Do you understand the different ways licensing has the potential to add value to your business? You can create additional revenue streams by licensing “out” the intellectual property you invent and develop. (This is typically what’s known as product licensing.) To help you accelerate the growth of your brand, entrepreneurs should consider licensing “in” others’ intellectual property.
This is what’s known as brand licensing, and the opportunity it poses is massive. In 2018, the global retail sales of licensed merchandise topped $280 billion. I experienced the power of brand licensing firsthand when my guitar pick company Hot Picks became a Disney licensee. Having our guitar picks in the shape of beloved characters like Mickey Mouse enabled us to start selling at Walmart.
Becoming the best-selling small accessory in the music department at Walmart resulted in further retail opportunities, including 7-Eleven. Our sales grew through the roof! To find out about best practices in brand licensing today, I interviewed Jackson Aw, the founder and CEO of Mighty Jaxx, an innovative Singapore-based company that produces designer collectibles and soft goods.
Mighty Jaxx is a licensee of many of the world’s most beloved brands, including Netflix, Formula 1, Hasbro, Toei Animation, Cartoon Network, Nickelodeon, Warner Brothers, and Adidas. Founded in 2012, the company has grown to 150 employees, is valued at $200 million, and ships to 80 countries.
Each Mighty Jaxx collectible — which range from as low as $12.99 to upwards of $800 — features a patent-pending authentication system that merges hardware and software. Collectors are able to register their ownership of their collectable on the blockchain with a simple tap of their phone.
Provenance is particularly relevant for limited edition collectibles, Aw explained, because it allows their value to grow in secondary marketplaces. “When we think about why people collect stuff and like certain things, part of it may be because of the product, its quality and the scarcity of it and whatnot. But above everything, it’s the intellectual property that they love and why they want to buy it,” Aw said.
Here’s what I learned.
1. The first step? Just ask.
Aw’s team was only five people strong when he sent a cold email to the head of toys at DC Comics, a Warner Brothers’ property, about licensing its characters. At the time, he said, no one took his company very seriously because it was small.
Recognizing that Mighty Jaxx couldn’t compete on volume, he stressed his point of difference — that his collectibles would take classic characters and make them cool to a lifestyle-oriented audience — during their 30-minute in-person meeting.To his disbelief, it worked: They shook hands on a deal, and when he returned to Singapore, a contract was waiting for him.
2. It’s much easier to land your second licensor than your first.
After securing the partnership of DC Comics, the floodgates opened. This is especially true if you land a high-profile licensor.
3. Hire an experienced intellectual property lawyer to review the finer points of your contract.
There’s a difference between the business terms of a licensing agreement and the legal terms. Make sure to also seek out an individual who understands how to negotiate the business terms.
4. Look for a sweet spot when negotiating minimum guarantees.
Minimum guarantees refer to the fee you are legally obligated to pay the licensee, regardless of how many units featuring their IP you actually sell. Warner Brothers was kind to allow Mighty Jaxx to split up its initial payments, Aw said.
5. Expect to pay a higher royalty rate for intellectual property that is trendy.
IP that is hot generally trends above a 10 percent royalty rate and can garner as much as a 20 percent royalty. Ask yourself, “What’s appropriate for my business right now? What kind of exposure can I let myself get into?”
6. Don’t overlook the power of nostalgia.
At first, Mighty Jaxx focused on acquiring properties that were likely to resonate with an older audience who had more disposable income.
7. Trust your gut when it comes to assessing the value of new intellectual property.
It’s almost impossible to gauge whether a new movie, for example, will become a hit, Aw says. Licensing a popular brand onto your product can help you open doors that you wouldn’t be able to alone. Becoming a Disney licensee was one of the smartest things Hot Picks did to grow our audience and our business.
To find out more about brand licensing, I recommend following Brands Untapped, a site that celebrates the creativity of the licensing community.
With a massive number of cryptocurrencies exploding in the market, crypto wallet application adoption is also rising at a faster pace. With the technological revolution, hackers have also fine-tuned their hacking methods and have now grown up smarter to hack your crypto wallets.
Generally, Cryptocurrency Wallet Development Company offers multi-layer security to the crypto applications developed by them. But, still can be prone to hacking attempts.
