This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
The bring your own device (BYOD) movement formally advocates use of personal equipment for work and obligates IT to ensure jobs can be performed with an acceptable level of security, but how can risks be addressed given the range of devices used and the fact that you lack control of the end point?
Companies looking to embrace BYOD -- 44% of firms surveyed by Citrix say they have a BYOD policy in place and 94% plan to implement BYOD by 2013 -- need to address four key areas: 1) standardization of service, not device, 2) common delivery methods, 3) intelligent access controls and 4) data containment.
1. Standardization of service
Standardization is necessary to implement a consistent set of security controls across different platforms while providing the same level of service. Lack of compatibility with security controls can deny legitimate users access to information services and hurt productivity. Solving this issue by adding more access methods can result in weaker security and make the environment more difficult to manage. Instead, companies can give users the service they expect through desktop and application virtualization technologies and terminal servers.
Virtual desktops are hosted on a remote server and emulate a desktop computer to provide access to IT services, including applications and tools users need to do their job. As long as they can connect to the server, users can access their virtual desktop.
Through application virtualization, software is streamed from a server to the end users device, enabling users to access their core business applications from a variety of devices. Application virtualization does not require software installation and applications can be upgraded from the server without interfacing with remote or mobile devices. In some cases, the application can be cached on the device so it will function even when a connection to the server does not exist.
Both virtualization options use terminal server connections to access the remote virtual desktop or application but terminal servers can be used alone to provide consistent access to IT services similar to desktop virtualization. It differs from desktop virtualization, however, in that the applications run on the server operating system instead of a virtualized one. Terminal servers are limited in the services they can provide because not all applications support terminal access and some may behave differently on a terminal than they would on a virtual desktop.
None of these solutions are new so their security models are mature enough to be relied upon for IT services. In fact, these tools return control of end user devices to security practitioners. Restrictions can be placed on systems so the user can neither install other applications nor change the system to introduce vulnerabilities. Since all the activity is performed remotely, the device used to connect does not matter so employees can do their job even if their primary computer is unavailable. Both terminal server and virtualization tools make it easy to restore or clon a machine so user errors result in less impact to productivity and lower support costs.