Why VMI is More Secure – And Why You Shouldn’t Overlook the New Kid in Class


By Israel Lifshitz - Mar-24-2016

Different. The word can arouse quite the spectrum of reactions. Excitement. Curiosity. Fear. Rejection. And everything in between. Like tasting asparagus for the first time, to welcoming that new spectacled kid in school, our initial assumptions often end up being quite different than our impressions once we learn more about that new person, place or thing we thought we had all figured out.
These assumptions are natural and they follow us into our workplaces and into the business world, where we’re consistently bombarded about the newest, the latest and greatest products and services. In the world of IT security, that’s especially true when you’re exposed to emerging technologies that take on a completely different philosophy than the current standard.
With disruptive technologies like Virtual Mobile Infrastructure (VMI), questions and assumptions are to be expected until people are actually able to get beneath the surface and see the how this approach changes the larger picture. A recent article did a great job of expressing some of these assumptions, chief amongst them the view that VMI isn’t actually more secure than other approaches in the market.
I’m all too happy to dispel this myth and shed light on how VMI impacts your security capabilities. In that article, a reference to the teen classic Mean Girls likened VMI to a certain catch-phrase that the popular ‘Queen Bee’ was sure that would never catch on, so her followers should just, you know, drop it. The author went on to contend that running remote apps in the data center doesn’t ensure higher security, because instead you could pave the road to your enterprise network for attackers.
Sure, hackers are going to try to breach your enterprise network regardless of where your sensitive corporate data rests, be it wrapped in an app and insulated inside a container on the end user’s device, or installed on a cloud or on-premises server. Password/passcode security will always be a risk on end user devices. But the overarching fact of life in mobile security is this: the weakest link in your network, and by a huge margin, is the link you don’t own – the mobile devices of your employees. In today’s BYOD world, you can’t restrict which apps employees can download or install intrusive policies infringe on their freedom or privacy. What you can do is re-locate your prized assets to a much more fortified location.
With VMI, enterprises own the OS and can therefore apply additional patches and encryption to mobile apps before they’re deployed. Your enterprise servers are much better equipped and much more invested in, and that’s for good reason. They’re also much better suited to deal with threats than the virtual jungle of BYOD devices connecting to your network and the unsecured personal apps running inside of them.

The National Institute of Standards and Technology (NIST) recently issued a draft guidance for telework, remote access and BYOD security. The recommendation? That government agencies use VMI for all teleworking employees.
It’s no coincidence that VMI is being adopted by the DoD and public safety agencies, financial and legal firms and healthcare providers – these industries have the most to lose in case of a data breach. Skeptics at first, they applied a critical eye, but what they found in the end was how this innovative approach enhances their security (and almost every aspect of BYOD management) above and beyond their current EMM solutions.
So if you’ve seen Mean Girls, you may remember what happens with the popular and shallow queen bee who judges the new girl harshly… she doesn’t wind up on top now does she? That new kid may appear odd and it may not seem advantageous to befriend them at first. But often it’s that kid that proves the skeptics wrong and ends up being the biggest success.