The COVID-19 pandemic took many organizations by surprise. Faced with the need to quickly scale-up their remote work capabilities in a cost-effective way without compromising security and performance, many companies turned to Desktop-as-a-Service (DaaS) as a viable alternative to Virtual Private Networks (VPNs).
Virtual Desktop Infrastructures (VDIs) have long been used by organizations working with dynamic contractor bases or field teams to provide access to vital company data and applications in a secure and reliable manner. VDIs can be accessed from anywhere, from any device, without risking the security of company data as employees log on to a virtual desktop and work with data in that environment without having to store it locally on their devices, whether they are mobile, company-approved, or personal computers.
Traditional VDIs are centrally located servers with virtualization software installed that a company’s IT department is responsible for managing. That means that hardware, software, licensing, and deployment are handled in-house and the IT team has complete control over them. At the same time, they not only require time to set up but also resources and specialized staff to maintain them.
DaaS meanwhile are VDIs hosted in the cloud, with all the hardware managed by the provider, eliminating worries over maintenance, hardware breakdown, or rackspace. DaaS platforms use a subscription model and are generally charged by the seat. As a cloud service, DaaS can be set up in days or even just a few hours and offers a near-infinite capacity for scaling up or down without having to make long-term commitments.
It is therefore easy to see why companies, pressed to adapt to remote work, have turned to DaaS as a way to provide employees with a virtual desktop, where they can work from any device, in any environment, without jeopardizing the security of sensitive company data.
However, while DaaS does eliminate the need for employees to store and use data locally on their devices, they are often just basic systems that only come with standard Windows software. This means that IT departments still need to supply employees with the applications they need to do their jobs and protect data.
Data Security on DaaS
Virtual desktops, whether they are VDIs or DaaS, come with a number of risks. Compromised access due to poor password practices is one of the big ones. Because DaaS platforms are available from anywhere and any device and are essentially an internet-based service, there is the possibility of malicious outsiders targeting them. If employees access DaaS from an infected device, they can also jeopardize the security of the virtual desktop. It is therefore important that when they make the transition to DaaS, companies also ensure they have the right security tools in place to guard against potential attacks and infections. Two-factor authentication and clear rules when choosing a password as well as antivirus solutions can help reduce these risks.
When it comes to data security, virtual desktops are in many ways no different from physical desktops as human error is at the heart of many accidental data leaks. An employee working from a virtual desktop can just as easily send sensitive information, whether accidentally or intentionally, to non-authorized third-party email addresses, upload data to file-sharing services that make it easy for the information to spread through a simple link or send it via messaging apps whose security does not meet company standards.
Outsourcing VDI to a cloud provider does not excuse companies from compliance requirements with data protection legislation such as GDPR or CCPA as they are held directly responsible for the sensitive data they collect in the eyes of the law. Should a security incident occur, even if a cloud provider’s poor security practices are to blame, the company whose data has been leaked or stolen would also be fined because it is their duty to ensure that any service they use to store or process data is also compliant with data protection requirements.
Endpoint Protector and DaaS
Data Loss Prevention (DLP) solutions like Endpoint Protector can help protect sensitive data stored on DaaS and VDIs and support compliance efforts. Using complex scanning tools, Endpoint Protector inspects data stored on DaaS based on both content and context and helps discover, monitor, audit, and control the transfer of Personally Identifiable Information (PII) and Intellectual Property (IP). In this way, sensitive data can be blocked from leaving the virtual desktop, from being shared through unauthorized channels or sent to email addresses outside the company.
Organizations can use predefined profiles for data protection regulations and standards such as GDPR, HIPAA, PCI DSS, etc., to apply DLP policies directly to the data that needs to be protected to meet compliance needs. Companies can also customize policies to include data they consider sensitive to their business. Whether it’s intellectual property such as patents or proprietary algorithms, financial data, research results, or business strategies, organizations can define custom policies to protect them.
Endpoint Protector’s powerful PII Scanner can also inspect over one hundred file types for sensitive content. When policy violations take place, they are automatically logged, with the file shadowing feature offering the option to save a copy of the file for later inspection by admins. Logging and reporting all policy violation attempts help companies identify problematic practices of employees using DaaS that need to be corrected as well as support compliance efforts as most data protection regulations require companies to provide proof of real-time data protection.
The move towards work from home during the COVID-19 pandemic has forced companies to reevaluate what devices employees work on from home and how the security of company data will be affected. With DaaS, employees can log into the actual desktop they use every day at the office, with their documents and the applications they use to perform their tasks, already open and ready to resume. However, data security does not rest in the hands of cloud providers, but it is the responsibility of companies.
Whether organizations opt for DaaS offered by Amazon, Citrix, or Microsoft, Endpoint Protector provides a much-needed layer of data protection, which eliminates the risk of data leaks and ensures that sensitive data is not compromised whether it is located in a virtual or physical environment.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.