Hackers are Making a Way into Your Crypto Wallet!
The initial 7 months of 2022 witnessed $1.9 billion worth of crypto coins being stolen which accounts for 60% more compared to last year. When a user downloads a trojan application on the device, it steals $600,000 worth of Bitcoins from your Crypto Wallet Application. This Android trojan is called Sharkbot which initiates money transactions from your crypto wallets bypassing the security systems. This is just one type of trojan, there are multiple trojans the hackers can attack your Crypto Wallet Application with.
Also, hackers normally try to exploit the interfaces that connect the crypto wallet applications to the backend service that supports them.
Security Hacks You Need to Ponder on for Defending your Crypto Wallets!
Cold Wallet to be Your Savior!
The best way to prevent cryptocurrency loss is to store your coins in a cold wallet or hardware wallet. These wallets store your funds offline, thus preventing hackers from accessing your cryptocurrencies online or through traditional methods.
A cold crypto wallet is much like a USB device, holding a private key that is used to access your cryptocurrencies. Storing your private key online will result in hackers easily accessing it and your account will be compromised. This will lead you to lose all your crypto investment. So, it is advisable to store your private key offline.Exchange platform that Keeps Hackers Away!
Before you choose an exchange platform, make sure you carry out your research thoroughly on the security of the crypto exchange platform. Check online if the crypto exchange platform you are choosing has been compromised in the past or if any wallet on the exchange platform has been hacked. If the crypto exchange platform has been hacked, it depicts poor security protocols, where your crypto wallet or investment in it might be at risk.
Check if the crypto exchange platform is using multi-factor authentication or TLS/ SSL encryption to secure your wallet. In the last, verify if they have any safety measures in place like the transaction limits and notifications on every transfer or even the option to freeze the account and mitigate the damages.If you are looking for a crypto exchange development, here it is! RWaltz Software, Your trusted partner to launch your crypto exchange platform.
Multi-Factor Authentication to Authenticate Your Access!
Multi-Factor Authentication offers a layered defense mechanism by authenticating your wallet with independent credentials like passwords, security tokens, and/ or biometrics. To set up multi-factor authentication, you can select either SMS or a 2FA application push notification.
Be Aware of Phishing Attacks!
Phishing attackers generally target users by posing as legitimate entities to gain access to your sensitive information. Avoid falling prey to these phishing attacks by making sure you log into the correct crypto exchange platform. Don’t click on the link received over emails, chats, or even text messages.
Save the exchange link or add it to your favorites. Lastly, always verify the details twice before you make crypto transactions.
Don’t forget to Change Your Passwords Regularly!
It is a cyber law, that how much ever tricky password you set, one day it will be compromised. So, the best way to prevent this theft is to set a complex password, store it safely and change it regularly. Make sure you don’t reuse the password or set any personal information as a key.
Instead of saving passwords on google, use password managers. Lastly, make sure your password is updated every six months.
BitcoinVB – Highly Secure Wallet Application by the Industry Leaders!
BitcoinVB is a highly secure wallet application developed by RWaltz for ensuring the secure storing and management of bitcoins. Click here, to explore the portfolio! If you are looking for a similar wallet application, then RWaltz can be the right choice for you. We are a reliable cryptocurrency wallet development company that offers custom digital wallet app development.
Let’s Wrap Up!
Hopefully, the above article has enlightened your knowledge of digital wallet app security. If you have any queries, feel free to connect with our experts. Hurry up! Schedule a meeting now!
An estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.
The Red Flags Rule1 requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.
The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. This article has tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program.
An Overview
The Red Flags Rule tells you how to develop, implement, and administer an identity theft prevention program. A program must include four basic elements that create a framework to deal with the threat of identity theft.2
A program must include reasonable policies and procedures to identify the red flags of identity theft that may occur in your day-to-day operations. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.3 For example, if a customer has to provide some form of identification to open an account with your company, an ID that doesn’t look genuine is a “red flag” for your business.
A program must be designed to detect the red flags you’ve identified. If you have identified fake IDs as a red flag, for example, you must have procedures to detect possible fake, forged, or altered identification.
