Is it a Flash Drive or a PC?
Have you heard the phrase “PC on a stick”? Or maybe one of these: “desktop virtualization”, “boot from USB”, “application bubbles”, “portable desktop”. What do they mean? These phrases encapsulate some exciting developments happening with portable storage. The last phrase, “portable desktop”, describes it the best for me and it pretty well means what it says. It’s the ability to carry your computing environment around with you without carrying the machine.
The idea is that you no longer need “your” laptop to be productive when you are away from the office. You just need “a” machine as long as it has an accessible USB port for you to plug your device into. Either by rebooting the machine or running within a virtual machine, or an abstracted operating system, you have access to your full corporate desktop and operating environment “running from the stick”. To be clear the OS does not actually run within the stick but uses the CPU of the host machine. The trick is that nothing gets (or should get) installed on the host and ideally, no trace of the portable desktop remains once the device is removed. In effect the machine becomes a monitor, keyboard and mouse while your USB device becomes the “C” drive.
The concept of portable computing has been around for some time. There’s been remote computing where you need to connect to a server to access your desktop, and we’ve had portable applications which may give you some productivity but needs to run within a non-trusted OS. The large memory capacities that are now available in flash drive form factors are making it feasible to carry full blown operating systems such as Windows on a stick.
I can imagine a utopian world of portable desktops where there are public machines sprinkled around airports and coffee shops like wireless access points. People could use them with their own computing environments that they carry on flash drives – no need to carry a laptop anymore. Perhaps this may never happen but in the corporate environment the scenario could be very real. The IT department would manage desktops on USB sticks instead of managing the machines. Not only that, but employees could also work from home using their own computers.
With the right portable desktop implementation even that uncontrolled, malware infected machine that the kids use to play video games could be used and the IT department wouldn’t care. It is easiest to understand how this is possible by looking at a “boot from USB” portable desktop as an example. When you reboot the machine from USB you take full control since the hard disk of the host machine isn’t even used. Provided the portable desktops are fully managed, the organization still has full control over the employee’s computing environment.
If you are seriously contemplating deploying portable desktops here is a list of essential security requirements to look for in a solution:
• The USB devices are fully managed
• No trace of information is left on the host.
• No data can leak from the portable desktop to the host machine.
• No malicious code residing on the host machine can access the portable desktop
• The desktop is fully encrypted (or at least the sensitive parts)
• Strong user authentication is required to access the encrypted desktop
• The desktop is not accessible unless it is actually running.
That last point is worth an interesting final note. It implies that you should not be able to see or manipulate the desktop data just by plugging the USB device into a machine (even after authenticating to the device). Otherwise you would have an exposure to corporate data leaking from the desktop or malicious code infecting the desktop in an uncontrolled environment. Think of it behaving like an internal hard disk of a PC when it is turned off. This is contrary to a flash drive’s normal operation, which is to allow data to be transferred on and off. It looks like a flash drive, but it’s not acting like one…
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply