According to PwC’s 2022 Digital Trust Insights report published this month, fewer than 40% of c-suite respondents believe their organizations have fully mitigated the risks resulting from the sudden shift to remote work and the digital cloud that will persist into 2023.
Operating desktops in the cloud presents several security benefits when proper access management controls, configurations and policies are in place. The above stat hits home for us here at Nerdio because we continue to see and support organizations in refining and optimizing their approaches to work and hybrid work.
Running desktops in the cloud can help mitigate risk and reduce the overall threat attack surface. We connected with our VP, Product, Amol Dalvi to discuss how Azure and Azure Virtual Desktop can be viewed and leveraged in a risk context.
What Azure and AVD technologies can IT teams use to better manage and mitigate risk?
Reverse Connect, RemoteApps, and desktop images (not specific to Azure) are three technologies that organizations can use when managing their IT risks.
- Reverse Connect: Microsoft’s ingenious approach of using reverse connect for AVD session host servers to connect out to the end user dramatically changed the conversation around security of virtual desktops. In the past, the open ports required for RDS based virtual desktops were often a major security concern.
- Desktop Images: All AVD host pools that serve up virtual desktops to end-users are based on a desktop image. A golden image, so to speak, that IT administrators can control. IT admins are able to vet applications their end-users are getting access to, and the process of patching & keeping the apps up-to-date is far more regular, reliable and rigorous.
- RemoteApps: The ability to publish individual applications to end-users instead of a full desktop is something that is often overlooked as an excellent way to reduce security risk. By controlling which apps end-users have access to, IT admins can control what data the end-users have access to. Additionally, IT teams can use FSLogix application masking to help in this regard.
How can AVD make the job of overseeing risk mitigation easier for an IT team?
A prime example to point to in answering this question is image management. Since AVD host pools are built off images, the IT and security teams can focus on securing their desktop images. This includes things like ensuring the desktop images are regularly patched and the right apps are installed. Rather than dealing with all the endpoint devices in the organization or the various number of host pools, they can oversee security at scale by focusing on a few desktop images for their hundreds or thousands of users.
Because patching is done for the images, not individual session hosts, IT admins are able to apply patches on their schedule. They can then test that image, from both a security and functional perspective, without hassling end-users. And once they are comfortable, they can deploy the image to live session hosts with minimal disruption to end-users.
How concerned about risk should IT teams be when adding or managing external users in AVD?
The beauty of AVD is that it relies on Azure AD for identity management. Authentication is offloaded to Azure AD, allowing IT admins to take advantage of all the security features it has to offer. This would be authentication of all end-users including any users from another Azure AD tenant an organization may have been allowed into their tenant.
Interested in learning more about how your organization can minimize the risks AND COSTS of Azure-based virtual desktops? Check out our free white paper – ‘9 Ways to Reduce the Risk and Cost of DaaS with Nerdio Manager for Enterprise’