Virtualization has brought a dramatic level of growth and advancement to technology and business over the years. It transforms physical infrastructure into dedicated, partitioned virtual machines (VM) that deliver critical cloud applications and services to multiple customer organizations using the same hardware.
While one server would previously be tasked with one OS install, today’s servers can host multiple instances of Windows or Linux running concurrently to increase system utilization.
Client virtualization is the next step
Intel first introduced hardware-assisted virtualization in 2005, and since then the broader industry has seen the technology continue to evolve in terms of capabilities and use cases. In fact, the cloud computing sector is projected to reach more than $623 billion by 2023 – and it’s almost entirely based on virtualization technology.
Virtualization’s long standing role in delivering vital cloud services while optimizing infrastructure and IT cost efficiency has made it tremendously valuable and a proven technology. But the benefits aren’t just limited to the cloud. Client virtualization is the next step in the evolution of this technology – and it’s one that’s been unfolding for several years and has been further accelerated due to the mobility shifts associated with COVID-19.
It’s important to note that client virtualization offers two key benefits.
First is the compatibility to run different operating systems or different versions of the same operating system. For example, many enterprise workers are increasingly running applications that are cross-platform such as Linux applications for developers, Android for healthcare or finance, and Windows for productivity.
Second is the potential to isolate workloads for better security. Note that different types of virtualization models co-exist to support the diverse needs of customers (and applications in general are getting virtualized for better cloud and client compatibility). The focus of this article is full client virtualization that enables businesses to take complete advantage of the capabilities of rich commercial clients including improved performance, security and resilience.
Virtualization in the client is different from virtualization in servers. It’s not just about CPU virtualization, but also about creating a good end-user experience with, for example, better graphics, responsiveness of I/O, network, optimized battery life of mobile devices and more. A decade ago, the goal of client virtualization was to use a virtual machine for a one-off scenario or workload.
Today, the goal is to support a heterogeneous environment and provide maximum productivity by allowing a single user to multi-task with multiple VMs seamlessly running the applications. Furthermore, the primary goal of every commercial IT department is to maintain business continuity in the face of a wide range of challenges. This includes ensuring positive user experiences, enabling day-to-day tasks, and providing the tools to support creativity and innovation; all while meeting security and compliance requirements.
Organizations need trusted hardware platforms that give IT and end users the assurances needed so that employees can continue to excel in their respective jobs.
As today’s client devices continue to support a diverse set of business-critical applications – and access to highly sensitive data and commercial assets – virtualization can deliver major productivity and security advantages. Let’s explore five reasons why IT departments should strongly consider client virtualization for improved security and business continuity.
Productivity and user experience for the evolving workforce
Our workforce is evolving rapidly with an increasing need for workplace flexibility. We’re seeing a growing volume of remote users that need access to both professional and personal applications on the same system. In a perfect world, they would have the choice and flexibility to set up any application on any device, or across multiple operating systems without compromising the security policies.
Virtualization enables you to run applications in different virtual machines or containerize them to run across devices and still adhere to protection and compliance requirements. With the right hardware and software, you can better deliver the applications and support that users need to be productive, while taking steps toward security compliance.
Additionally, the gig economy has exploded in recent years, as it’s become more commonplace for freelance workers to contribute to multiple organizations in parallel at any given time. Virtualization can help ensure that each “gig” or workload is isolated and independent to align with each client or organization’s privacy and security requirements. And to ensure that the gig worker is productive in each of the workspaces, hardware-based optimization is needed to provide good performance and a positive user experience.
Threat mitigation
Over the last decade, IT departments have struggled to manage an ever-changing threat landscape in which the fallout of a security incident goes beyond financial and productivity losses to jeopardize business reputations and the bottom line. Organizations must be able to protect against typical security threats such as viruses, trojans and phishing emails, as well as newer tactics such as sophisticated ransomware.
A key dilemma for CISOs is striving to balance the number of security solutions on a given PC with the productivity of the user, while also ensuring compliance and safeguarding company assets. In the changing threat landscape, with sophisticated attacks moving down the stack, traditional software approaches to PC security are no longer enough. IT requires constant risk assessments. Increasing the amount of security scanning software can at times impact system performance and hinder employee productivity.