A program must spell out appropriate actions you’ll take take when you detect red flags.
A program must detail how you’ll keep it current to reflect new threats.
Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule has requirements on how to incorporate your program into the daily operations of your business. Fortunately, the Rule also gives you the flexibility to design a program appropriate for your company — its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive program to address a high risk of identity theft, a streamlined program may be appropriate for businesses facing a low risk.
Securing the data you collect and maintain about customers is important in reducing identity theft. The Red Flags Rule seeks to prevent identity theft, too, by ensuring that your business or organization is on the lookout for the signs that a crook is using someone else’s information, typically to get products or services from you without paying for them.
That’s why it’s important to use a one-two punch in the battle against identity theft: implement data security practices that make it harder for crooks to get access to the personal information they use to open or access accounts, and pay attention to the red flags that suggest that fraud may be afoot.
Who Must Comply with the Red Flags Rule: A Two-Part Analysis
The Red Flags Rule requires “financial institutions” and some “creditors” to conduct a periodic risk assessment to determine if they have “covered accounts.” The determination isn’t based on the industry or sector, but rather on whether a business’ activities fall within the relevant definitions. A business must implement a written program only if it has covered accounts.
Financial Institution
The Red Flags Rule defines a “financial institution” as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or a person that, directly or indirectly, holds a transaction account belonging to a consumer.4 While many financial institutions are under the jurisdiction of the federal bank regulatory agencies or other federal agencies, state-chartered credit unions are one category of financial institution under the FTC’s jurisdiction.
Creditor
The Red Flags Rule defines “creditor” based on conduct.5
To determine if your business is a creditor under the Red Flags Rule, ask these questions:
Does my business or organization regularly:
defer payment for goods and services or bill customers?
grant or arrange credit?
participate in the decision to extend, renew, or set the terms of credit?
If you answer:
No to all, the Rule does not apply.
Yes to one or more, ask:
Does my business or organization regularly and in the ordinary course of business:
get or use consumer reports in connection with a credit transaction?
give information to credit reporting companies in connection with a credit transaction?
advance funds to — or for — someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them)?
If you answer:
No to all, the Rule does not apply.
Yes to one or more, you are a creditor covered by the Rule.
Covered Accounts
If you conclude that your business or organization is a financial institution or a creditor covered by the Rule, you must determine if you have any “covered accounts,” as the Red Flags Rule defines that term. You’ll need to look at existing accounts and new ones6. Two categories of accounts are covered:
A consumer account for your customers for personal, family, or household purposes that involves or allows multiple payments or transactions.7 Examples are credit card accounts, mortgage loans, automobile loans, checking accounts, and savings accounts.
“Any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”8 Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. Unlike consumer accounts designed to allow multiple payments or transactions — always considered “covered accounts” under the Rule — other types of accounts are “covered” only if the risk of identity theft is reasonably foreseeable.
In determining if accounts are covered under the second category, consider how they’re opened and accessed. For example, there may be a reasonably foreseeable risk of identity theft in connection with business accounts that can be accessed remotely — say, through the Internet or the telephone. Your risk analysis must consider any actual incidents of identity theft involving accounts like these.
If you don’t have any covered accounts, you don’t need a written program. But business models and services change. You may acquire covered accounts through changes to your business structure, process, or organization. That’s why it’s good policy and practice to conduct a periodic risk assessment.
FAQs
I review credit reports to screen job applicants. Does the Rule apply to my business on this basis alone? No, the Rule does not apply because the use is not “in connection with a credit transaction.”
What if I occasionally get credit reports in connection with credit transactions?According to the Rule, these activities must be done “regularly and in the ordinary course of business.” Isolated conduct does not trigger application of the Rule, but if your business regularly furnishes delinquent account information to a consumer reporting company but no other credit information, that satisfies the “regularly and in the ordinary course of business” prerequisite.What is deemed “regularly and in the ordinary course of business” is specific to individual companies. If you get consumer reports or furnish information to a consumer reporting company regularly and in the ordinary course of your particular business, the Rule applies, even if for others in your industry it isn’t a regular practice or part of the ordinary course of business.
