Sergej Khackimullin - Fotolia
Can IT add digital watermarks to its virtual desktops?
As part of a larger security strategy, watermarking virtual desktops can help IT discourage data leakage by adding user-specific text to each desktop.
IT professionals can add watermarks to their virtual desktops to deter malicious insiders from disseminating sensitive information and to remind everyone else that their actions have consequences.
IT pros should consider adding digital watermarks to their users' virtual desktops if they're concerned that an insider might want to steal intellectual property or that a user could inadvertently put confidential information at risk. Watermarking makes it possible to trace a data leak back to its source before it can expose more information.
Be aware, however, that even if IT does add digital watermarks, it does not secure desktops or prevent security breaches. Instead, VDI shops should use them as part of a much broader security strategy.
What is watermarking?
With VDI, watermarking adds an identifier to each virtual desktop image. The identifier provides information about the current session, such as the user's login name, the client IP address and the connection time.
In some cases, the watermark might also include an image such as a company logo. A desktop watermark is semi-transparent and is displayed without changing the original content or interfering with the user's ability to interact with the desktop or its applications. It is similar to how a watermark can be embedded in a PDF file without affecting the text.
A virtual desktop watermark provides a way to identify a user who has taken a screenshot or photograph of a virtual desktop image and made it available to unauthorized individuals, whether out of malicious intent or simple carelessness. The watermark serves as a not-so-subtle reminder to desktop users that IT can track their actions, which can have serious repercussions.
How can IT create digital watermarks?
Each VDI product enables IT to create a watermark a little differently. For example, Citrix recently added the In-session Watermark component to XenApp and XenDesktop. This new feature inserts a watermark into the desktop image at the server level inside the HDX engine before it is transferred to the endpoint. This approach is less risky than adding the watermark as part of a user mode process, which the user can kill to capture the desktop image without the watermark.
VMware shops can create digital watermarks through Desktop Watermark, a native Windows application for adding watermarks to both physical and virtual desktops. In a VDI deployment, system variables that serve as placeholders for the user and device information implement the watermark in the master desktop template. The actual information renders when the desktop streams to the client device.
Both products also enable administrators to set the watermark's opacity, font and screen location, in addition to other features. For example, Citrix In-session Watermark supports multiple instances of a watermark on a single desktop, and VMware Desktop Watermark supports both visible watermarks and invisible watermarks, which require a special tool to read from a screenshot.