IBM has taken the secure USB stick concept to its logical extreme, announcing a pilot service capable of streaming an enterprise user’s entire Linux or Windows desktop to a remote PC through a virtual machine running from a flash drive.
Called the Secure Enterprise Desktop (SED) and packaged as an extension of IBM’s Smart Business Desktop Cloud service, the system bears a superficial resemblance to other examples of virtualised USB stick technology that have appeared from SanDisk/Check Point and IronKey/Imation.
After booting from the SED stick and establishing an encrypted VPN channel to the cloud, a hypervisor is launched which allows the user’s applications and data to be streamed securely to the host.
The innovation is that the applications and data reside in the cloud rather than on the USB stick, with data either stored only in RAM on a temporary basis or written to an encrypted portion of the local hard drive with the key retained on the device. This allows the device to offer an online mode which updates each time the stick is re-connected.
The device offers a range of authentication options, including a built-in card reader as well as PIN.
“We wanted to enable people to use their own machines,” said IBM Research project engineer, Micheal Baentsche, explaining that customers were looking for a secure way of allowing employees to use personal machines from home.
The technology emerged from IBM’s Swiss division where it has been in use in a simpler form as the company’s Zone Trusted Information Channel (ZTIC), a USB stick technology used to secure online consumer banking access for a number of Swiss institutions, he said.
“We allow people to use the ZTIC when they are doing corporate work.”
The technical requirements for the Secure Enterprise Desktop were a 64-bit version of Linux or Windows (an Apple version is being developed), with Linux server and Apache in the cloud. Deployments also integrated with IBM Tivoli and WebSphere and would run from within a company’s firewall or as a straight service using IBM’s cloud services.
“The Secure Enterprise Desktop streams a user’s entire PC desktop from a cloud that is both secure and easy to use,” said Baentsche’s IBM Research colleague, Paolo Scotton.
“With this service, organisations can work smarter by more efficiently managing end-to-end-security on the IT-client side while employees can conveniently and safely access their office desktop on any computer for seamless computing.”
The Secure Enterprise Desktop will be demonstrated at the CeBIT fair in Hannover between 6 and 10 March. Although still in its pilot phase, the maturity of the underlying ZTIC bodes well for a commercial future that should see it released later in 2012. Pricing is not yet available.