Another Education Use Case for Virtual Desktops: Compliance

For every student on a college or university campus, there’s a wealth of student-related data that needs to be protected. From payment information to health records, schools hold a lot of protected information that requires they meet a range of compliance requirements.

Many schools are already adopting virtual desktops so they can ditch outdated computer labs and ensure all students and faculty – regardless of location or endpoint device – have easy, consistent access to the apps they need for course work. With the right solution that same technology can help colleges and universities more easily achieve and maintain compliance.

PCI Compliance

From the bursar’s office to school stores, there are a lot of points where educational institutions might handle payment card information (PCI). With the number of students and guests that pass through a campus, the number of transactions can quickly add up, effecting that level of PCI compliance a school would need to follow.

Still, the actual number of staff that need to work within a PCI compliant environment is relatively limited, meaning it doesn’t make sense for a school to spend a lot of money and resources to focus on compliance in-house. By implementing virtual desktops that are designed and audited to be PCI compliant, educational institutions can more easily and quickly achieve and maintain compliance without spending as much time or resources in-house. Even better, you can scale the number of PCI compliant desktops as needed to match demand, such as when dealing with tuition payments.

Another prime use case within colleges and universities for PCI compliant desktops is fundraising offices. An important part of institutional funding, this environment can also create a huge PCI risk as students are often the ones phone banking and soliciting donations. An environment and desktops that aren’t PCI compliant could cause major issues, potentially compromising donor data and their willingness to donate in the future.

HIPAA Compliance

Healthcare data is highly valuable and extremely vulnerable in today’s cyber risk environment. While schools may not handle health records to the same degree as hospitals or healthcare practices, they do hold personal health information (PHI) for any student that visits a health center or counseling resource.

As campus needs change and staff turns over, this can create a high risk environment for PHI. Add in the increasing number of college students seeking mental health care and schools cannot ignore HIPAA requirements. Still, PHI is a small portion of the data a school handles and this department likely doesn’t get excessive funding. That excuse won’t protect you from fines stemming from a HIPAA compliance breach though.

Engaging a desktop as a service (DaaS) provider that offers independently audited HIPAA compliant solutions is a good way to implement compliance without needing to employ in-house expertise or expensive consultants. With an outsourced service like DaaS, the service provider handles much of the compliance heavy lifting and has a vested interest in ensuring the solution keeps up with evolving compliance requirements. This helps colleges and universities protect PHI and meet HIPAA requirements without much thought to the technicalities.

Use Case Based

One of the benefits of desktop virtualization is that you can customize desktops to specific use cases – so not every virtual desktop used on a campus needs to be PCI or HIPAA compliant. Identifying specific groups of users that handle PCI or PHI can help schools create limited use cases that require compliant desktops, allowing them to achieve compliance where needed while still managing budget.

Schools that have implemented in-house VDI can even engage with a compliant DaaS provider for specific use cases. Creating compliant virtual desktop environments are complicated and costly because of the additional technologies and securities required, annual audits and future changes to keep up with updated requirements. This makes it fairly unreasonable for most college and universities to pursue compliant virtual desktops in house. By identifying specific compliance use cases, schools can maintain their current systems and engage a provider for a limited scope – giving them the best of both worlds.