Securing Desktop-as-a-Service (DaaS)
and Virtual Desktop Infrastructure (VDI)
The concept of optimizing desktop computing has been a consistent
challenge for enterprises. Today, three critical business drivers converge,
making a foundational change in desktop security and access essential:
1. Complexity: The need to tame DaaS/VDI solutions that are often
overly complex to deploy and manage.
2. Remote Work: The established role of remote work in the modern
workplace requires seamless and secure access.
3. Zero Trust Implementation: The ongoing struggle organizations
face with implementing effective, end-to-end Zero Trust security.
All three challenges can be solved practically overnight
The virtual desktop market, and especially DaaS, has been held back by
solutions with inherited complexity. They expose the organization to
risk through the reliance on phishable credentials and the inherent
vulnerability of required client software (the agent).
Trustus AAM Foundational Trust Platform: Provides the foundational
security efficacy beyond conventional Zero Trust:
DaaS VPN access resulting vulnerabilities and complexities are gone.
Trustus eliminates phishable access and the need for traditional VPNs
by acting as an Access Gateway and fronting the DaaS broker/agent.
This establishes the highest level of cryptographic trust for the user's
connection to the DaaS/VDI environment.
Trustus Solves DaaS Vulnerability and Complexity
Problem Solved
Trustus Architecture (Foundational Trust)
Core Efficacy
Credential/
Password Risk
Credential Protection: Trustus certificates protect
the traditional credentials used (passwords, MFA)
from being phished and being a primary attack surface.
Authentication is Foundational: Trustus certificates, operating with the Privacy Bridge, enforce cryptographic identity for the connection, simplifying the access process.
Flawed MFA Security
MFA Enhancement: The user's X.509 certificate provides the single, immutable source of identity.
This high-assurance cryptographic identity is enforced prior to the traditional authentication process that can be breached.
Strongest Cryptographic Trust: Trustus uses X.509 standards-based PKI Protocols for both identity and access.
Agent/Client Vulnerability
Secure Access Gateway: The Trustus Privacy
Bridge is deployed to front the DaaS access point, enforcing the connection decision prior to the DaaS agent initiating a session.
Foundationally Trusted Access: Trustus establishes immutable, cryptographic trust for the entire DaaS connection, securing the existing flow and infrastructure.
Lengthy ZT Implementation
Immutable Foundational Identity: Trustus instantly delivers the core identity and policy enforcement mechanisms required for Zero Trust as a simple, high-assurance layer.
Simplified Deployment: Provides an immediate, single-point solution for identity and secure access policy over existing DaaS, bypassing lengthy, complex network re-architectures.
Inconsistent Remote Security
Consistent Security (BYOD): Trustus ensures a single, high-assurance security posture across all endpoints (corporate or BYOD).
Identity-First Enforcement: Access to the DaaS desktop is conditional on the connecting user's verified cryptographic identity.