I am a professional who bills my clients for services at the end of the month. Am I a creditor just because I allow clients to pay later?No. Deferring payment for goods or services, payment of debt, or the purchase of property or services alone doesn’t constitute “advancing funds” under the Rule.
In my business, I lend money to customers for their purchases. The loans are backed by title to their car. Is this considered “advancing funds”?Yes. Anyone who lends money — like a payday lender or automobile title lender — is covered by the Rule. Their lending activities may make their business attractive targets for identity theft. But deferring the payment of debt or the purchase of property or services alone doesn’t constitute “advancing funds.”
I offer instant credit to my customers and contract with another company to pull credit reports to determine their creditworthiness. No one in our organization ever sees the credit reports. Is my business covered by the Rule?Yes. Your business is — regularly and in the ordinary course of business — using credit reports in connection with a credit transaction. The Rule applies whether your business uses the reports directly or whether a third-party evaluates them for you.
I operate a finance company that helps people buy furniture. Does the Rule apply to my business?Yes. Your company’s financing agreements are considered to be “advancing funds on behalf of a person.”
In my legal practice, I often make copies and pay filing, court, or expert fees for my clients. Am I “advancing funds”?No. This is not the same as a commercial lender making a loan; “advancing funds” does not include paying in advance for fees, materials, or services that are incidental to providing another service that someone requested.
Our company is a “creditor” under the Rule and we have credit and non-credit accounts. Do we have to determine if both types of accounts are “covered accounts”? Yes. You must examine all your accounts to determine which are “covered accounts” that must be included in your written identity theft prevention program.
My business accepts credit cards for payments. Are we covered by the Red Flags Rule on this basis alone?No. Just accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule.
My business isn’t subject to much of a risk that a crook is going to misuse someone’s identity to steal from me, but it does have covered accounts. How should I structure my program?If identity theft isn’t a big risk in your business, complying with the Rule is simple and straightforward. For example, if the risk of identity theft is low, your program might focus on how to respond if you are notified — say, by a customer or a law enforcement officer — that someone’s identity was misused at your business. The Guidelines to the Rule have examples of possible responses. But even a business at low risk needs a written program that is approved either by its board of directors or an appropriate senior employee.
How To Comply: A Four-Step Process
Many companies already have plans and policies to combat identity theft and related fraud. If that’s the case for your business, you’re already on your way to full compliance.
1. Identify Relevant Red Flags
What are “red flags”? They’re the potential patterns, practices, or specific activities indicating the possibility of identity theft.9 Consider:
Risk Factors. Different types of accounts pose different kinds of risk. For example, red flags for deposit accounts may differ from red flags for credit accounts, and those for consumer accounts may differ from those for business accounts. When you are identifying key red flags, think about the types of accounts you offer or maintain; the ways you open covered accounts; how you provide access to those accounts; and what you know about identity theft in your business.
Sources of Red Flags. Consider other sources of information, including the experience of other members of your industry. Technology and criminal techniques change constantly, so it’s important to keep up-to-date on new threats.
Categories of Common Red Flags. Supplement A to the Red Flags Rule lists specific categories of warning signs to consider including in your program. The examples here are one way to think about relevant red flags in the context of your own business.
