Don’t cry, stay secure on Frame
Last week’s massive WannaCrypt ransomware outbreak (also referred to as “WannaCry”) affected hundreds of thousands of computers all over the world. Coming in through phishing attacks or the EternalBlue exploit, it could quickly spread throughout a network.
Fortunately, at Frame, we didn’t get a single report from our customers that their accounts were affected. This is largely due to the fact that Frame makes it incredibly easy to protect against this type of attack with our inherently secure architecture. Stateless VMs, fixed app sets, cloud storage/integrated backups, and a simple process to publish updates are all features that let you sleep well at night. Let’s take a quick look at these features to show how you can protect your deployment:
Stateless VMs
In Frame for Business and Frame Platform accounts, users run their sessions on completely stateless virtual machines in the cloud. This means that any changes made to the operating system during the course of a session are completely wiped out at the end of the session. Even if you had no anti-virus or anti-malware protection installed and in the course of your session you got “infected” — just exiting your session will clear the whole thing up. Furthermore, by default your VMs have both the Windows and the cloud infrastructure firewalls in place to prevent spreading infections to other machines.
Fixed app sets
In most use cases on Frame, users are only given access to a fixed set of applications.
For example, when using Frame to distribute accounting tools to the finance department, only those tools that they need are onboarded and accessible. In general, users don’t see a Windows start bar or interact directly with the underlying operating system. And with stateless VMs, users can’t permanently install any unwanted applications or make any persistent changes to the VM. This both combats configuration drift and reduces potential sources of infection.
Cloud storage and integrated backups
When using cloud storage with Frame, all your files are not synced to the stateless VM that you are working on. Instead only those files that you access are copied locally. But this still means that those files can get infected and get back to your cloud storage account, potentially spreading to other machines. That’s simply the inherent nature of cloud storage as summarized by Dropbox here. So it’s important to protect against this path by keeping up-to-date virus and malware protection and applying regular updates on all machines you use, including your Frame account. However, cloud storage also has the inherent benefit of backups. If you did get corrupted files in your cloud storage account — you have the ability to recover previous versions of those files. For example, here’s how Dropbox handles recovering files:
In addition to backups of data afforded through cloud storage, Frame also has options to backup your Sandbox and Utility servers to recover in case of a problem. For more on this option check out this blog post.
Easy updates
Most importantly, Frame makes it incredibly easy to keep all of the virtual machines in your deployment up-to-date. By managing the single Sandbox on your account and using our one-click publish process, you can quickly ensure that your entire deployment has the latest OS and application security updates and virus protections. For more on our publishing process check out this article. Also, keep in mind that while Frame provides you with an up-to-date base operating system when you create a new account, you have complete control over all updates on that machine after you create it. So it’s important that you regularly apply updates and publish to keep your deployment fresh.
Don’t cry, but stay vigilant
As with any IT system, you can’t ignore the potential threats that are and will continue to be out there. Apply best practices and use the tools at your disposal, including Frame, to stay vigilant so outbreaks like WannaCry don’t cause you to shed any tears.
