by Kurt Roemer, chief security strategist, Citrix Systems

Is your organisation pouring huge amounts of resources into extending the life of security schemes that try to identify attacks or deviations from established policies? Defense-in-depth is a broadly accepted concept built on the premise that existing security technologies will fail to do the job. For example, an anti-virus product in the network may catch 70 percent of known attacks, but that means it will miss 30 percent. Practice shows that the effectiveness of defense-in-depth falls well short of theory, and operating duplicate products comes at great cost to the business.

The answer to reducing run-away security investments lies in virtualisation-based Application Delivery Infrastructure. This new approach is made possible by advances in datacentre virtualisation, availability of high-speed bandwidth and innovations in endpoint sophistication.

The security characteristics of virtualised application delivery are worth noting:

• Keep data in the datacentre. You can better maintain compliant copies of applications and better protect confidential data within the managed confines of a virtual datacentre. Your operating costs are also reduced as you spend less time and resources maintaining employee endpoints with easy access to hosted applications.


• Minimise application vulnerability. Virtualising desktop applications—either by hosting or by streaming from the delivery centre for local execution at the endpoint—reduces the amount of time an application is exposed to potential infections.


• Remove end users from the security equation. Traditional approaches place the security burden on the end user for maintaining software, respecting confidential data and being knowledgeable of dangers lurking on the Internet. Your IT team should be managing corporate security, and virtualised application delivery makes it much easier for the user to do the right thing.

By orchestrating the power of virtualised datacentres, high-speed bandwidth availability and high-performance endpoints, you can offer end users a true IT service with consistent, secure access from anywhere at anytime with any device. The ability to provide an integrated application delivery system, where applications are delivered on demand instead of deployed ahead of time, ensures data security. A dynamic service approach enables IT to extend control of the technical infrastructure to the endpoint with resultant gains in security, application availability and cost reduction.

• Virtualised datacentres deliver cost savings in server utilisation, dynamic desktop and application provisioning. Application delivery using remote display technologies provides business value to remote offices, and confidential data remains controlled in the datacentre.


• Availability of high-speed bandwidth allows effective service of end-user application requests over the Internet. Let application delivery transparently stream compliant images from the datacentre to the desktop, and reduce the risk of malicious code lingering on corporate endpoints.


• Enable support for a wide variety of endpoint devices. The most expeditious way of providing this service is also the most secure—virtualise the application in the datacentre giving the user a choice of browser, remote display or streamed application access. The next logical step is to enhance the application delivery service so you can have the same procedures for both local and remote users. Look at additional cost savings by consolidating network security into the datacentre, and achieve greater scale with network traffic accelerators.

The direction of an integrated Application Delivery Infrastructure enables ubiquitous use of Web-based technology to support new users and drives down the cost of supporting existing users. The business benefit of increased availability, combined with the security benefit of greater IT control, make the evolution to a cloud-based application delivery service inevitable.

In an ideal world, security wouldn’t always be associated with bad news. Organisations would go about the business of satisfying customers without concern for malicious attacks or painful losses of confidential data. Unfortunately, we’re not there yet. However, by implementing virtualised application delivery approaches, you can simply avoid many insecure situations while gaining the agility required to keep IT services aligned with the business. This makes security a feature that enables the success of business operations.

The way to run a more secure business is to run a more secure application environment, where you cost effectively control executables and virtualisation shrinks the window of vulnerability of desktop applications. Why do you keep putting applications in harm’s way on user desktops? Start moving towards virtualised application delivery—you will gain flexibility in running your business, tighter control and security of critical applications and confidential data, and cost efficiencies from removing obsolete security technologies.

Read More:
Security Beyond Corporate Boundaries
Discover how the application delivery in Citrix XenApp offers a new and smarter approach to
security, giving IT the ultimate control it needs to ensure security and regulatory compliance without
compromise to business agility.