Like so many things, workstation security in the age of the public cloud is different
The mainstream adoption of cloud computing solutions has altered the way network security is provided. The traditional model of storing all of a company’s critical data on-premises behind a firewall and installed security protocols has given way to a Shared Responsibility Model.
Amazon Web Services (AWS), as the cloud provider, is responsible for the “Security of the Cloud.” That means AWS is responsible for protecting everything that runs all the services they offer in the AWS Cloud. This includes all hardware and software as well as the network and facilities that make all AWS Cloud services possible.
A company’s responsibility as the customer is the “Security in the Cloud.” This means that, depending on the AWS Cloud services the organization selects, it will be responsible for managing data and data-encryption options, asset management and classification and using IAM identification tools to manage data access through application of appropriate permissions.
Protecting the most vulnerable threat vectors
Threat vectors are the routes that cyberattacks take to deliver the malicious code that can infect a network. There are six primary types:
- Network: Infecting a network directly from the outside through the firewall.
- User: Attackers often use social engineering and social networking to get information that will trick a user into providing a path for dangerous code to do damage.
- Email: Phishing and infected attachments are often sent through email to target the network.
- Web applications: Scripts and other executable website code can deliver malicious code to breach security.
- Remote access: A corporate device on unsecured wireless networks – ubiquitous airport Wi-Fi, for example – is another way miscreants will try to insert compromising code into a network.
- Mobile: An extension of the remote-access threat vector, smartphone, tablets, and other mobile devices can be used to enable dangerous code to attack devices and steal data from them.
It doesn’t take much imagination to see how five of these six threat vectors are focused primarily on or can involve the end user’s workstation. Yes, the increasingly mobile computers that employees depend on to do their jobs are the weakest point in the security of most company networks.
Protect company data and enhance the team’s desktop experience with Amazon WorkSpaces
Amazon WorkSpaces endows all of a team’s workstations, wherever they are and however they’re connected, with end-to-end security that the IT department can configure centrally. Using the Amazon Virtual Private Network (VPC), Amazon WorkSpaces provides users with access to persistent encrypted storage volumes via the AWS Cloud, integrated with AWS Key Management Services (KMS).
No data is stored on the local device, and all data flows through enterprise-level encryption independent of the network access point (wired or wireless). The environment that the delivered desktop runs in is managed independently of the client machine, so attempts to compromise the user’s individual computer will not and cannot affect the Amazon WorkSpace in use.
This level of security is provided by another acronym: PCoIP (PC over IP). The PCoIP method is used between users’ devices and their WorkSpaces. The computing experience is encrypted, compressed and transmitted to the users’ device “pixels only” across a standard IP network. Proprietary data never leaves the data center or the AWS cloud.
Get all the benefits of Amazon WorkSpaces and shore up security too
Amazon WorkSpaces will not only secure a company’s desktop installations as they’ve never been before. The organization will be able to take advantage of all the other features that make WorkSpaces a must-have upgrade. The IT staff will take advantage of remote desktop provisioning, configuration, deployment, and maintenance. Users will enjoy accessing their desktops on a variety of devices, with all their data available to them wherever they are, and the CFO will love an IT staff that can do more with the resources they have at their disposal.
Desktop-in-the-Cloud is here today
Learn more about how Amazon WorkSpaces can make your network more secure than it has ever been. At CloudHesive, we can help you bring your desktops into the cloud. Get in touch with CloudHesive at 800-860-2040 or through our online contact form.
