Organizations are increasingly looking to adopt the benefits of flexible working to enhance productivity and ensure that staff feel both trusted and valued in their roles. Providing your team with a secure, consistent workspace is a significant milestone for flexible working initiatives.
However, while many businesses may have developed a mature flexible-working model for permanent staff over the last 2-3 years, the same cannot always be said for contracted staff and third-party workers. Contractors often sit outside the purview of the IT support team and as such are typically expected to provide their own devices.
The Virtual Desktop Use Case for Contractors
A recent study by Talon Cyber Security showed that around 45% of respondents performed their work activities indirectly via a DaaS or VDI platform. However, around 55% of third-party workers used personal, unmanaged devices to access company systems. This means that the majority of third-party workers are interacting directly with corporate data from unmanaged and potentially compromised devices.
DaaS and VDI platforms separate the user’s work activities from the local device, meaning that a secure ‘air gap’ exists between the potentially compromised personal device and corporate data. DaaS and VDI platforms are also managed centrally by the IT support team, meaning required security policies and auditing can be enforced for all users, both permanent and contract.
The implications of data breaches from both a revenue and reputation perspective are significant. The most recent IBM Data Breach Report found 83% of studied organizations have experienced more than one data breach in their lifetime and found nearly 50% of breach costs are incurred more than a year after the breach.
So, if DaaS & VDI offer a secure, practical solution to the problem of providing secure remote access to staff and contractors, why then have only 45% of businesses adopted it?
Addressing Cost Concerns around Contractor Remote Access
Desktop virtualization platforms can be expensive to run and maintain. Historically, organizations would need to purchase the hardware and licensing for these platforms upfront (CapEx) and run the service from private data centers (OpEx). This meant committing to high up-front costs before the service could even be tested on a meaningful scale.
With the advent of cloud-based desktop virtualization solutions such as Azure Virtual Desktop, this barrier has been removed. AVD lets administrators create and test virtual desktops globally, without any future commitment to onboard users. Once the concept has been proved, these services can be dynamically scaled to the required user numbers.
However, cost is still a significant barrier here. Native AVD deployments can be expensive from an OpEx perspective, both in terms of the Azure resource costs and the administrative overhead to run and manage the platform. Nerdio Manager simplifies platform management, provides management enhancements such as Disaster Recovery (DR), and significantly reduces resource costs via automated desktop scaling. This last bit alone saves typically between 60-80% when compared to a standard, ‘always on,’ unoptimized AVD deployment.
Lastly, outside of using a third-party platform to optimize and lower AVD costs, it is important for IT decision makers to understand the total value of VDI and DaaS when they are considering costs. Physical devices do not cost as much but also do not provide the same scalable, flexible, resilient, and secure benefits that cloud-based desktop virtualization does. When looking at how to equip contractors with the applications and tools needed to do their jobs, VDI/DaaS and traditional on-prem-based EUC cannot be compared on just cost alone.
Checklist: Secure Remote Access for Contractors
The below list provides some tips and ideas for managing contractor access and reducing your attack surface.
- Fully unmanaged personal or 3rd party devices should never be allowed to access your corporate data or networks.
- Where cloud services such as Microsoft 365 are in use, access to these services should be restricted or blocked on unmanaged devices using conditional access policies.
- Never install corporate applications or VPNs on personal, unmanaged devices. Doing so compromises your organization’s security and leaves the network open to attack.
- Ensure that permissions assigned to 3rd party workers follow the principle of least privilege. Workers should only have access to the services they require to complete their tasks.
- Where possible, deliver desktops and applications to users via a secure virtual desktop solution such as AVD. These desktops exist within the corporate environment, and will be subject to the correct security and administrative policies to reduce your attack surface.
- Where virtual desktop platforms exist, ensure they are sufficiently restricted or hardened. A poorly implemented virtual desktop estate offers limited protection. Invest in penetration testing to discover any issues or exploits which may exist.
Our team is always happy to connect and dive deeper into any specific use cases your organization is considering supporting via AVD. Contact us today to see how we can help!