Mobile VDI technologies can provide several benefits to agencies, particularly for users who participate in BYOD programs. Here are five advantages to leveraging mobile VDI for state and local governments.
Access to agency and personal data
For many environments, secure BYOD would not be feasible without the use of mobile VDI technologies. In these environments, mobile VDI enables secure access to agency data and applications from personally owned computing devices — all from a single device.
Minimal data transfer to mobile devices
An agency’s sensitive data (and nonsensitive data, for that matter) is kept on centralized servers within the organization’s facilities. This data is not transferred wholesale from the data center to the mobile device.
Keeping the organization’s data off the mobile device reduces the impact of a data compromise, such as the loss or theft of a device. It also somewhat reduces the need to further secure the mobile device, although strong security is still highly recommended. But certain security controls, such as disk encryption, aren’t as important when mobile VDI is being used.
Technically, some data is transferred to a mobile device through the screen-rendering interface of mobile VDI. This displayed data can be harvested by malware that can take screen captures.
However, this risk is no different than if the data were stored locally. Screen captures can be taken of any computing device. While mobile VDI does not technically keep all data off mobile devices, it greatly reduces the amount of data received by mobile devices and makes the recovery of stolen displayed data a largely manual (and thus less attractive) process.
Reduced need for client software on mobile devices
Both of the thin client options mentioned earlier (clientbased and browser-based) provide a significant benefit compared with the thick client alternative. A thick client requires installing many client applications on each mobile device, perhaps one client for each application that needs to be accessed through BYOD (and for more complex applications, multiple clients).
Minimizing the installation of client software provides multiple benefits. Obviously, it reduces the amount of technical support involved in installing the software, but it also reduces related maintenance concerns, such as patching and security configuration.
It provides a more consistent experience for users, which should cut technical problems and associated support costs. And it also improves security by reducing the number of pieces of potentially vulnerable software being run on the mobile device.
Support for different mobile device platforms
Without a mobile VDI solution, many client applications would need to be installed on each mobile device. It is highly likely that these client applications are available only for a few of the mobile device platforms being used by BYOD program participants.
Agencies may implement a workaround for this (deploying web-based client applications in place of mobile device–based client applications), but this may not be possible for many commercial off-the-shelf applications.
And a workaround may be prohibitively expensive for in-house applications, especially for platforms that have relatively few users.
A much more efficient arrangement is to install a single client application on each mobile device. Most mobile VDI clients support a variety of platforms, and mobile VDI products that are HTML5-compatible obviously should work on any platform that supports an HTML5 browser.
The latter option is the most flexible, potentially allowing mobile VDI technology to work on virtually any mobile device. However, because support for HTML5 is still emerging, this option may encounter more technical problems than a mobile VDI client solution.
Single sign-on capabilities:
By centralizing access to many applications through a single client interface, mobile VDI technologies can enable single sign-on capabilities for these applications. The mobile VDI technology requires users to authenticate, and this authentication can be integrated with enterprise single sign-on technologies.
An example is deploying a remote access authentication architecture that requires the knowledge of a password and the possession of a cryptographic token. Entering these two factors of authentication into the mobile VDI client application provides assurance that the user is legitimate. From that authentication, the agency can choose to allow access to multiple enterprise applications without requiring separate authentication for each of those applications.
Download our free white paper Virtual Desktop Infrastructure Goes Mobile.