|ISACA Issues Guidance on Virtualized Desktop Infrastructure (VDI)|
|Written by NStinchcombe|
|Monday, 28 May 2012 18:53|
Today’s mobile device users are demanding to access data from anywhere at any time. In fact, according to an annual ISACA survey on BYOD security, the use of mobile applications has nearly tripled since last year’s survey, and two-thirds of employees aged 18 to 34 have a personal device they use for work purposes. Meanwhile, businesses are trying to reduce costs and simplify desktop management. Virtualized desktop infrastructure (VDI) allows users to access applications and data securely from remote locations with minimal risk of data loss, while simplifying desktop management within the traditional boundaries of the enterprise.
To help enterprises realise the benefits of VDI adoption and understand the security concerns associated with it, global nonprofit IT association ISACA has issued a white paper titled Virtualized Desktop Infrastructure (VDI), available as a free download. The paper spells out how to develop strategies to mitigate VDI threats and names enablers that can help with its adoption.
“A new, virtual way of working is shaping the world and affecting IT environments,” said Nikolaos Zacharopoulos, CISA, CISSP, IT auditor for Geniki Bank, Greece, and chair of ISACA’s project development team for the white paper. “VDI can help increase productivity and reduce costs, but enterprises need to carefully consider the risk involved with it and plan accordingly. This white paper is a road map for that.”
As end users increasingly need to access enterprise data from mobile devices and various workstations, the likelihood of a security breach if a device is lost or stolen is also increased. VDI offers a cost-efficient method to prevent lost or stolen data by storing data on a centralized server rather than the device itself. In addition to cost reduction, the business benefits identified in the white paper include:
· Increased security
· Enhanced compliance capabilities
· Efficient deployment
· Simplified administration
· Extended life of desktops
· Consolidated backup and data protection
“There is no doubt that VDI can help IT maintain security and data protection, as well as speed the resolution of problems and improve manageability and control,” said Zacharopoulos, “but all of the pieces need to be in place, as the white paper explains, including determining where the responsibility for virtualization architecture and management will reside.”
“VDI is a very helpful solution for organisations (and security managers) today that want to motivate their employees and other authorized people in providing access to organisational information at any time and in any location on any device that the trusted person has available,” said Marc Vael, Ph.D., CISA, CISM, CGEIT, director of ISACA and chair of the ISACA Knowledge Board. “At the same time, the enterprise’s information remains secure because the information is not stored on the device and the account can be shut down in the event of a compromise. ISACA’s guide provides helpful insights in how to use this solution in a low-risk and effective manner.”
The white paper also states that governance and management of enterprise IT (GEIT) need to be part of the plan when adopting VDI. ISACA’s COBIT 5 assists with this by providing an end-to-end business view of GEIT, helping create value and reduce risk. The COBIT 5 framework is available from ISACA as a free download at www.isaca.org/cobit.
ISACA’s Virtual Desktop Infrastructure (VDI) white paper is available as a free download at www.isaca.org/vdi.
With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Collaborate with ISACA members: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official)
Like ISACA on Facebook: www.facebook.com/ISACAHQ