The Virtual Answer to Laptop Security
Virtualization could hold the key to desktop and laptop security
June 6, 2007
The answer to laptop security could be virtualization.
The problem is plain enough: Growing reliance on corporate data, coupled with an increasingly mobile work force, have made security a nightmare for many IT pros. (See Users Confess Security Fears and Sorting Out Laptop Backup.) But action is urgent: If you have any doubts, hit our sister site Dark Reading and search for "laptop."
Emerging virtualization tools may hold the answer by providing centralized control over who can have access to what on a corporate laptop. (See Wanted: Virtual Desktop Services.) Products are available from a range of vendors, including VMware, XenSource, Novell, Parallels, Red Hat, and XDS. (See Insider Eyes Virtual Desktops.) Microsoft is also said to working on OS virtualization capabilities, thanks in part to its purchase of startup Softricity last year. (See Microsoft Makes Virtualization Play.)
Virtualization tools can help desktop security in two ways: first, by assigning applications to remote users via virtual machines as they log in {VMware's VDI or XDS's SIMtone VDU); or second, by divvying up a user's laptop into virtual machines to host a range of applications and security tools (Parallel's Desktop for Mac, or VMware's Workstation).
Besides helping IT managers control access to specific applications, virtual machines can inhibit the spread of viruses if a remote laptop or desktop is infected, since the application is restricted to that virtual machine.What's more, virtual machines can override any chance that an operating system's security features will erase or conflict with application vendors.
Symantec anti-virus software, for example, could run in a separate VM without having to interact with a Microsoft operating system that views it as a potential virus. Other packages could also be deployed to ensure optimum security on the same machine.
But implementing desktop or laptop security through virtualization won't be easy. For one thing, there's a lot of variation in product capabilities, and often you'll need packages from more than one vendor.
XenSource, for instance, doesn't virtualize the desktop client, so to use its virtualization for desktops and laptops, you'll need to buy a virtualization broker. Citrix and VMware offer these even though they also offer their own client virtualization. Good luck figuring out the support issues.
Then there's licensing. Since multiple copies of applications are used in virtual machine architectures, those copies are subject to licensing. Microsoft has reportedly expanded its allowance for virtualization with newer operating system wares, but it's still worth checking to see if what you're running is really legal.Finally, virtualization itself isn't trusted by many users, let alone in terms of security. "I'll use virtualization if it works, but I can't say I really trust it," says Richard Taylor, senior system programmer, IT, for Clark County, Nevada. The idea of faking out the operating system is too much of a black art for him to be comfortable with it just yet.
The message here is twofold: Expect virtualization to offer solutions to security problems, but don't expect to see workable results for a while. "Customers are kicking the tires and picking and poking in this area," says analyst Mark Margevicius of the Gartner Group. "It's one of the hottest areas... But our guidance for technology that's been in the market less than two years is to wait twelve to eighteen months before you deploy in order to have questions like licensing answered."
That's not a blanket counsel, he notes. For the right customer or implementation, a pilot may be a good thing to do. But like a sick person in a drug trial, you're taking your chances.
It will nevertheless be interesting to see what emerges as desktop virtualization evolves to support better security. We'll be on the ground as it happens.
— Mary Jander, Site Editor, Byte and Switch
Gartner Inc.
Novell Inc. (Nasdaq: NOVL)
Parallels Inc.
Red Hat Inc. (Nasdaq: RHAT)
VMware Inc. (NYSE: VMW)
XDS Inc.
XenSource Inc.0
You May Also Like