Yesterday was the VMware Community Roundtable discussion on View which featured VMware’s own John Dodge. If you haven’t participated or listened into one of the roundtables, this is a great one for those who are doing or thinking about virtual desktops.
At one point the discussion turned to Employee Owned IT (EOIT) and offline desktops within View. It was great to hear all the different individuals whose companies are thinking or implementing EOIT in some form or fashion. One aspect of EOIT which I have touched on in the past, is security. Security has come up with multiple of my clients when discussion desktop virtualization and EOIT; I was a bit shocked that the topic didn’t come up yesterday during the roundtable.
When you start letting employees bring in their own computers, connect to the corporate network, and then run a corporate supplied desktop VM locally (or connect to a corporate supplied virtual desktop remotely) to do their work there are still some security risks to keep in mind. Namely, the uncontrolled operating system attached to your corporate network.
Corporate IT may have locked down the VM the employee is using, but more times than not there are not adequate security mechanisms in place to protect the network from the EOIT OS that is running on that EOIT laptop. What sites were the employee’s children looking at last night? What malware might be lurking on the EOIT laptop? And that employee just plugged their laptop into your corporate network.
Walk into most large enterprises (and many smaller ones too), plug your computer to the physical network and you probably are now behind the firewall. Many companies don’t have any security in place to prevent outside computers from getting an IP address and instant network access–I know this because I’ve had this discussion with my clients when discussing EOIT and I’ve done it myself in the past. Most companies setup their wireless network to require authentication, and if it doesn’t require authentication it only gives you guest access to the Internet only. But this is not the case for the physical networks because the assumption is that those inside the building should have full access.
For EOIT to really take off in enterprises, this existing security mindset needs to be addressed. Either at the physical network level or at the local computer level. Since the entire idea of EOIT is to not need to manage the computer, it puts us in a tough spot. Most large enterprises would take years of time and lots of money to update the security on their network to a level that would enable EOIT for wide spread use. Many smaller companies would do it much faster and cheaper where the cost savings of EOIT far out ways the security measures needed to be installed.
But how do you solve this problem for the large enterprise?