Cloud-based secure desktop streaming from any PC

March 6, 2012 By Nicole Herfurth, IBM

Today at the CeBIT Fair, IBM is announcing the Secure Enterprise Desktop, an innovative service that enables corporate users to securely access the contents of their entire hard disk, including operating system, applications and company data, from anywhere in as little as two minutes.

With the consumerization of IT and the emergence of bring your own device to work, organizations are being forced to figure out how to manage new security challenges in the enterprise. In addition, according to the 2011 IBM CIO Study, two of three CIOs have visionary plans that include mobility solutions and to remain competitive.

To address these challenges IBM scientists in Zurich, also known for developing the secure operating system used on hundreds of millions of today, have developed the Secure Enterprise Desktop.

“The Secure Enterprise Desktop streams a user’s entire PC desktop from a cloud that is both secure and easy to use,” comments Paolo Scotton, computer security scientist, IBM Research - Zurich. “With this service, organizations can more efficiently manage end-to-end-security on the IT-client side while employees can conveniently and safely access their office desktop on any computer for seamless computing.”

The Secure Enterprise Desktop can be used in several scenarios. For example, global enterprises can reduce IT costs by offering employees an option to utilize their own preferred brand and model of PC hardware to be used at the office, at home or when traveling.  Enterprises and small and medium businesses can also reduce costs by implementing open desk offices, where a multitude of employees share PCs based on when they are in the office.

Laptop theft is on the rise with 89 percent of organizations reporting theft or loss according to an IDC survey in 2010. In addition to the cost of the hardware, there is also the cost of the lost data and the down time of the employee, which on average is nine days.   The Secure Enterprise Desktop could reduce laptop theft and avoid ensuing data loss.

Unlike other streaming desktop applications, the Secure Enterprise Desktop can also operate offline.  Once the original connection has been completed, the entire desktop, including applications and files, can be accessed off the disk properly encrypted under control of the Secure Enterprise Desktop.  Once the user establishes an Internet connection again, the changes will be securely updated to the cloud.

Technology behind the Secure Enterprise Desktop

The Secure Enterprise Desktop service is based on IBM’s Zone Trusted Information Channel (ZTIC) for secure online banking.  ZTIC creates a direct, secure channel to a back-end server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks. ZTIC is currently used by thousands of consumers and businesses across several banks in Switzerland.

IBM scientists are building on this proven technology for creating the client-side hardware component of the Secure Enterprise Desktop. Similar to the online banking version, the enterprise version of ZTIC establishes a secure connection to a back-end server controlling all security-sensitive operations.  

Plugged into the USB port of any 64-bit Windows or Linux computer, the device loads the key software elements for its user’s desktop from an enterprise cloud with the help of an operating system streaming technology based on a virtual machine also known as a hypervisor. Once the innovative streaming hypervisor is running, the classic Windows and Linux environments are delivered from the cloud, mirroring the user’s PC, including applications and files.  Any changes made on the host PC are backed up immediately and securely.

Even if the basic host PC’s hard drive is infected with malware, the tight integration between client-side security hardware and streaming hypervisor software ensures that any existing malicious software remains separate and thus ineffective.

In addition, unlike other desktop streaming technologies on the market that use a bootable USB key, loss of this device poses no risk to the enterprise or user, since no application data is stored on the ZTIC and the data is constantly backed up in the cloud.

The Secure Enterprise Desktop on the server side requires a Linux server with Apache and OpenLDAP. More comprehensive deployments can also be based on existing IBM Tivoli and IBM WebSphere products.  The Secure Enterprise Desktop can be run within an enterprise's firewall or via IBM cloud hosting services.

Currently, IBM is testing the Secure Enterprise Desktop within a small pilot group with plans to make it available to clients later this year. Scientists are also developing a version for MacOS. Pricing has yet to be determined.

Explore further: Google, IBM team up on PC desktop search

Related Stories

Google, IBM team up on PC desktop search

November 1, 2005

IBM is teaming up with Google to find documents on personal computers. The newest plug-in for IBM’s enterprise search technology will integrate with Google Desktop for Enterprise, which is downloadable free.

Red Hat to Build a Virtual Appliance OS

May 10, 2007

The open-source solutions provider has partnered with Intel Corp. to deploy appliances in a virtual machine to bring enterprise-class management and security to the PC.

Sun Unveils Next Generation Client Technology

December 14, 2004

Sun Microsystems, Inc. (Nasdaq: SUNW) today unveiled its next generation Sun Ray Server Software 3.0 an interoperable, platform that enables instant, secure access to corporate applications and data from broadband-enabled ...

Sun Extends Sun Ray Technology to Linux Environments

August 3, 2004

Today Sun Microsystems, Inc., a leading contributor to the open source community, announced plans to extend its award-winning Sun Ray(TM) ultra-thin client technology to the Linux platform. This preview of Sun Ray Server ...

IBM introduces new virtual desktop offering

January 25, 2011

IBM today announced the Virtual Desktop for Smart Business, a new workforce mobility offering that provides anytime, anywhere access to personal desktops from mobile devices -- including tablets, netbooks, laptops and thin ...

Recommended for you


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.