Post-Pandemic: Hybrid Learning and Work Call for Hybrid Cloud

Hybrid Cloud Architecture

As CIOs look toward the future, they realize that remote learning and work are here to stay. A hybrid cloud may be an optimal solution for this new environment.

The coronavirus pandemic has transformed our lives dramatically and will continue to do so. Within a matter of weeks, higher education shifted from a model in which students, faculty, and staff were studying and working on campus 100 percent of the time to a model where they were remote 100 percent of the time. In a recent EDUCAUSE QuickPoll,respondents reported that “hybrid work is here to stay. In fact, the majority of CIOs believe that hybrid work and study—working and studying partially on campus and partially at home—is the future.

While remote work has been incredibly challenging, most remote workers feel more productive and fulfilled and enjoy a better work/life balance. Similarly, several studies have shown that students have a strong preference for hybrid learning, as this combines the social experience that students crave with the flexibility of remote study. What happens after the majority of folks are vaccinated and can resume working and studying safely on campus?

Hybrid Cloud Architecture

 

We envision a world where students, faculty, and staff can work and study at home, on campus, and anywhere in between. In 2021, it is hard to imagine why students would need to commute to campus to access specialized software. Similarly, there is no reason why workers should have to travel to access a campus desktop for compliance or other purposes. In both cases, it should be the desktop that travels (virtually) to the user, and in all cases, the data needs to be secured to ensure compliance with regulations.

While a cloud-based desktop may seem like an ideal way to provide geographic flexibility, the harsh reality is that many use cases are not supported by cloud desktops. Here are just five examples:

Five Use Cases Not Supported by Cloud Desktops

  1. Unique Peripherals and Special Lab Equipment

    Often, colleges and universities invest thousands of dollars in special lab equipment such as computers connected to medical devices, 3D printers, etc.

  2. Staff Computers with FERPA Requirements

    College and university staff often deal with sensitive data that is subject to state and federal regulations. Sometimes these applications are bound to the campus’ Active Directory or IP addresses.

  3. Mac Labs

    Many colleges and universities have invested thousands of dollars in installing and configuring Mac labs. These are often underutilized because of limited lab hours and other reasons.

  4. Limited License Software

    Applications that have strict licensing limitations, allow IP whitelisting, or require a specific radius around the campus are examples of limited license software.

  5. Applications That Are Sensitive to Network Latency

Some applications are very sensitive to network latency. By enabling students to connect to computers on campus, it may reduce network latency.

The Benefits of a Hybrid Cloud

A hybrid cloud (figure 1) would enable staff and faculty to access on-prem and cloud resources in their browsers. Ideally, all of the resources would be accessible from the same portal or app store and obfuscate the technological complexities. After all, the user should never worry about whether the desktop is in the cloud or on-prem. By leveraging on-prem resources and the cloud, both students and faculty can benefit greatly.

A hybrid cloud offers the best of all worlds: a great user experience, high productivity, low cost, and flexibility. In this new world, where we work partially on campus and partially at home, a hybrid cloud allows us to continue to work productively, feel more fulfilled, and enjoy a better work/life balance. In summary, a hybrid cloud may be the optimal solution for both studying and working remotely.

To learn more, listen to Apporto experts introduce Apporto’s hybrid cloud solution or learn about Apporto’s features and benefits.

 

How Apporto helps institutions achieve a zero trust architecture

The 2020 Pandemic has caused permanent disruption to business and critical user workflows. Most universities felt pain points during the pandemic in an effort to maintain productivity. In the post-pandemic world, most universities and staff expect remote work environments.

However, daily ransomware attacks are a reminder that while maintaining user productivity is important – ensuring security is paramount. Colonial’s pipeline’s CEO told congress that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor (MFA) authentication in place. As hackers become more sophisticated and have increasing access to advanced computers, brute force attacks are becoming common, driving the higher education community to take an active approach addressing ransomware and denial-of-service attacks.

In the last thirty days, educational organizations have been the target of more than 6.1 million malware attacks, while the second-most affected industry has only seen 900,000 attacks.

A Zero trust model to defend against ransomware and malware

Many organizations are in the process of implementing a zero trust approach to improve their security posture. Unlike traditional security which assumes that every entity behind a firewall is safe, Zero trust consists essentially of three principles: use least privileged access (LPA), verify explicitly and assume a breach has occurred. Forrester Research popularized the term “zero trust.” This has in-turn created a range of definitions of zero trust, requiring a level of standardization by recognized authorities such as NCSC and NIST.