Alerts, Notifications, and Warnings from a Credit Reporting Company. Changes in a credit report or a consumer’s credit activity might signal identity theft:
a fraud or active duty alert on a credit report
a notice of credit freeze in response to a request for a credit report
a notice of address discrepancy provided by a credit reporting company
a credit report indicating a pattern inconsistent with the person’s history B for example, an increase in the volume of inquiries or the use of credit, especially on new accounts; an unusual number of recently established credit relationships; or an account that was closed because of an abuse of account privileges
Suspicious Documents. Documents can offer hints of identity theft:
identification looks altered or forged
the person presenting the identification doesn’t look like the photo or match the physical description
information on the identification differs from what the person with identification is telling you or doesn’t match a signature card or recent check
an application looks like it’s been altered, forged, or torn up and reassembled
Personal Identifying Information. Personal identifying information can indicate identity theft:
inconsistencies with what you know — for example, an address that doesn’t match the credit report or the use of a Social Security number that’s listed on the Social Security Administration Death Master File
inconsistencies in the information a customer has submitted to you
an address, phone number, or other personal information already used on an account you know to be fraudulent
a bogus address, an address for a mail drop or prison, a phone number that’s invalid, or one that’s associated with a pager or answering service
a Social Security number used by someone else opening an account
an address or telephone number used by several people opening accounts
a person who omits required information on an application and doesn’t respond to notices that the application is incomplete
a person who can’t provide authenticating information beyond what’s generally available from a wallet or credit report — for example, someone who can’t answer a challenge question
Account Activity. How the account is being used can be a tip-off to identity theft:
shortly after you’re notified of a change of address, you’re asked for new or additional credit cards, or to add users to the account
a new account used in ways associated with fraud — for example, the customer doesn’t make the first payment, or makes only an initial payment; or most of the available credit is used for cash advances or for jewelry, electronics, or other merchandise easily convertible to cash
an account used outside of established patterns — for example, nonpayment when there’s no history of missed payments, a big increase in the use of available credit, or a major change in buying or spending patterns or electronic fund transfers
an account that is inactive is used again
mail sent to the customer that is returned repeatedly as undeliverable although transactions continue to be conducted on the account
information that the customer isn’t receiving an account statement by mail or email
information about unauthorized charges on the account
Notice from Other Sources. A customer, a victim of identity theft, a law enforcement authority, or someone else may be trying to tell you that an account has been opened or used fraudulently.
2. Detect Red Flags
Sometimes, using identity verification and authentication methods can help you detect red flags. Consider whether your procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.
New accounts. When verifying the identity of the person who is opening a new account, reasonable procedures may include getting a name, address, and identification number and, for in-person verification, checking a current government-issued identification card, like a driver’s license or passport.
Depending on the circumstances, you may want to compare that to information you can find out from other sources, like a credit reporting company or data broker, or the Social Security Number Death Master File.10 Asking questions based on information from other sources can be a helpful way to verify someone’s identity.
Existing accounts. To detect red flags for existing accounts, your program may include reasonable procedures to confirm the identity of the person you’re dealing with, to monitor transactions, and to verify the validity of change-of-address requests. For online authentication, consider the Federal Financial Institutions Examination Council’s guidance on authentication as a starting point.11
It explores the application of multi-factor authentication techniques in high-risk environments, including using passwords, PINs, smart cards, tokens, and biometric identification. Certain types of personal information — like a Social Security number, date of birth, mother’s maiden name, or mailing address — are not reliable authenticators because they’re so easily accessible.
You may be using programs to monitor transactions, identify behavior that indicates the possibility of fraud and identity theft, or validate changes of address. If so, incorporate these tools into your program.
3. Prevent And Mitigate Identity Theft
When you spot a red flag, be prepared to respond appropriately. Your response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.
The Guidelines in the Red Flags Rule offer examples of some appropriate responses, including:
monitoring a covered account for evidence of identity theft
contacting the customer
changing passwords, security codes, or other ways to access a covered account
closing an existing account
reopening an account with a new account number
not opening a new account
not trying to collect on an account or not selling an account to a debt collector
notifying law enforcement
determining that no response is warranted under the particular circumstances
The facts of a particular case may warrant using one of these options, several of them, or another response altogether. Consider whether any aggravating factors raise the risk of identity theft. For example, a recent breach that resulted in unauthorized access to a customer’s account records would call for a stepped-up response because the risk of identity theft rises, too.
4. Update The Program
The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in your own experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts you offer; and changes in your business, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.
Administering Your Program
Your Board of Directors — or an appropriate committee of the Board — must approve your initial plan. If you don’t have a board, someone in senior management must approve it. The Board may oversee, develop, implement, and administer the program — or it may designate a senior employee to do the job. Responsibilities include assigning specific responsibility for the program’s implementation, reviewing staff reports about compliance with the Rule, and approving important changes to your program.
The Rule requires that you train relevant staff only as “necessary.” Staff who have taken fraud prevention training may not need to be re-trained. Remember that employees at many levels of your organization can play a key role in identity theft deterrence and detection.
