How DesktopReady Addresses Cloud Desktop Security

  • 5
    min read
  • Desktopready
  • February 20, 2021

How DesktopReady Addresses CloudDesktop Security

Are cloud desktops secure? That’s a crucialquestion to ask before you migrate from physical PCs to cloud-based virtualmachines.

It’s also a question with a complicatedanswer. The security of cloud desktops depends on which controls your providerputs in place to protect against the multiple types of attacks that could leadto data theft or malware installation on your cloud desktop environments. Somecloud desktops are more secure than others, and some solutions push the burdenof securing desktop infrastructure onto customers more than others.

With that reality in mind, let’s take a lookat how DesktopReady provides built-in security and minimizes the need forcustomers to worry about cyberattacks against their cloud desktops.

Cloud desktop security overview

In some ways, cloud desktops offer inherentsecurity advantages over physical PCs. In other ways, however, they createadditional risks. 

The chief security advantage of cloud desktopsis that they eliminate the threat of security incidents that arise frominsecure physical hardware. When you move your desktops to the cloud, you nolonger need to worry that a malicious user could install malware on a PC whenno one is looking, or that an employee will misplace a laptop that containssensitive data. 

On the other hand, cloud desktops by theirnature face a higher degree of network-borne threats. Cloud desktops must beconstantly connected to the Internet, which means that attackers have a broaderset of potential opportunities for breaches. Not only can they use the Internetas a pathway to gain unauthorized access to your desktop environments, but theycould also potentially “sniff” network traffic as it flows to and from yourdesktops. If the traffic is not encrypted, attackers will be able to read sensitiveinformation passed over the network. They may also be able to gain directaccess to cloud desktops via “brute force” password attacks, which involvecycling through long lists of passwords until the attackers happen upon theright one. 

At the same time, because cloud desktops relyon a complex stack of infrastructure, there are multiple potential attackpoints that malicious actors could exploit. They could breach the cloudplatform that hosts your desktops, the virtual machine software that powersthem or the individual virtual machines that host each one. 

The main focus of cloud desktop securitysolutions, then, is to protect against the threats that exist within thenetwork architecture and cloud infrastructure on which cloud desktops run.

DesktopReady’s security features

DesktopReady addresses these threats through amulti-layered security model that hardens all of the soft spots of network andcloud infrastructure. 

At the network level, DesktopReady uses SSLconnections to provide end-to-end encryption for all traffic that passesbetween cloud desktop environments and end-users. This protects against therisk of attackers sniffing the traffic while it is in transit. WithDesktopReady, only authorized users have access to the decryption keys necessaryto view network data. 

In addition, DesktopReady blocks direct accessto cloud desktops from the Internet. The only way to connect is via a secureRDP session that binds to a private IP address. This architectural modelminimizes the exposure of cloud desktops to the Internet, which providesanother crucial layer of protection against threats that could arise from thenetwork. 

What’s more, even if intruders are able tolocate DesktopReady cloud desktops on the network, the desktops remainprotected by DesktopReady’s authentication requirements, which include supportfor two-factor authentication. That means that gaining access to passwordsalone via a brute force attack is not enough for attackers to breachDesktopReady’s defenses. They would also need to circumvent the secondaryauthentication control, which can’t effectively be brute-forced. 

At the cloud level, too, DesktopReady takesfull advantage of the security features offered by the cloud platform in whichit runs, which is Microsoft Azure. The cloud control plane is continuouslymonitored by Microsoft for security threats, and DesktopReady’s virtualenvironments are locked down with cloud access controls and isolation fromother parts of the Azure platform. 

On top of this, DesktopReady cloud desktopsare preconfigured with Windows Antivirus Defender, which offers yet anotherlayer of protection. If, despite the other defenses that DesktopReady puts inplace, attackers manage to gain access to a desktop and attempt to installmalware on it, Antivirus Defender is primed to detect and mitigate the threat.This feature also means that users do not need to install their own antivirustools in their cloud desktops.

Isolated cloud desktops

For users who need even tighter securitycontrols, DesktopReady offers the option of totally isolated cloud desktops.Under this option, which is available as part of the DesktopReady BusinessPlan, each cloud desktop runs in a dedicated virtual machine. 

Isolation between virtual machines eliminatesthe risk that a security problem that originates within one cloud desktopsession will “spill over” into another session. Although this level ofprotection is not necessary for every use case, it is an advantageous featurefor businesses that require an extra level of security, or that need to isolateworkloads for compliance reasons.

Conclusion

Cloud desktops are subject to a variety ofsecurity threats. There is no simple way to defend against all of them. 

Instead, businesses need a multi-pronged clouddesktop security solution, like the kind that is built into DesktopReady bydefault. At no extra cost to customers, DesktopReady secures the network, thecloud environment and even the operating system environment for each clouddesktop it delivers, enabling a hands-off and worry-free security experiencefor users.

What’s a Rich Text element?

What’s a Rich Text element?

The rich text element allows yo

u to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

gkkjk jkaks ha k sjk dhak dhak dhakd ajkdk

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

  • License investment: If you’ve spent thousands of dollars purchasing Microsoft Office licenses for your local PCs, you may not want to abandon that investment by switching to G Suite or Microsoft 365 instead, where you will need to pay new subscription fees.
  • Cost: Putting aside the issue of prior investment in licensing, Web-based office software usually requires subscription fees that, in the long run, may exceed the total cost of ownership of on-premises alternatives.
  • Learning curve: Your employees are probably experts in using on-premises applications like Microsoft Word. Moving them to Web-based alternatives will require teaching them new applications and new paradigms for storing and accessing data. You may not have time to teach all of your workers these new skills without disrupting business operations. Your IT team, too, may not be as well-equipped to support a new type of office platform.
  • Security: When you use Web-based office platforms, it becomes harder to isolate sensitive data or choose to keep it offline. Files that your employees create in a Web-based office environment are typically stored on shared virtual drives that, depending on how you configure security settings, may allow users to access each others’ documents, or even expose data to anyone on the Internet.
Read all articles