Yes, I do get a lot of questions about the standard security of BYOPC. In this post, I will talk about the security of using an application like VMware Fusion/Ace/Workstation, Microsoft’s Virtual PC, or Parallels Desktop.
When virtualizing a corporate image, all of the same security policies that are put in place for a physical machine will impact the virtual machine — assuming you treat the VM the same way you treat your physical machine. This means that you must install all of your security, management, and VPN agents that are part of your physical machine image into your virtual machine images. By doing this, you can control VMs just like your physical machines. Here are three security examples:
1. Secure access to resources with a VPN. When installing a VPN client inside your VMs, only the VM will get access to corporate resources — not the host PC. This means that the VM will get scanned to make sure it meets the requirements of the VPN policies before gaining access. So, the net result is that the VM will be able to access file shares, applications, etc. while the host PC can not. In my example, my VM has access to everything I need to get my job done, but my Mac (using the same internet connection) does not.
2. Antivirus scanning. By making sure that the corporate VM has the same antivirus agent installed that the physical machines do, IT operations professionals can ensure that machines are scanned and updated on a set schedule. For example, if you want all of your machines (both physical and virtualization) scanned weekly and their signature files updated daily, that one policy you set can apply to all your machines.
3. Full disk encryption. Many organizations today are looking to full disk encryption solutions for their PC environment to protect themselves against disclosure laws in the event of a PC loss or theft. The same can be done to virtual machines. Because a virtual machine has the same properties of a file (albeit, a very large file), IT admins have the ability to treat it as a file. So, it becomes quite easy to use a file encryption solution to encrypt the corporate VM, thus protecting organizations against that lost or stolen PC. In addition, vendors like VMware offer the capabilities to natively encrypt the VM as part of standard policy.
These are basic examples to show how you can secure your VMs just like they were your physical machine.