WORKPLACE
Employees log in and see a virtual desktop workspace that looks and
Systems integrator Unisys, for ex- ample, offers government customers a WaaS-oriented, virtualized Microsoft Windows environment that includes enterprise social media tools, an office productivity suite, email messaging, and video and voice collaboration.
Employees log in and see a virtual desktop workspace that looks and op- erates like their traditional desktop. “Right now, users feel more comfort- able in a virtual desktop because that’s the transition from a physical desktop,” said Shawn Kingsberry, director of digi- tal government at Unisys’ Global Public Sector.
The WaaS platform has also been a workbench of sorts in the develop- ment of tools for avoiding malware and other threats by disposing of virtualized browsers that might be contaminated or only needed for specific users.
Pete Kofod, CEO of The Sixth Flag, said he first recognized the need for more dynamic security tools — especial- ly to protect network end users — when he was contacted by the chief security officer of a large aerospace company whose Microsoft Active Directory had been compromised.
The attack turned out to be aimed at an executive who was the victim of a ploy involving a vulnerability triggered by a PDF file. When the file was opened, the malware harvested credentials that eventually resulted in the Active Direc- tory contamination.
Unraveling the case took three months but eventually led to development of tools designed to protect remote end us- ers. The Sixth Flag’s resulting solution allows employees to work with a virtual- ized browser that can be “thrown away” at the end of each session.
The virtual browser works by passing executable code onto a virtual machine on the server, where it gets wiped after each session. “All of our desktops are ephemeral,” Kofod said.
Should desktops or mobile devices get contaminated, “we’ve thrown away every trace of users’ data,” he added. “Settings get saved, and we’re just stor- ing encrypted data at rest. The next time they log in, they’ll get a brand- new, fresh copy of the gold master image.”
The tool is completely orchestrated in the cloud via a web browser and can be moved to any infrastructure-as-a-service platform, Kofod said.
“There’s no client component, so basi- cally anything that has a current brows- er, whether it’s a tablet or a Chrome- book, as long as it has strong HTML5 support, we’re in business,” Kofod said.
“We truly try to treat the desktop as just a place to temporarily do some work,” he added.
The throw-away desktop is a security tactic Kofod calls a guerilla network that is designed to fully impede the attacker. “The idea is if you get into the desktop, it won’t get you any closer to the crown
jewels, which is always going to be the directory server,” he added.
“If we can get to the point where no matter what you take off this guy’s desk- top it will never get you closer to com- plete organizational compromise, that’s really the Holy Grail for us,” Kofod said. “That’s why we designed it the way we did.”
VIRTUALIZED MOBILITY
Industry analysts say the ability to offer users a secure browser that can be used for a limited time and then disposed of makes the virtual browser a good fit for transient users. It also helps agen- cies web-enable legacy applications and provide inexpensive devices for mobile users.
“For government, it’s ideal,” said Da- vid Laing, a research manager on IDC’s IT Service Management and Client Vir- tualization Software team. “It allows them to look at dynamic access, change of mission [and] address things like emerging requirements, change require- ments without having to worry about the funding cycle.”
Those flexibility goals are also shared by developers who are looking for ways to manage other workspace features, including new virtual mobile infrastruc- ture options in which mobile apps can be virtualized.
“The same way you can virtualize a browser as a throw-away, you can also virtualize an Android device — either
38 GCN JUNE/JULY 2016 • GCN.COM