Read this before you invest in virtualisation

Author: Martin McGregor, CEO and Co-founder, Devicie

While VDI offers various technological benefits, it should not be used without considering organisational efficiency and security.

Virtual desktop infrastructure (VDI) facilitates standardisation at large scale, making it easy for organisations to centrally manage end-user workspaces. With virtualisation, all end-user workspaces can be configured and run the same way, with minimal complexity.

From a security perspective, virtualisation offers simplified protection by keeping end-user workspaces within a firewall-protected network. The centralised environment afforded by virtualisation also makes it easier for organisations to have visibility over their systems and an accurate understanding of their compliance.

For larger organisations attempting to build systems at scale, virtualisation makes sense. But there are also benefits to be had for small and medium organisations. Take Microsoft’s cloud-PC Windows 365 service. This virtual desktop solution enables the operating system and applications to be streamed in any web browser and can be available on any PC or mobile device. Such a robust solution could benefit businesses that have a shortage of VDI expertise.

With so many benefits, it is no surprise IT teams get excited by the promise of VDI. The idea of having all systems isolated feels safe and attractive.

Where VDI comes unstuck, however, is its lack of flexibility to meet the evolving needs of a modern workspace. Having visibility and control is important, but it shouldn’t come at the expense of user experience and productivity.

End-user challenges of a virtualised desktop environment

In my experience, the biggest problem with virtualised desktops is the impact on end users: both their productivity and employee satisfaction.

End users who have worked with and without virtualisation tend to speak much less favourably of virtualisation compared to working on their own machine. This is an issue for any company that cares about their employee satisfaction, brand and productivity.

For starters, virtualisation is completely dependent on the network quality. It is impossible for a virtualised workspace to function offline.  Furthermore, slow or unreliable internet has a major impact on the employee workday.  Although hardware and internet speeds have improved to make virtual desktops better than before, end users still don’t get the same immediacy of working on their own machine with its own operating system.  Loading a new application is a good example. When you load an application  via virtualisation, you are potentially competing with hundreds of other users for resources. To overcome this issue is very expensive.

Three misconceptions: cost, security and mitigation

There are three misconceptions about virtualisation that are worth mentioning.

The first is that virtualisation is not expensive. When you take into account compute costs for fast and high-quality services, achieving performance in a virtualised cloud environment is very expensive. Running many concurrent workspaces in cloud environments is very demanding on compute.

The second misconception is that if you take care of your cloud infrastructure, your end-user devices will take care of themselves. End-user devices always need to be secured, no matter where they are. If your end user is working on a potentially compromised device and has access to your cloud environment, you can’t be sure their access won’t lead to a breach of the organisation.

I have found organisations with virtualised desktops in situations where they have suffered multiple damaging ransomware attacks. The idea that you can mitigate the impacts of such an event by securing assets in a data centre is another myth. As soon as you give an end user access to your environment, that access can be compromised.

It is not just a matter of securing devices. Businesses need to ensure that when an end user is accessing their organisation on any device, they have management over it so it can be patched, secured and monitored.

How Devicie maximises a virtualised desktop environment

Devicie makes up for all the areas where virtualisation falls short, providing uncompromising security on end-user devices in a way that supports a modern and flexible workspace.

Following end-user authentication, Devicie configures and deploys security controls to each end-user device across an organisation.

Devicie also manages the security and compliance of those devices, ensuring they are always up to date and auditable, no matter where they are.

Devicie also facilitates zero-trust models. That way, an organisation’s identity providers or services can be configured so end users are authenticated by access management policies.

Devicie also uses technologies like Microsoft Conditional Access that can limit where an end user can log on, what times they can log on, and with which devices. In addition, Devicie shows the compliance posture of all end-user devices, and automatically updates or remediates those devices before they are given access to an organisation.

None of this is intended to negate the value of virtualisation. It is, however, intended to highlight that virtualisation is not effective alone at mitigating security risks. Additionally, virtualisation should not be used without seriously considering the efficiency of the whole organisation and the impact on the various end-user roles.

Related resources

Why securing end-user devices is a key part of the Zero Trust journey

Moving to the future state for device security can quickly uplift organisations towards Zero Trust while also facilitating a positive end-user experience. 

Read more
devicie essential eight capabilities statement

Devicie Essential Eight: Capabilities statement

This document outlines how Devicie helps organisations to quickly implement key ASD Essential Eight controls on end-user devices.

Read more
How Devicie automates Essential Eight on end-user devices

How Devicie automates Essential Eight controls on end-user devices

Devicie automates Essential Eight controls on end-user devices, so organisations can ensure security and productivity.

Read more