Skip to content

A Provisioned Desktop is a Secure Desktop

by on October 2, 2012

Gotham has several practice areas but we’re generally best known for our Security and Virtualization practices. It’s not uncommon for clients to show a little confusion at the juxtaposition of these two practices. I get a reaction similar to one you might get telling a person that you own a restaurant that specializes in sushi and barbecue.

At Gotham, we don’t think that the process of securing your IT offering should be separated from the process of defining and delivering your IT offering.

This is more than just a philosophical perspective. We feel that a properly created provisioning system is indispensable to the top security issues facing organizations today.

SANS.org publishes a list of the current top 20 critical security controls (http://www.sans.org/critical-security-controls/). The top 2 are:

Compromised devices are a key area of concern. In today’s chaotic, virtualized, BYOD world, how do you confirm proper security controls on each device connecting to your network? You need to be sure of malware protection, proper patching, and effective configuration management for starters – in some cases on machines you don’t own. In other cases, virtual machines may come on and off the network in a matter of minutes, never to be seen again.

I would argue that traditional security techniques that scan and report on rogue devices or for improper configurations can only be marginally effective in this kind of environment. Virtual machines and on-demand services need automated provisioning processes that ensure the proper configurations and controls. BYOD processes need appropriate controls around your offering to ensure that your security rests in the distribution mechanism on your offering, not in relying on a strongly worded memo regarding each employee’s responsibility to maintain appropriate anti-virus in their personal device. The best available control point is at the provisioning layer. I’m not advocating the removal of a scanning component as part of the control but a realistic solution is unreachable without provisioning controls.

Software is a similar issue. The proper provisioning and de-provisioning of software tied to a user’s role and security context is indispensable. What kind of effective controls can be put around an environment that still depends on machine-based software distribution?

I’m sure skeptics still abound but there you have it, Gotham’s argument for the juxtaposition of security and virtualization. Not sushi & barbecue, more like chocolate & peanut butter.

Comments are closed.

%d bloggers like this: