Working in the cloud to prevent viruses & trojans

This post touches some of the IT security topics that modern companies may have to deal with.

Endpoint security? Problematic!

Endpoint security is the security of your company’s laptop and desktop computers. The security of these computers in the outer perimeter of the network is a hot topic. You see the problem with home users that do not have the security devices and software that companies have. Viruses that encrypt personal documents with a password and ask a ransom to release it are common. Banking trojans are widespread as there is much money to be made. But also company databases containing millions of user credentials get stolen. Even PC manufacturers turn malicious under the pressure of advertisers. They ship new laptops with self-signed root certificates that nullify the web’s security system.

BYOD policy? Unstoppable!

Today Bring-Your-Own-Device (BYOD) policies are more popular than ever as people bring their private smart-phones to work. They identify with the device and the brand of the phone. Even the color of the phone or the installed software is part of their identity. People also want to use USB sticks, USB drives and their tablets at work as it has become part of their IT vocabulary. Working remote is encouraged and devices are carried from work to home and vice versa. This causes laptops to be connected to malicious networks, get stolen or just get lost. Fingerprint scanners and full-disk encryption and hardware tokes may help a bit, but do not solve all problems.

PC or Mac? Yes, indeed!

Apple laptops (and phones) are very expensive and have become important status symbols in the workplace. Some colleagues may be lucky to get a shiny Apple laptop or phone from the boss. Others are not that privileged and try to fake their success by buying one with their own money. For phones this is fully accepted. For laptops you see that more and more companies start to allow this. Companies see less interoperability problems, because all major business applications have become browser based. This causes the importance of the choice of desktop operating system to diminish rapidly.

Laptops without viruses

When Google launched it’s ChromeBook concept in 2011 I was expecting companies to start buying these for their employees. This laptop can safely be stolen, destroyed and is (by design) not vulnerable to viruses and trojans. It is even resilient against lost data due to forgotten backups. It’s secret? The laptop does not store any data on the it’s internal hard-disk, but stores everything in the cloud. You can simply reset the laptop to factory defaults, whenever the laptop misbehaves, without losing any data. Google has also started offering complementary corporate email and calendaring solutions. I really thought they had a winner on their hands. I was wrong. Companies did not massively convert.

Super fast and secure development workstations in the cloud!

At LeaseWeb we had (and still have) VMs to do development on, but these are not setup (or fast enough) to run your graphical development tools or VM tools like vagrant or docker. I identified this problem (in 2012) and started an experiment with working fully in the cloud.

I started offering a multi-user desktop development environment for a small group of 5 developers on a single server. The dual CPU server with 64 GB ram was operated by the team’s system engineer. The advantages were great: work from any machine without having to install your development environment. Connect from work or home to the same desktop and take up where you left off. You could also easily share files on the local disks and backups were made for you on the corporate backup systems. The environment was graphical and was totally over-dimensioned and thus super fast.

It failed (for that team). The multi-user desktop environment lifted most of the complaints that existed, but developers now felt that they had less freedom (and less privacy). Apparently they did not care about the source code not leaving the company or any of the other security advantages of working in the cloud (viruses, trojans and backups).

Fast forward to today. Many developers run Linux (often with encrypted disks) on their fast i5 laptops with 8GB of RAM. They put all their work in JIRA and Git, which are both in the cloud. So I guess that there is not much to gain anymore by moving development to the cloud.

But can’t anyone work in the cloud?

Could this pattern of working in the cloud also be applied to a company’s non-development department? These departments may have access to more important (financial) information and their employees may have less IT knowledge. This may cause viruses and trojans to pose a higher risk.

You could set up some (Windows) terminal servers with Remote Desktop Protocol (RDP) and work on these machines. You could run software updates during the nights, make backups for users and lock the system down to prevent viruses and trojans. Employees could use the local browser (on their ChromeBooks) for Internet usage and a locked down remote browser for the company web applications. This way the corporate (sensitive) data should stay protected.

What do you think? Would it work? Use the comments..