DAVE WATERSON, CTO & Founder, SentryBay
In the search for improved management of remote or hybrid teams, better agility and increased efficiency, more and more organisations are migrating their workloads onto virtual desktop infrastructure (VDI). This serves to meet the multiple needs of their users regardless of where they are located.
One of the attractions of virtual desktops is that they purport to be secure.Indeed they do come with a level of security built-in, and they offer monitoring of access to virtual resources. Unfortunately, this is not enough to prevent a cyber-attack. Worse, the reassurance of thinking that they are protecting sensitive data can make companies less stringent about their security policies putting them even more at risk.
Examples of this include the idea that malware can’t attack a virtual session unless local storage is in place. The truth is that VDIs offer many different entry points to cloud servers. Cyber-attackers simply need one unprotected endpoint to gain access.
In2022 a security advisory from VMWare was issued when a vulnerability allowed an attacker with local non-administrative access to escalate privileges as a root user in a virtual machine. The issue was patched. In 2021 a cybersecurity company gained complete access to the accounts and databases of thousands of MicrosoftAzure Virtual Desktop (AVD) customers due to a glitch, forcing the company to act immediately.
The threat of an attack exists with any system, and VDIs are no exception. The important message is to understand where the threat exists and how to guard against it.
As is so often the case, trojans and malware that steal keystrokes or take screen grabs are behind many of the attacks associated with VDIs. It is not the VDI itself that is the problem, but the devices that connect to it. Of course, if organisations are running Bring Your Own Device (BYOD) policies which allow employees to use their own laptops, tablets, home PCs and smartphones to access corporate data and applications, this increases the risk. Any device that is unsecured presents a threat to the user, and any data or applications they connect to.
It’s not easy to protect users outside the corporate network. So much of our communication these days is done on video via Zoom orTeams, for example. Not long ago Teams became the latest attack vector with bad actors deploying malicious GIFs to capture user data without even needing to be shared – viewing the GIF is enough.
Companies want to use VDIs with confidence, so they need additional protection for their employees’ devices beyond using anti-malware software and endpoint defence solutions, which can be hard to enforce. They also need security solutions that are compatible with the various virtual applications and platforms they are using, and which will protect them to ensure regulations can be met.
The answer to meeting this challenge is enterprise-grade anti-keylogging and screen capture protection for solutions such as AzureVirtual Desktop and w365 at the endpoint. VDI sessions need to be secure end-to-end and include an enforcement agent that ensures employees can easily onboard.
We would advocate protection which utilises a container inside which all data and applications are wrapped so they cannot be infiltrated before they reach the cloud. This delivers a high level of protection and maintains the fully enriched VDI-optimised Teams experience so video collaboration can continue to be a safe and effective communication channel for the workforce.