Q&A with Santhosh Cheeniyil of Avenda Systems

VSM: We haven’t spoken with Avenda Systems before. Can you provide us with a brief overview of the company?

SC: We provide a transparent layer of network access security for wireless, wired and VPN networks; the solution takes a user’s identity, device and other contextual attributes to provide differentiated access in these networks. Our policy platform, called eTIPS, simplifies deployments where customers want to provide, for example, differentiated network access to employees, guests and partners, or provide secure network access to personal devices associated with Bring Your Own Device (BYOD) programs.

VSM: How is this relevant to our audience which is interested in virtualization technology?

SC: What we provide is one of the key ingredients of a layered approach to a defense-in-depth network access security strategy. If we’re talking about BYOD programs, at the network level, we can help associate a user to a device so that the IT team has a way to allow or not allow access to resources in the network. Based on that user’s identity and device type or characteristics, IT can then differentiate access to network resources within the organization.

In this scenario, desktop virtualization is one of the ways that enterprises enable personal devices to have seamless access to data and applications in their network. From our point of view, this is another layer in the defense-in-depth strategy of securing enterprise data. With so many organizations allowing personally owned devices and BYOD programs, organizations need to consider the network-level implications of securing all these devices as well. Once our product fingerprints a personally owned device and identifies the associated user, network level policies can be put in place to allow only access to essential resources, such as your Virtual Desktop Infrastructure.

VSM: With all of those personally owned devices they are looking to apply desktop virtualization to, what are the most significant threats to organizations being infiltrated?

SC: Providing unfettered access to personal devices presents many risks: Corporate confidential information leakage, network integrity risks associated with malware propagated by unknown applications or jail-broken devices, privacy and compliance risk of co-mingling personal and corporate data, etc. Network access security products such as ours and mobile device management technologies such as desktop virtualization play a role in mitigating and managing these risks.

VSM: Why is it so difficult to secure all these devices that corporations may or may not know about?

SC: Personally owned devices come from different vendors, they run different operating systems, and they have different capabilities. The end user experience when it comes to native applications written for a given operating system can vary widely because of these differences. Many of these devices may even be non-securable because of their limited capabilities. Identifying these different device types and capabilities, applying the right security controls and providing a seamless mobility experience to end-users is the key to successfully deploying these personal devices. Technologies such as virtual desktop and device-specific access control help in this regard.