VDI Reduction: Enterprise Browsers Redefine Workspaces

Jul 11, 2024
11 minutes
... views

As cyberattacks keep evolving, security and IT leaders find themselves implementing multiple solutions to ensure a secure, agile, and productive work environment. Yet many traditional approaches to securing work not only create a security gap but also lead users to face friction in their day-to-day workflows, which can result in decreased employee performance, general dissatisfaction, and churn of top talent. Virtual desktop infrastructure (VDI) is a great example of a traditional yet challenging approach to securing work.

VDI has proven valuable for securing work in specific scenarios like remote access and specialized workflows, offering secure, centralized computing environments. However, scaling VDI across entire organizations has often resulted in unnecessary complexity and significant productivity losses.

With VDI costs reaching new peaks and failing to address their well-known issues, it's time to consider a modern approach that is easy to implement and maintain, increases security, and greatly improves the user experience. To reduce VDI dependency, organizations need a user-first solution that doesn’t introduce friction, can secure any user or device, and substantially reduces costs.

Prisma Access Browser provides a streamlined, cost-effective alternative that addresses the challenges of wide VDI deployments and enhances productivity.

The Drawbacks of Scaling VDI

VDI has gained popularity for delivering a centralized computing environment to end-users regardless of their device. Thanks to its centralized management and security controls, this approach was favored by IT and security teams. However, the decision to expand VDI to support the surge in unmanaged devices and remote work introduced serious challenges.

  • Frustrating user experience. The rigid structure of VDI environments leads to a poor user experience, reducing overall employee satisfaction and productivity. Users often face latency, performance bottlenecks, and long logon times, leading to frustration and decreased efficiency. These solutions also require long onboarding cycles and a significant learning curve.
  • High costs. VDI solutions are difficult to size and expensive to scale. Adding users means adding and reengineering compute, storage, and networking resources. On top of that, the infrastructure, software, and licensing costs associated with VDI are substantial. Following the Broadcom acquisition, VMware prices increased dramatically, with the new subscription being 10x more expensive, leaving many customers looking for VMware cost reduction.
  • Security blind spots. VDI solutions don’t provide granular visibility into user actions in web applications or last-mile data protection like clipboard and screen sharing control. They also don't provide least-privileged access controls or insider threat protection. Additionally, VDI doesn’t protect data from malware installed on the endpoint, such as keyloggers and screen scrapers. According to the 2023 Verizon report, desktop-sharing software is the second most common attack vector for ransomware, with 30% of respondents reporting ransomware incidents originating from VDI and desktop-as-a-service (DaaS).
  • Complexity and administrative overhead. Managing a large VDI infrastructure requires significant IT resources and can be cumbersome, impacting IT team agility. VDI demands extensive maintenance, including patch management and hardware upgrades.

Enhance End-to-End Security Without Neglecting the Last Mile

UnitedHealth Group, a multinational health insurance and services company, experienced a breach in February when “criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops,” according to SecurityWeek’s reporting on the testimony of Andrew Witty, CEO of UnitedHealth Group. “Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data.”

Witty’s testimony confirmed that the attack compromised both personally identifiable information (PII) and protected health information (PHI).

While VDI is used to establish secure access to a remote desktop, it creates a connection between the unmanaged device and the internal network, leaving it exposed to malware.

Malware installed on an unmanaged device can use screen recording and keyloggers to exfiltrate data and even activate the VDI client. Imagine a scenario where malware takes over a VDI client and downloads another malware to the machine in the internal network by controlling mouse movements and keyboard.

Using VDI also leaves activity inside the browser, where work happens, completely exposed. Work in the browser via remote desktop is still vulnerable to phishing, account takeover attacks, insider threats, malicious extensions, and more. Securing access alone doesn’t provide the granularity of control required to secure the last mile of enterprise work.

Protecting the last mile with Prisma Access Browser ensures that sensitive information remains secure by offering seamless integration of security measures in the browser while providing control and visibility to security and IT teams. It enables highly granular content and context-based controls of data to help ensure that confidential information remains protected.

Prisma Access Browser policies are implemented and completely configurable per user, device posture, location, and web application in just a few clicks via the management console. These advanced controls allow you to:

  • implement data masking.
  • block screenshots.
  • limit sharing via collaboration tools.
  • control copy and paste.
  • prevent printing.
  • apply watermarks on sensitive screens.
  • limit file viewing on unsanctioned apps.
  • block uploads to personal drives.

Turbocharge Performance and Productivity

While VDI may suit certain needs, you don’t have to throw the baby out with the bath water. Reducing reliance on VDI by 80% could improve the work experience for most employees and save significant costs.

Since employees spend 85 to 100% of their workday in a browser, replacing VDI with an enterprise browser for most of their daily tasks can easily improve their satisfaction. Even targeted reductions or eliminations, such as reducing VDI usage to the limited objective of accessing fat client applications, can be beneficial and transform productivity.

Prisma Access Browser presents a modern alternative to VDI. It provides a user-first, lightweight option that meets enterprise needs by embedding security controls within the browser. This allows app performance that is 5x faster than direct-to-internet. This approach allows you to shift security back to the endpoint, ensuring a natural user experience while delivering applications securely.

