Using Zero Trust Access to Replace VDI
VDI incurs a heavy overhead and still leaves security gaps. TransientX ZTA delivers a secure alternative at up to 70% lower cost.
Enterprises have been relying on Virtual Desktop Infrastructure (VDI) for nearly 30 years to protect their data and applications. Running VDI infrastructure or using its new cloud variant, Desktop-as-a-Service (DaaS) can range between $500 to more than $1000/year per user when VDI licenses, MSFT licenses, network infrastructure or cloud costs are included. Further, the complexity of these systems requires support by highly skilled individuals at significant annual operational costs.
Zero Trust Access eliminates the need for VDI. TransientX provides a complete zero trust network access (ZTNA) solution at a total cost that can be up to 70% lower than VDI, with a fraction of time and skills required to support.
The Enterprise Security Challenge
Many enterprises process customer data that is regulated (for example banking information, health records) or worth significant sums in the wrong hands (identities, credit cards, digital certificates). To prevent data loss, security teams have relied on VDI to control access to applications holding this data. With VDI a virtualized Windows desktop via either a browser, or more often, a local application is used to perform their tasks.
The primary value of these solutions is twofold:
▪ Protect application servers: Don’t let bad-actors access the data center or cloud where the apps and data reside ▪ Protect enterprise data: Don’t allow end-users to mis-use enterprise-held data
Traditionally a combination of VPN and VDI has been used to accomplish these goals with each delivering these key features:
|VPN and Security Infrastructure: Protect app servers||VDI: Protect data|
▪ Single Sign On (SSO)
▪ Conditional Access Controls
▪ Network Segmentation
▪ Conditional Acces
▪ Keyboard logging
▪ Browser isolation
▪ Screen recording
VDI, whether it is run in a private data center (about 90% of usage in 2021) or in the cloud (e.g. Windows Virtual Desktops or Citrix Workspace), is complex to manage. It is also costly, with software and infrastructure costs of $50-70 per month before discounts, plus the fully loaded employee costs to manage these services. Even with cloud-hosted services, the complexity of application publishing, compatibility testing and managing connectivity to the application remain as work items.
VDI is predominantly used for app-access control in verticals where the loss of data has significant legal or financial consequences. These include healthcare (the top vertical for VDI), finance and insurance, call centers, manufacturing, legal and logistics. In all of these cases, either a browser or a set of thick-client apps are run in a VDI context. This represents 70-80% of the 300-500 million seat VDI market today.
Zero Trust Access solutions have emerged to protect data centers and cloud-based private applications. These solutions protect the enterprise data center or cloud application instances by:
- Limiting users to access only applications for which they are assigned
- Limiting client devices to only reach configured applications, while hiding all other servers.
- Continuously assessing the user and device to ensure that their activities adhere to risk policies of the enterprise, including reviewing location, software and OS versions, and end-point protection levels
- Using VPN-less access where an agent/connector is deployed in the data center and connects to a cloud-based gateway, eliminating the need for opening firewall ports
Customers using VDI still need to deploy additional security services. While this may be counter-intuitive at first glance, use of applications in VDI does not prevent breaches in data centers. A rogue application deployed in a VDI instance can still wreak havoc in a data center if it has unfettered access!
TransientX unifies the solution into a single, cohesive cloud service that delivers true zero-trust security for the enterprise. With TransientX: ▪ VDI software or services are no longer required ▪ Enterprises get a complete ZTNA solution, ▪ Risks of breaches are steeply reduced with a no-gateway technology that eliminates cloud-based infrastructure through which enterprise data must pass.
TransientX is a complete VDI replacement for app-access control, representing more than 70% of use cases.
TransientX vs. VDI
Implementing VDI services in the cloud brings significant cost of operations. As shown below, with a 3-year commitment, Cloud-based VDI solutions from Citrix cost at least $23/ month or nearly $300 per year with a 3-year commitment. In addition, a separate full ZTNA solution must be purchased to provide data center security. TransientX provides greater functionality, lower risk of security by virtue of not touching customer data in cloud services, while costing 66% to 75% less for the same solution when all costs are included.