Zero trust is an approach that transcends specific technologies and point solutions. A key takeaway is that existing approaches to remote work are fraught with security risks and IT leadership must make a departure from usual operations.

Challenges of Remote Access

In a paper entitled “Solving the Challenges of Modern Remote Access”, the Gartner group outlines a decision tree which helps an IT manager understand which technologies are most appropriate for specific use cases. In particular, Gartner recommends IT managers to provide a virtual desktop/DaaS for these use cases:

1- Users need access to highly sensitive or secure data.

2- Users are using devices that are not owned by the organization (BYOD).

If the end user’s device is owned by the organization, Gartner recommends that end users install an Endpoint Protection Platform (EPP) for PCs and Macs and a Mobile Threat Defense (MTD) for mobile devices. Further Gartner recommends that admins remain aware that data is being stored on the end user’s device and take steps to mitigate the risk of those managed devices being on unmanaged networks.

Apporto believes IT admins will find a cloud desktop a more secure (witness the recent attack on software deployment vendor Kaseya) and simpler approach. A Cloud desktop reduces the attack surface significantly by allowing all data to be kept inside a secured perimeter. No data need be shared onto an unmanaged device nor need to exit the organization on an unmanaged network. IT Admins have control of data ingress and egress and can audit activity.

A More Secure Cloud Desktop: Always in the Browser

Whereas many DaaS and VDI companies deliver virtual desktops in a browser, these are often not recommended for many use cases (videoconferencing, graphical applications etc.). Most DaaS and VDI companies strongly recommend that users install and use a client and that end users secure the end point, making sure the client is always up to date. In other words, a cloud desktop that uses a client expands the attack surface to the end point and the IT team is back to managing and maintaining the endpoint’s security.

Apporto on the other hand is always delivered in the browser and does not rely on the end point to be secured. Unlike VPN access which grants the remote worker’s laptop access to the physical network and therefore can be an attack entry point which must be secured using ACLs, the Apporto desktop only allows the remote worker to interact with the delivered desktop via HTML events and messages which provide a very limited attack surface Essentially, the most critical aspect for securing an Apporto Desktop is utilizing strong user identity assurance that can be added to any SSO solution.

Zero Trust Virtual Desktop White Paper

In this white paper, you will learn how Apporto helps companies achieve highly secure remote workplaces

Multi-factor authentication:

Many legacy systems rely on Windows authentication – this is increasingly a high security risk as hackers become more adept at brute force attacks. Apporto always relies on SSO technologies and recommends that those are used in conjunction with MFA to ensure a high level of security to the desktops.

Least Privilege Access

A key rule of zero trust is to trust no one and users should be provided the least amount of privileges needed for their tasks. Apporto enables an admin to deliver:

  1. a remote application in a browser with no access to the OS 2) a desktop with no admin privileges and/or 3) a desktop with admin privileges – all from the same portal and based on the same infrastructure.

Further, Apporto provides a simple console enabling administrators to publish or hide applications or shared folders based on the users’ role/group affiliation. For instance a user who is a member of the engineering team who does not need or have access to SAP would not see the SAP client on his desktop. Similarly a user who does not need access to specific data would not even see the shared folder. This is simply achieved in Apporto through the use of a feature called desktop variants.

One cloud desktop for all tasks:

Another historical problem with cloud desktops has been poor user experience. This is often the result of high network latency or misconfigured applications. Poor user experience is frustrating to users and leads many to use the managed cloud desktop for one set of applications and their unmanaged physical desktop for applications such as video conferencing or chat. This defeats the purpose of the managed cloud desktop since it’s often inevitable that end users will store some of the data on their physical desktop, e.g. uploading or downloading a file from a Teams chat.

Apporto addresses high network latency by utilizing a unique geo-optimizing technology. This means that Apporto can assure that an end user is always connected to the closest data center to ensure minimal network latency. Apporto’s network of data centers ensures that no user is ever further than 50ms from their cloud desktop. Research has shown that at a latency less than 50ms most people cannot distinguish between a local vs remote experience. In addition to our regional infrastructure, Apporto has implemented several additional technologies that enable the bridging of edge video and audio devices into the cloud desktop through the browser. These features allow users to remain on the cloud desktop for all their use cases – even for highly demanding applications such as video conferencing.

Conclusion:

Apporto has leveraged decades of experience to create a secure cloud desktop service. A key goal of the service is to minimize the attack surface – this is achieved by using a clientless virtual desktop, MFA, principle of least privilege for apps and data and visibility/control of all data ingress/egress. The service provides admins with a simple control plain that makes the task simple.