Cloud-based secure desktop streaming from any PC
Today at the CeBIT Fair, IBM is announcing the Secure Enterprise Desktop, an innovative service that enables corporate users to securely access the contents of their entire hard disk, including operating system, applications and company data, from anywhere in as little as two minutes.
With the consumerization of IT and the emergence of bring your own device to work, organizations are being forced to figure out how to manage new security challenges in the enterprise. In addition, according to the 2011 IBM CIO Study, two of three CIOs have visionary plans that include mobility solutions and virtualization to remain competitive.
To address these challenges IBM scientists in Zurich, also known for developing the secure operating system used on hundreds of millions of smart cards today, have developed the Secure Enterprise Desktop.
The Secure Enterprise Desktop streams a users entire PC desktop from a cloud that is both secure and easy to use, comments Paolo Scotton, computer security scientist, IBM Research - Zurich. With this service, organizations can more efficiently manage end-to-end-security on the IT-client side while employees can conveniently and safely access their office desktop on any computer for seamless computing.
The Secure Enterprise Desktop can be used in several scenarios. For example, global enterprises can reduce IT costs by offering employees an option to utilize their own preferred brand and model of PC hardware to be used at the office, at home or when traveling. Enterprises and small and medium businesses can also reduce costs by implementing open desk offices, where a multitude of employees share PCs based on when they are in the office.
Laptop theft is on the rise with 89 percent of organizations reporting theft or loss according to an IDC survey in 2010. In addition to the cost of the hardware, there is also the cost of the lost data and the down time of the employee, which on average is nine days. The Secure Enterprise Desktop could reduce laptop theft and avoid ensuing data loss.
Unlike other streaming desktop applications, the Secure Enterprise Desktop can also operate offline. Once the original connection has been completed, the entire desktop, including applications and files, can be accessed off the disk properly encrypted under control of the Secure Enterprise Desktop. Once the user establishes an Internet connection again, the changes will be securely updated to the cloud.
Technology behind the Secure Enterprise Desktop
The Secure Enterprise Desktop service is based on IBMs Zone Trusted Information Channel (ZTIC) for secure online banking. ZTIC creates a direct, secure channel to a back-end server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks. ZTIC is currently used by thousands of consumers and businesses across several banks in Switzerland.
IBM scientists are building on this proven technology for creating the client-side hardware component of the Secure Enterprise Desktop. Similar to the online banking version, the enterprise version of ZTIC establishes a secure connection to a back-end server controlling all security-sensitive operations.
Plugged into the USB port of any 64-bit Windows or Linux computer, the device loads the key software elements for its users desktop from an enterprise cloud with the help of an operating system streaming technology based on a virtual machine also known as a hypervisor. Once the innovative streaming hypervisor is running, the classic Windows and Linux environments are delivered from the cloud, mirroring the users PC, including applications and files. Any changes made on the host PC are backed up immediately and securely.
Even if the basic host PCs hard drive is infected with malware, the tight integration between client-side security hardware and streaming hypervisor software ensures that any existing malicious software remains separate and thus ineffective.
In addition, unlike other desktop streaming technologies on the market that use a bootable USB key, loss of this device poses no risk to the enterprise or user, since no application data is stored on the ZTIC and the data is constantly backed up in the cloud.
The Secure Enterprise Desktop on the server side requires a Linux server with Apache and OpenLDAP. More comprehensive deployments can also be based on existing IBM Tivoli and IBM WebSphere products. The Secure Enterprise Desktop can be run within an enterprise's firewall or via IBM cloud hosting services.
Currently, IBM is testing the Secure Enterprise Desktop within a small pilot group with plans to make it available to clients later this year. Scientists are also developing a version for MacOS. Pricing has yet to be determined.