Secure Desktop Computing in the Cloud

As companies begin to transition the computation that employees perform on their desktop and the management of the desktop computing infrastructure to the cloud, the need for securing such cloud-hosted user computing tasks and environments become paramount. In this paper, we present Venia, a secure cloud-based desktop computing platform designed to protect against both external and internal threats. Accessible to end-users through a thin Remote Desktop Protocol (RDP) client Venia isolates end-user's applications and data into containers and subjects the interactions with and among the containers to security policies. Following a principle of least privilege, Venia security policies control user's access to containers, network and file system interaction of the containers, cross-container data sharing and also enables collection of detailed logs for auditing purpose. Venia has been deployed to a 3rd party test environment where it demonstrated that end-users can perform the tasks they need on a daily basis, without introducing greater risk to the overall organization, and its currently undergoing security and performance evaluation by an independent evaluation team.