Reduce VDI Costs

By securing applications directly through the browser, enterprise browsers can significantly reduce the complexity and costs of traditional VDI deployments. When reducing VDI by deploying Prisma Access Browser, customers report saving approximately 80% and more by cutting costs, including:

  • Infrastructure costs. VDI requires substantial processing, network, and storage resources, and load balancers, leading to high costs. Prisma Access Browser reduces the need for such infrastructure by shifting the workload to the browser.
  • Maintenance and administration costs. VDI demands extensive maintenance and high human effort, including patch management and hardware upgrades. Prisma Access Browser lowers these costs by centralizing controls within the browser.
  • Licensing costs. VDI involves significant licensing fees for the VDI platform and for all applications inside. Reducing VDI dependency can save on these costs.
  • Endpoint and network controls and management costs. Securing user interactions and actions inside the VDI environment requires purchasing more endpoint and network security tools and data loss prevention (DLP) mechanisms already native to Prisma Access Browser.

When and Where to Use Prisma Access Browser Instead of VDI

Bring Your Own Device (BYOD) Programs

This is likely the most popular use case for VDI. In today's work environment, most employees have specific devices that they prefer to use for personal and business purposes.

However, introducing a BYOD policy can pose major challenges to the IT team, as the lack of control over personal devices makes securing the business data a near impossibility. VDI secures BYOD programs by leveraging remote desktop access from any personal device, keeping business data on secure, centralized servers rather than local devices.

Prisma Access Browser provides secure, controlled access to corporate applications and data through a web interface, reducing the complexity and resource demands associated with VDI. This approach is easier to manage, more cost-effective, and maintains the highest security standards. Employees can effortlessly access work resources from any device without extensive IT setups, making it a more efficient and user-friendly option for BYOD scenarios.

Contractor Access

VDI allows contractors to access company resources by providing remote desktop access and centralizing data on the company’s servers, using video streaming to establish access. Switching to Prisma Access Browser simplifies this process significantly and provides high agility and better security.

Contractors can access only the necessary applications and data via the browser, which can be quickly provisioned and decommissioned. This reduces the overhead associated with VDI, such as the need for extensive IT support and infrastructure investment, and enhances flexibility by allowing contractors to use their devices with minimal setup and get up and running in minutes.

Prisma Access Browser reduces the attack surface and ensures robust security and data protection, making it a more efficient and cost-effective solution for managing contractor access.

Call Centers

VDI was an intuitive solution given the unique dynamics of call centers, where many employees share the same tools, frequently change workstations, and often have limited documentation. By centralizing data and applications on secure servers, VDI allowed for streamlined control and management.

In many cases, call center employees are also high-turnover employees, which makes them costly for the business and may pose a higher insider threat risk.

Prisma Access Browser can provide a more streamlined solution for call centers. It allows agents to access web applications and other tools through a secure browser, reducing the need for heavy infrastructure and minimizing latency issues. This leads to faster and more reliable access to necessary applications and improved productivity.

More than that, Prisma Access Browser provides highly granular DLP mechanisms that ensure complete control over data accessed in the browser according to the device, user, location, and web application.

The simplicity of deployment and management, superior user experience, immense cost savings, and granular control over data make Prisma Access Browser the ideal replacement for VDI in web-based call center environments.

Secure Access to Sensitive Resources Through SSH and RDP

VDI secures access to sensitive resources by encapsulating user sessions within virtual environments and video streaming content to the endpoint through Secure Shell protocol (SSH) or Remote Desktop Protocol (RDP).

For example, a control system engineer might use VDI to remotely access industrial control systems (ICS) on a factory floor. The engineer can manage programmable logic controllers (PLCs) by leveraging SSH. However, VDI still exposes the network to risks associated with the unmanaged device since the connection established to allow video streaming can be manipulated by cyberattackers.

Prisma Access Browser offers a lightweight, web-based alternative to VDI in securing access through SSH and RDP. It provides security and IT teams with control over access policies, allowing them to enforce security measures, monitor sessions, and promptly respond to unauthorized access attempts.

Leveraging the browser to provide secure, policy-based access instead of a full desktop environment reduces the overhead of managing virtual desktops. It enhances the user experience by allowing access through a familiar browser interface while reducing the attack surface, monitoring all traffic, and maintaining strict security controls.

Developers and Graphic Designers

Developers and graphic designers often require high-performance computing resources and specialized software. VDI can support powerful virtual machines with the necessary tools and environments. Still, it fails to deliver the performance needed for resource-intensive tasks due to network latency and bandwidth limitations.

Transitioning to Prisma Access Browser can significantly benefit developers and graphic designers by providing access to cloud-based development environments and design tools. These platforms are often optimized for performance and can scale according to demand.

Prisma Access Browser ensures secure access without the heavy infrastructure of VDI, offering a smoother and more responsive experience. This approach leverages modern web technologies to provide high-performance capabilities, maintain security and ease of use, and cut costs by over 80%, making it an ideal choice for efficiently handling resource-intensive tasks.

Why You Should Choose Prisma Access Browser

Prisma Access Browser offers a cost-effective alternative to VDI. It:

  • provides built-in protection against web threats, advanced data control capabilities, and simplified management tools.
  • eliminates the need for server maintenance and reduces user frustration, all at a fraction of the cost.
  • has a Chromium-based interface, making it easy to deploy and use while maintaining the highest standards of security through Precision AI that can help identify 2.3 million new and unique attacks and block 112 million malicious URLs daily.
  • natively integrates into Prisma SASE to provide secure remote access to internal web servers to ensure security and productivity.

The ideal solution to secure your workforce balances security and productivity while reducing IT workload. Whether you aim to streamline a call center, simplify contractor onboarding, or implement a secure BYOD program, Prisma Access Browser can reduce VDI dependency and make your workers happy and productive.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.