Security Predictions for 2015: #3 – Traditionally “Secure” Infrastructure such as VDI Will Be Compromised
Virtual Desktop Infrastructure (VDI) allows organizations to host desktop environments on servers and enables users to access these desktops from any location. Compared to traditional desktop infrastructures, VDI provides a host of advantages; organizations can lower hardware and operating costs, support Bring Your Own Device (BYOD) initiatives, and bolster security. Since all data is stored in a central location—rather than on endpoint devices—VDI reduces physical data theft risks.
However, desktop virtualization also exposes new security challenges. Organizations often host multiple desktops with the same operating systems and the same set of applications on a single physical server. Without proper isolation, an attacker can install a rootkit and compromise multiple desktops. With limited system diversity, attackers might uncover a vulnerability, allowing them to quickly exploit thousands of desktops in one fell swoop.
We predict that in 2015, attackers will execute more brute force attacks and conduct new and creative attacks on virtual desktops. To protect VDI environments, organizations should implement operating system or application isolation—especially if virtual desktops are hosted in the cloud. Organizations should also control how data can be transferred to and from VDI environments, install anti-malware software, and monitor for intrusions.