In today’s computing environment, users are demanding access to their applications and data from anywhere and from any device. While this benefits the end user by providing flexibility and increasing productivity, it is creating a new set of security and data protection issues for IT professionals.
Virtualized desktop infrastructure (VDI) allows operating systems (OSs) and applications to run on virtual machines in the data center. The user accesses the virtual machine (VM) by using a thin client running remote display software or simply via the web. Users can access their applications and data securely from remote locations and the risk of data loss is minimized.
Thus, VDI uses the same idea that has been used by many businesses to simplify their data center management, and offers enterprises an alternative to the classic model of supplying every user a full-fledged desktop.
Although use of VDI simplifies desktop management, it also introduces new risk. Assurance professionals should ensure that there are at least the same security controls in place for virtualized OSs as there are for those same Oss when they run directly on hardware.
An assessment of the VDI should focus on the following areas:
(1) Assessing infrastructure risks
(2) Assessing management risk
CLICK HERE to read or download the complete Virtualized Desktop Infrastructure (VDI) document from ISACA’s website.