By Challenge
By Industry
Featured content
SANS 2024 State of ICS/OT Cybersecurity Report
Cyolo Revolutionizes Secure Remote Access with AI-powered Supervision
2024 Gartner® Hype Cycle™ for Cyber-Physical Systems Security Names Cyolo as a Sample Vendor
5 “Unique” Security Challenges Facing OT/ICS Environments
What is Virtual Desktop Infrastructure (VDI)?
VDI is a technology that can create a full desktop experience served through a client application, rather than using a local computer. VDI usage eliminates the need for companies to provide employees and third-party vendors with a powerful physical machine, as authorized users can connect via their own devices to company servers, files, applications, and other resources using thin clients.
Rather than needing to secure every user device and endpoint, organizations that use VDIs can move their security controls and data governance to the data center, where the VDI images are actually running. Workers then use the VDI just like any other workstation, albeit there is usually much more lag.
VDI was once thought to be the future not only of remote access but perhaps also of desktop computing itself. However, as other technologies developed and the need for remote access intensified, it has become clear that, in most situations, the weaknesses of VDI outweigh its benefits as a secure remote access solution.
4 Major VDI Shortcomings
1. VDI Performance is Insufficient for OT Needs
Ensuring worker safety and keeping operational technology (OT) up and running are the two top priorities for industrial organizations. To help achieve both of these objectives, many OT systems operate in true real-time. Cloud-based VDI systems decrypt and inspect data in the cloud, which slows down connection times and makes working in true real-time difficult.
In addition, placing either a cloud-based or an on-prem VDI in the middle of a connection introduces potentially significant performance issues. Connecting into the plant or factory floor via a VDI requires multiple network hops that can degrade the connection. The performance of a VDI can also suffer due to lack of computing or graphics power, meaning a user will see delays in mouse movement and computer operation. This lag is not just an inconvenience; it can impede real-time work and ultimately put operational safety at risk.
How Cyolo Helps: Cyolo PRO is an advanced secure remote access solution that connects authorized users and devices directly to their desired resource, without any delays or interference. Even when deployed in cloud-connected environments, data is routed without decryption, leading to better performance and efficiency. With Cyolo PRO, work can be conducted in true real-time, regardless of the location of the user or the asset they wish to access.
2. The High Cost of Running VDI
Running large clusters of desktops takes a great deal of power, physical space, storage, and video cards, as well as high-speed network connectivity. At very large organizations, a VDI may include literally hundreds of thousands of desktops. But even in smaller installations, the cost of running even dozens of machines adds up to make VDIs a very expensive remote access solution.
A related problem with VDIs is the effort required to keep numerous operating system images updated. Large teams must be dedicated exclusively to this task. Additionally, local sites need enormous amounts of rack space to house and operate so many servers. VDIs are thus expensive not only in terms of financial cost but also manpower and physical space.
How Cyolo Helps: Cyolo PRO has far fewer hardware demands and is much more manageable, both physically and financially. A standard VDI installation of 10,000 could easily cost ten times more than Cyolo PRO in upfront expenditure alone. Cyolo PRO’s lightweight installation helps limit financial costs and is far easier not just to deploy but also to manage over time.
3. VDIs Cannot Authenticate Third-Party Vendors
VDIs alone offer no identity, directory, or authentication processes outside of local accounts. This means that without additional security and access management controls, VDIs cannot ensure that the third-party vendors and contractors relied on by many industrial organizations are accessing critical assets in a safe, secure manner.
How Cyolo Helps: By aligning with the zero-trust security framework, Cyolo PRO removes inherent trust from the user authentication process. This leaves internal employees and external third-party users on equal footing – no one is trusted automatically, and all must have their identities authenticated each time they seek to access a system or application. Cyolo PRO also gives organizations the connectivity and supervisory controls they need to monitor third-party sessions after the initial point of access.
4. VDI is Not a Silver Bullet for Secure Remote Access
A major advantage of VDI is that users can connect securely to corporate resources from their own personal computers. But just because every user's personal machine does not need to be continuously managed, this doesn’t mean that other security best practices can be overlooked. A VDI installation will not be secure without strong segmentation, role-based access control (RBAC), endpoint detection and response (EDR), etc. If an organization doesn’t keep its desktops up to date and perform regular vulnerability scans, the machines in the cluster can be at risk of exploitation. Ensuring the highest level of security is key in OT, because cyberattacks and data breaches can disrupt operations and lead to serious safety risks.
How Cyolo Helps: Cyolo PRO secures remote connections from the initial point of access until the session’s termination with a wide range of controls. These include multi-factor authentication (MFA), continuous authorization, just-it-time (JIT) access, supervised access, and session recording. While no single solution can overcome every cybersecurity threat, Cyolo PRO is designed specifically to facilitate secure remote access for every type of user to every type of environment.
The Final Match-Up: VDI vs. Cyolo
For industrial organizations that need to maintain high performance, operate in true real-time, and uphold stringent security controls, VDI is not the ideal remote access option. By contrast, Cyolo PRO (Privileged Remote Operations) is built to meet the performance and security needs of OT environments. Cyolo PRO enables organizations in critical industries to safely and securely connect privileged users, including remote workers and third-party vendors, to even the most sensitive systems and environments.
Jennifer Tullman-Botzer
Author
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.
Josh Martin
Author
Josh Martin is a security professional who told himself he'd never work in security. With close to 5 years in the tech industry across Support, Product Marketing, Sales Enablement, and Sales Engineering, Josh has a unique perspective into how technical challenges can impact larger business goals and how to craft unique solutions to solve real world problems. Josh joined Cyolo in 2021 and prior worked at Zscaler, Duo Security, and Cisco.
Outside of Cyolo, Josh spends his time outdoors - hiking, camping, kayaking, or whatever new hobby he's trying out for the week. Or, you can find him tirelessly automating things that do NOT need to be automated in his home at the expense of his partner. Josh lives in North Carolina, USA.
Subscribe to Our Newsletter
