Taking this mantra to heart, both Microsoft and Citrix have begun rolling out technology that focuses on authentication and identity access management (IAM). Their aim is to combat those attempting to bypass traditional security measures and prevent them from gaining privileged access to mission-critical data.
Building these measures into Azure VDI has been the key to creating desktops that stand up to stringent regulations without affecting user productivity and mobility.
How does Azure Plug the Gaps in VDI Security Defences?
When it comes to shoring up virtual systems, IT staff note identifying vulnerabilities and strengthening remote access as two of the biggest tasks facing their department.
With a higher demand for workspace mobility, your security team now has the unenviable task of monitoring and patching a distributed range of assorted devices.
IT security teams face increased pressure in tasks such as identifying vulnerabilities and strengthening remote access.
So, how are Azure and Citrix helping deliver secure desktops and applications without jeopardising employee freedom?
Here’s a breakdown of everything the two companies are doing to address this issue.
1. Network and Tenant Isolation
Hosting more than one tenant (customer) per server instance allows Microsoft to cut the price of its DaaS offering. While you may have to share resources with a few noisy neighbours, you also benefit from cheaper, more flexible retail space.
To ensure tenants don’t cross paths in the hall way, Azure VDI uses network and tenant isolationto keep customers segmented.
To regulate this segmentation, Microsoft extends Active Directory into the cloud, tethering each tenant to its own private directory. Tenants are also isolated from Azure’s own infrastructure, so, during the event of a breach, hackers won’t be able to springboard from one directory to the next.
2. Centralised Desktop Management
A major plus for Azure VDI is its focus on consolidated IT security. Since data, apps, and desktops sit in the same datacentre, you can monitor them all from one portal and implement patches and updates in minutes rather than days or weeks.
In a world where employees access corporate files from all manner of devices and locations, centralised management has become the holy grail of integrated IT.
Citrix has worked with Microsoft to ensure that their XenApp and XenDesktop services offer a single, unified point of desktop security.
3. Shedding Light on Shadow IT
By 2020, 35 percent of an organisation’s technology budget will be spent outside the IT department. This is the reality of shadow IT; one that is continuing to pose a challenge as digital transformation blossoms.
Instead of restricting the purchase of new applications and services, IT need a way of verifying those purchases. With Citrix on Azure, Microsoft has identified the importance of ensuring trusted users download trusted apps on trusted devices.
Solutions such as Cloud App Discovery are built with native security in mind. These services increase the visibility of user activity, making it easier to see exactly what your employees are subscribing to.
4. Intelligent Defences
Azure VDI takes advantage of Microsoft’s Intelligent Security Graph to keep track of all connected devices in your network. If your workforce is distributed across the globe, you can use a wide range of intelligence features to secure any device on which they access their desktop:
- Real-time analysis of user risk – If an employee accesses their desktop from a new device, Azure VDI will automatically check their identity credentials and decide whether further authentication is necessary. Telemetry is sent in real-time, with Azure taking into account factors such as device compliancy, app authenticity, and physical location.
- Data archiving and governance – Azure routinely backups and archives user data in the cloud, using geo-redundant storage. Since no data is ever stored on end-point devices, you don’t need to worry about lost, stolen or compromised PCs. You can manage all your backups from a centralised dashboard, even if they are spread across several Azure regions for compliance reasons.
- Integrated identity management – For organisations using the hybrid cloud, Azure has created an integrated authentication and authorisation tool, available across both on-premises and cloud platforms. Employees are given a single identity to access both environments, making it easier to monitor their activity and grant/deny privileges.
The Citrix components of Azure VDI also integrate with these features, allowing you to access all your Azure VDI desktops through a XenDesktop module and eliminate the need to switch between workspaces.
Azure VDI Security best Practices
Despite the infrastructure assurances Microsoft can offer your organisation, it’s up to you to implement policies and setup Azure security features to ensure your desktops and applications are as secure as possible:
- Setup Azure Active Directory authentication for all your apps
- Force all incoming traffic over a HTTPS connection
- Enforce file level data protection with Azure RMS
- Setup VPN gateways for secure site-to-site connectivity
- Protect your virtual machines with Azure Backup and Azure Site Recovery
You can find out more about these security measures in Microsoft’s Azure security whitepaper.
Committing to a New Model of VDI Security
Two out of three customers view Citrix as a vital part of their security architecture. For those using Microsoft Azure, the integration of XenApp and XenDesktop has brought peace of mind, as well as improved productivity and performance.
Microsoft’s shift to identity-centric VDI security and an integrated Citrix toolset is making it far simpler – and less intrusive - to manage and control access privileges across a range of environments, locations, and devices.
To find out how you can move to Azure VDI, check out some of the work we’ve done in the cloud workspace sector.