“While you’ve moved the image to a secure location, you’ve now exposed the problem of ‘how do I know who is really accessing that terminal?’ So you need to have an appropriate authentication infrastructure in place,” he said.
“The thing around data loss prevention [DLP] is VDI only solves one particular problem – the security of the endpoint device. The question to ask regarding DLP is: How does any of that stop me from grabbing data, copying it into another program and emailing it somewhere else? It doesn’t.”
McIsaac argued there were security benefits for implementing VDI in certain cases, but claimed the idea that it generally improved security is a gross overstatement.
“What you need to do is realise that it secures one specific thing – the physical security of the desktop image and the data on the desktop – but at the same time you’ve now got an access control problem if people can access it from outside your corporate LAN,” he said.