In addition, security experts generally agree that it is not a matter of if, but when, a PC workload will be attacked. This means companies must prioritize resiliency across hardware, firmware and virtualized workloads.
Given this reality, IT teams need to rethink how PC workloads are hosted on the system, with built-in methods to mitigate risk. At the client level, virtualization-based security helps to isolate the security-sensitive portions of an operating system from non-critical aspects in separate, partitioned VMs.
Virtualizing client device workloads enables you to offer the required functionality, while also allowing you to quickly eliminate and rebuild virtual machines that have been infected (through malware, phishing attacks, etc.) with less risk of compromising the rest of the system. The ability to rebuild the virtual machine is a major advantage leading to better resilience that can reduce downtime to minutes instead of hours or more.
Separation of privilege
Client virtualization also offers security benefits for a variety of use cases. It isn’t always practical or cost-effective to provide users with multiple PCs to dedicate to different levels of access or types of workloads or activities. So, virtualizing PC workloads essentially allows you to provide the equivalent of multiple PCs using the same system, where the hardware can be used to help isolate each workload to reduce the risk of interference, partition privilege and access levels, and apply policies (like helping to prevent USB flash drives from connecting to classified workloads, etc.) effectively. For example, hospital IT teams can deny unapproved attempts to access patient records from a VM based on policies that disallow USB keys for all confidential workspaces.
This approach can reduce the need to implement additional data loss prevention tools, as your system helps protect against such attacks by the hardware design and IT policies.
It’s also important to note that isolating workspaces to improve protections for enterprise data and assets doesn’t hinder collaboration, and data can be encrypted and stored locally or in the cloud (based on the user persona and privilege level). When managed properly with the right identity and access management policies, virtualized workspaces enable users to freely communicate, cooperate, share information and function in teams.
Endpoint patch management
With the increasing frequency and number of software updates and rising number of remote workers, keeping systems up to date can be a pain point for IT. It’s also a major security priority, given that many updates are designed specifically to address known vulnerabilities. Virtual machine management frameworks in the future could allow you to update the VM centrally and then get deployed to the various endpoints, versus having to discover and update each PC endpoint separately.
The users can have a frictionless experience while reducing the interference that can come from frequent updates or the need to restart their systems. This improves user productivity and satisfaction, streamlines IT workflows and helps ensure that you have the latest updates – including critical security updates – installed automatically across the entire system. This requires ecosystem orchestration services to manage the virtual machines and enforce IT defined access control policies.
Bringing cloud workloads to the client
Most IT departments increasingly depend on cloud-based applications to provide business services (such as productivity apps, file search, natural language processing based on machine learning, etc.). By virtualizing client devices, you can migrate cloud workloads directly to clients for better performance, offline use and improved overall business continuity.
For example, consider services that recognize users based on their faces. This biometric verification can be done remotely at the cloud backend where the facial information is streamed to the cloud, or it can be done locally in a virtualized container where the biometric stays local on the system and can be used to continuously authenticate the user.
Moving this workload from cloud to the client not only provides better performance and lower latency, but it can also improve privacy. This is just one example of how moving cloud workloads to client devices can benefit users, IT teams and the overall business.
The role of hardware in virtualization-based security
Effective client virtualization depends on hardware. Organizations need a fundamental set of hardware features that enable virtual machine manager hypervisors at the software level to produce and manage multiple virtual machines. The hardware capabilities that enable this process include performance tuned for user experience, flexibility, hardware-enhanced security features, and seamless manageability.
Client virtualization today and tomorrow
Virtualization offers organizations a stronger PC security posture, and the industry as a whole is beginning to move to the client virtualized-based security model. In order to spur broader adoption of client virtualization, the industry must continue to build on early-generation capabilities and accelerate adoption during times of change (such as adapting to the current pandemic).
Industry leaders are working to deliver the hardware foundation necessary to provide strong client virtualization through memory encryption and performance improvements that help shore up defenses for organizations’ most security-sensitive assets.
Although no computer system can be absolutely secure, over the next several years, we’ll see the benefits of workload isolation through virtualization-based security extend from memory to deeper into storage, graphics and so on across the entire compute experience. This will help mitigate security risks – all while delivering the right balance of robust performance, flexibility, choice and seamless user experiences.