Keeping Corporate Data Off Mobile Devices With VDI

By turning handhelds into the ultimate thin client, remote virtual desktops provide a crisp boundary between personal and enterprise apps and data.

Kurt Marko, Contributing Editor

July 27, 2011

4 Min Read

As a vehicle for enterprise data loss, smartphones and tablets are thumb drives on steroids, providing relatively unlimited capacity -- you do realize that the entire Wikileaks State Department cable dump was copied via CD-RW, right? So I'm guessing a 32-GB phone can hold virtually every document of value in most organizations -- and it's equipped with wireless network mobility, all in a pocket-size package. But mobile devices are a fact of life in today's workforce, so IT departments adopting a Draconian security posture by outlawing them have about as much chance of success as those who tried banning dial-up remote access or personal Internet use 15 years ago. The question then becomes how to maintain enterprise security and protect sensitive data while accommodating today's mobile, interconnected, always-online workforce.

Enter VDI. Remote virtual desktops allow employees to run enterprise apps while keeping data off their vulnerable handhelds. Think of it as using the mobile device as an intelligent, portable display.

Smartphones and tablets are inherently personal devices, so for all but the most security-conscious organizations, the days of company-issued BlackBerrys with tightly controlled configurations and strict, business-only usage policies are rapidly coming to an end. When even the president has been outed using an iPad, there's little hope that IT's playing the security card will convince business managers to forgo their precious tablets. While MDM software is a great tool for centrally managing device configurations and controlling access to email and other enterprise network services, it's not foolproof. Without locking devices down so tight as to render them impotent (and risk employee rebellion), corporate data can still leak like a sieve through any number of file-sharing channels, from Dropbox to iDisk.

Here's where a new generation of VDI mobile apps comes in. By turning mobile devices into the ultimate thin client, VDI provides a crisp boundary between personal and enterprise apps and data. Employees can have unfettered access to the App Store and play "Angry Birds" to their hearts' content, while IT can tightly regulate access to and use of internal applications -- and, since the apps run remotely, files never leave the data center's friendly confines.

A quick personal example, while not strictly a VDI scenario, is close enough to illustrate the use case and synergy between virtual desktops and tablets. I was recently traveling and didn't want to lug a bulky laptop on a short trip when my iPad would suffice. At the last minute, I had to schedule a phone interview and product demo at a time when I was literally going to be on the road ... yes, driving, in a car. As luck would have it, my contact had planned to do the demo via a GoToMeeting Web conference. So, I dutifully downloaded the iPad app, found a handy parking lot at the appointed time, fired up my 3G link, and connected to the meeting, which essentially consisted of a screen share of my interlocutor's desktop -- hence the VDI analogy. I got to view some confidential slides and prerelease software, but once the meeting ended, poof, the information was gone, never to be resurrected, at least on my device.

The enormous sales of iOS and Android devices have motivated all the major Web conferencing and VDI vendors to develop native apps. Whether it's WebEx and GoToMeeting for conferencing or VMware View and Citrix Receiver for full-fledged VDI, there's an app for it. There are even iPad and Android clients for Microsoft's RDP, so no matter your VDI architecture, it's easy to incorporate devices into the mix.

There are obvious caveats since these endpoints are not PCs with high-powered GPUs; however, one could argue that recent dual-core devices such as the A5-based iPad 2 or Nvidia Tegra-based Android devices are actually more capable than the desktop thin clients of yesteryear. Even so, due diligence is required since some apps either (a) won't display well over any VDI interface, or (b) will be sufficiently sluggish on some older, underpowered devices or over slow links. But based on my experience, with a current-generation device on a 3G network, performance and usability will be surprisingly good. Match the VDI-tablet combo with a compact Bluetooth keyboard (this one's nice, too) and give employees a purse-sized uber-remote office setup.

InformationWeek Analytics is conducting a survey on mobile device management and security. Respond to the survey and be eligible to win an iPod Touch. Take the survey now. Survey ends July 29.

About the Author(s)

Kurt Marko

Contributing Editor

Kurt Marko is an InformationWeek and Network Computing contributor and IT industry veteran, pursuing his passion for communications after a varied career that has spanned virtually the entire high-tech food chain from chips to systems. Upon graduating from Stanford University with a BS and MS in Electrical Engineering, Kurt spent several years as a semiconductor device physicist, doing process design, modeling and testing. He then joined AT&T Bell Laboratories as a memory chip designer and CAD and simulation developer.Moving to Hewlett-Packard, Kurt started in the laser printer R&D lab doing electrophotography development, for which he earned a patent, but his love of computers eventually led him to join HP’s nascent technical IT group. He spent 15 years as an IT engineer and was a lead architect for several enterprisewide infrastructure projects at HP, including the Windows domain infrastructure, remote access service, Exchange e-mail infrastructure and managed Web services.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights