delivery infrastructures that bypass traditional security problems and focus on delivering business services securely.
Defence-in-depth is a broadly accepted concept built on the premise that existing security technologies will fail to do the job. For example, an antivirus product in the network may catch 70 percent of known attacks, but that means it will still miss 30 percent. It is common for larger enterprises to have different vendors scanning e-mail at the network edge, on the e-mail servers and on user endpoints under the theory that the arithmetic will be on their side and one of these products will block an attack.
However, practice shows that the effectiveness of defence-in-depth falls well short of theory, and operating duplicate products comes at a great cost to the business. IT can continue to layer on traditional technologies with consistently dismal results. What is needed is an approach that fundamentally changes the business operations to avoid many of the existing security traps, and positions IT to deliver the business to any user, anywhere, using any device.
The predicates of virtualised application delivery have significant security contributions, without having to purchase and operate additional security products. The new approaches are made possible by advances in data-centre virtualization, availability of high-speed bandwidth and innovations in endpoint sophistication. Now, it is entirely possible to execute browsers in the secure data-centre for the end-user, remotely project displays and manage user interfaces, and have all of this done transparently to the end-user. The security characteristics of a virtualised application delivery are worth noting:
- Keep executables and data in a controlled data-centre environment. IT can better maintain compliant copies of applications and can better protect confidential data within the managed confines of a virtual data-centre. Most malicious attacks enter the enterprise through remote endpoints. Processing desktop applications in the data-centre reduces the exposure of business disruptions due to malicious code infections and data loss. IT operating costs are also reduced, as IT spends less time and resources maintaining employee endpoints with easy access to hosted applications.
- Minimize the time window of vulnerability when desktop applications and data can get into trouble. Vitalising desktop applications — either by hosting the application or desktop via remote display protocols in the data-centre or by streaming application images from the IT managed application delivery centre for local execution at the endpoint — reduces the amount of time an application is exposed to potential infections. Application delivery starts the end-users with a clean copy of the application, and the application copy is erased when the end-user is done. Any infection that is picked up disappears as the user again launches a clean copy the next time the application is requested.
- Remove the end-user from the security equation. Traditional approaches place too much of the security burden on the end-user, who is responsible for maintaining software, respecting confidential data and being knowledgeable of dangers lurking in the Internet. IT should be managing corporate security, and virtualised application delivery makes it much easier for the user to do the right thing.
IT is challenged with making it easier for the business to attract new customers, while continuing to meet high security standards. The burden needs to be reduced for end-users that presently are expected to install software agents, upgrade software regularly and take special action when informed of security events. Not only that, but users are limited in choices of endpoint devices, operating systems and connectivity choices. These disconnects between end-users and the organization, and between end-users and IT, inhibit productivity and business growth. Fortunately, IT is implementing new infrastructure models from the data-centre to the endpoint that more readily serve applications to users with intrinsic security at reduced operating costs.
IT is orchestrating the power of virtualised data-centres, high-speed bandwidth availability and high performance endpoints to offer end-users a true IT service with consistent secure access from anywhere at any time with any device. The ability to provide an integrated application delivery system, where applications are served on demand instead of deployed ahead of time, is the new model that has put security in its place. Application executables and sensitive data need not reside at the endpoint, where security becomes the responsibility of the end-user. A dynamic service approach enables IT to extend control of the technical infrastructure to the endpoint with resultant gains in security, application availability and cost reduction.
- Virtualised data-centres deliver cost savings in server utilization, are also delivering cost savings in dynamic desktop and application provisioning. As users request applications, the IT service can transparently launch a virtual desktop in the data-centre or stream a copy of the executable from the application delivery centre for local execution. Authenticated end-users have easy, secure access to business applications.
