Savvy IT pros know that Virtual Desktop Infrastructure (VDI) isn’t about an ROI. According to Gartner, virtual desktops have the potential to save capital, but virtualization only shifts costs from the desktop to the data center. There’s a price to pay for virtualization from repurposing equipment and buying new kits to updating and standardizing peripherals.
So why consider VDI? Virtualization dramatically improves endpoint security, while simplifying infrastructure management and improving IT responsiveness.
Security remains a primary threat
In April 2018, the security community identified the Orangeworm attack. According to analysis by cyber-defense leader Symantec, 40% of the Orangeworm victims were in the health-care marketplace. In October 2018, CMS officials disclosed that a significant attack was made on the Federally Facilitated Exchanges (FFE), a government site managed by CMS and used by health-insurance agents and brokers to enroll users in Obamacare plans. The personal information of roughly 75,000 individuals was stolen in the attack.
Hackers attack along two primary lines:
– Cyber-extortion: Data becomes the new hostage when attackers extort funds.
– Black-market selling: Personal information is stolen and sold for economic gain.
A third attack vector is gaining momentum as hackers capture data for political gain or terrorism.
Economics are simply at the root: Hacks that hold operations hostage yield immediate payment in untraceable bitcoin. More dramatically, credit card information is worth only $1-$3 per record on the black market, but a Social Security number, a primary identifier in health care, is worth $15.
IT and risk-management professionals must control access, control the attack surface, and minimize the very real risk of successful attacks. This is where virtualization really delivers — the vulnerable endpoint.
Dramatically narrow your attack surface
In a sense, VDI fulfills the idea of a zero-trust policy for endpoints, and dramatically narrows the vulnerable attack surface. Here’s how:
VDI delivers the desktop but not the data
Virtualization leaves no data at the endpoint. Immediately the attack surface is narrowed, building greater endpoint security. If the device is hacked, stolen, or compromised, there is no data local to the device. With secure digital or biometric sign-on, a stolen device is a difficult-to-penetrate access point with no valuable information. With strong access and identity management built in, VDI essentially supports a zero-trust policy.
VDI simplifies data-access policy enforcement
With no persistent data, security professionals can better enforce and ensure data and program access from the core infrastructure. The attack surface is better controlled. In today’s health-care environment, care delivery requires clinical staff to move between locations, dynamically restarting care conversations in different rooms, environments and work spaces. This workflow is discretely enabled through VDI, providing controlled access authorization without risking at-risk devices at the edge. This centralized access control provides policy enforcement to device, system, and records access, and supports HIPAA and security compliance without hampering productivity.
VDI eliminates hidden attacks through endpoint-software vulnerabilities
With no software installed on the client, malware attacks lose their bite. The virtual desktop can be maintained under strict control. The opportunity for infection from a malicious web page or application is greatly diminished. Should the virtual instance accidentally become infected, the individual session is controlled and can be automatically rolled back to a clean state, removing the infection and protecting the data and applications.
There is cost justification in security alone for a VDI solution. According to research by the Ponemon Institute conducted for IBM, the average cost per breached record in health care is $380. That is more than 2.5 times the global average across industries, at $141 per record. Health-care IT organizations looking to control risk while staying compliant with patient data and privacy regulations should strongly consider VDI as part of a robust security strategy.
IT priorities are constantly under pressure from the wave of innovation in customer experience, clinical operations, and patient care. Scarce dollars and resources must be focused on these innovations.
With VDI, applications and data are centrally managed, stored, and secured. VDI significantly reduces the resource required to install, update and patch applications, and, as a result, it dramatically simplifies software asset/license management.
VDI solutions also dramatically simplify availability of resources. A remote user or new device connected to the network, can become immediately productive with access to the entire technology suite without the burden of installation.
“Low touch” endpoints simplify infrastructure management and dramatically reduce infrastructure complexity. The ability to create unique desktop environments without capital investment provides versatility, and the opportunity to test a number of different configurations, desktop software suites, etc.
Added cost benefits of VDI
Some companies benefit from a long-term contribution to hard-dollar savings since 50%-70% of the total cost of ownership of traditional clients is tied to maintaining and managing intelligent endpoints. IT teams also find long-term benefit in broader standardization of peripheral devices and further simplification and scalability of their enterprise infrastructure.
VDI speeds endpoint deployment, maintenance, and support. By design, thin clients have very little application intelligence and/or data on the desktop. VDI environments make endpoint-hardware refresh and replacement simple. (Re)configuration of most VDI endpoints is managed from a central console. IT admins easily manage updates to every device — instantly. Advanced thin-client management solutions support remote configuration upgrades, clones, and shadow users, no matter which networked client they access.
VDI reduces mean time to repair because problems can be more quickly diagnosed, isolated, and solved. There are simply fewer points of failure on the endpoint.
And, if you’re working through a merger, common application use is more quickly deployed across the new integrated organization without forcing expensive upgrades.
Taking a step back
Desktop virtualization isn’t for every application, but this secure, powerful, and easily scalable tool solves real problems and delivers measurable value. For organizations that have already begun virtualization in the data center, desktop virtualization is a natural next step to consider. VDI will help increase security and compliance while enabling a more nimble, responsive health-care IT organization.