- The availability of high-speed bandwidth allows IT to effectively service end-users’ application requests over the Internet. Remote display protocols drive end-user interactions, allowing the application to execute in the safe confines of the data-centre with the look and feel of a locally executing application; application streaming protocols allow copies of executables to be efficiently downloaded and launched on demand for local execution when the network is unavailable. In both cases, IT ensures the user runs only the most recent compliant copy of the application. Security issues are significantly reduced simply by allowing the IT service to ensure that the user starts with clean copies of application images each and every time.
- The enterprise needs to support a wide variety of endpoint devices to make it easy for new customers to access applications. Thus, IT is required to make legacy Windows applications available not only to desktops and laptops running various operating systems, but also intelligent handhelds such as phones and PDAs. The most expeditious way of providing this service is also the most secure – virtualise the application in the data-centre, giving the user a choice of browser, remote display or streamed application access. In each scenario, IT reduces security exposures through heightened application control while the end-users can more readily get their business done.
It is time to start meeting security requirements the right way – by fundamentally changing the way applications are provided to end-users. The traditional model of executing applications by installing software directly on isolated PCs is well over 30 years old – well before the Internet connected users. It is not a surprise that this approach fails dramatically to meet today’s security requirements. An integrated approach that takes advantage of virtualization, Web based connectivity and power of endpoints to minimize security risks is essential. The direction of an integrated application delivery service enables IT to use ubiquitous Web-based technology to support new users and drive the costs out of supporting existing users. The business benefits of increased availability combined with the security benefits of greater IT control make the evolution to a cloud-based application delivery service inevitable.
A simple example shows the power of a virtualised application delivery system. A merger to create a stronger international presence for the enterprise creates a need to quickly grant access to corporate applications for the new employees. IT provides a securely configured browser that executes virtually in the data-centre. The new business offices easily transition to corporate applications without having to reconfigure internal systems such as firewalls or endpoints that may not be compliant with corporate security policies. The new offices are more quickly indoctrinated into the new organization, and the security risks of non-compliant configurations are simply bypassed. The virtual application delivery capability has put security in its place, removing additional costs and showing the agility to streamline IT alignment with business needs.
In an ideal world, security just wouldn’t matter. Organizations would go about the business of satisfying customers without concern for malicious attacks or painful losses of confidential data. Unfortunately we’re not there yet. However, by implementing virtualised application delivery approaches; IT can simply avoid many insecure situations while gaining the desired agility to keep IT services aligned with the business. This is putting security in its place – a feature to enable the success of business operations.
- Extend the virtualised data-centre to accommodate end-user desktops and applications. Application delivery using remote display technologies is a good way to deliver business value to remote offices where IT does not have to deploy applications on local endpoints and confidential data remains controlled in the data-centre. Put metrics in place to measure the IT time savings of only applying patches and software upgrades to applications in the data-centre.
- Test out the user experience of streamed applications. For example, employees working from home can improve security by executing a fresh copy of a browser or e-mail client from the corporate application delivery centre. Similarly, employees can work on an airplane totally disconnected from the network with applications that have been streamed to their laptop for the business trip. Let application delivery transparently stream compliant images from the data-centre to the desktop, and reduce the risk of malicious code lingering on corporate endpoints. Check out user satisfaction with performance while knowing that each user session begins with the most secure application that IT can deliver, and IT can deliver applications at the speed of business.
- Have your IT architects report back on delivering compliant end-user desktops and applications as an IT service. Once IT is comfortable in the cost savings and increased control of end-user environments in the data-centre, the next logical step is to enhance the application delivery service so IT can have the same procedures for both local and remote users. Look at additional cost savings by consolidating network security into the data-centre and achieve greater scale with network traffic accelerators.
The way to run a more secure business is to run a more secure application environment, where IT effectively controls executables and virtualization shrinks the vulnerability of desktop applications. IT managers should question why we keep putting applications in harm’s way on end-user desktops. Start moving towards virtualised application delivery – you will gain flexibility in running your business, you will gain tighter control and security of critical applications and confidential data, and you will lose a big expense bill from administering obsolete security technologies.
No comments:
Post a Comment