In administering your program, monitor the activities of your service providers. If they’re conducting activities covered by the Rule — for example, opening or managing accounts, billing customers, providing customer service, or collecting debts — they must apply the same standards you would if you were performing the tasks yourself. One way to make sure your service providers are taking reasonable steps is to add a provision to your contracts that they have procedures in place to detect red flags and either report them to you or respond appropriately to prevent or mitigate the crime. Other ways to monitor your service providers include giving them a copy of your program, reviewing the red flag policies, or requiring periodic reports about red flags they have detected and their response.
It’s likely that service providers offer the same services to a number of client companies. As a result, the Guidelines are flexible about service providers using their own programs as long as they meet the requirements of the Rule.
The person responsible for your program should report at least annually to your Board of Directors or a designated senior manager. The report should evaluate how effective your program has been in addressing the risk of identity theft; how you’re monitoring the practices of your service providers; significant incidents of identity theft and your response; and recommendations for major changes to the program.12
France’s data protection regulator on Thursday hit Google and Facebook with fines of €150 million ($170 million) and €60 million ($68 million), respectively, for failing to provide internet users an easy way to disable online trackers, marking the latest in a series of fines faced by the two American tech giants for failing to comply with European privacy laws.
Key Facts
In a statement outlining its investigation, French regulator CNIL noted that Facebook, Google and Youtube’s websites offered a button that allowed users to immediately accept cookies but did not provide a similar button to easily refuse them.
The regulator added that the process of refusing the online trackers was several steps longer.
The CNIL ruled that this process affects users’ freedom of consent as it influences their choice of accepting or rejecting cookies.
While cookies can be essential for a website’s functioning—allowing for user authentication and remembering preferences among other things—they can also be used to track a user’s online behavior and serve them advertising.
In addition to the hefty fines, both companies have been ordered to update their interface for French users—making it easier for them to reject cookies—within three months.
Key BackgroundThe fines against Google and Facebook follow a series of similar regulatory actions facing U.S tech giants including Apple and Amazon in Europe. In December 2020, Google and Amazon were hit with similar fines for their handling of web cookies to track user activities without seeking proper consent..
Last year, regulators in France, the U.K., and the EU initiated formal antitrust probes into Google and Facebook’s online advertising business. The European Union’s General Data Protection Regulation (GDPR) which went into effect in May 2018 has dramatically increased the powers of the bloc’s privacy enforcers. Under the law, serious privacy breaches can lead to fines of as much as 4% of a company’s annual global revenue.
Wickelgren, Abraham (2001). “Damages for Breach of Contract: Should the Government Get Special Treatment?”. Journal of Law, Economics & Organization. 17: 121–148. doi:10.1093/jleo/17.1.121.
A look at the differences between virtual desktops and cloud desktops, and why businesses need a fresh, cloud-native approach as hybrid working conditions continue to become the norm. With more people working remotely for the foreseeable future, the corporate network’s ability to protect assets has significantly eroded.
There’s been an explosion of commentary in recent months about the “future of work,” and much of it has reinforced a few key themes: most enterprises will embrace hybrid models in which more work is done outside the office, and to do so, they’ll leverage cloud technologies to make corporate assets and workflows available from anywhere on any device.
This is all fairly straightforward at a high level, but moving a bit closer to specific companies and specific business decisions, things can be more complicated. Specifically, for many organizations, the difference between virtual desktops and cloud desktops will be crucial.
I’ve seen this tension firsthand, having worked for years in both the virtual desktop infrastructure (VDI) space and the more recently-emerged market for Cloud PCs. Let’s look at the differences between the two and why only the latter is suitable for enterprises’ needs, both today and in the future.
Legacy VDI: Like using a horse-drawn carriage instead of a fleet of supersonic trains
Legacy VDI usually involves an enterprise running Windows in its own data center so it can provide remote access to workers. This solves the problem of making enterprise resources securely available outside the office, but that’s just about all it solves.
Many organizations rely heavily on Windows frameworks, not only for applications but also security, authentication, and overall workflows. In the pre-pandemic world, this was fine because most employees came into the office, logged onto the corporate network, and received updates to keep their devices secure. But with more people working remotely for the foreseeable future, the corporate network’s ability to protect assets has significantly eroded.
Moreover, many of the people working from home need Windows but have moved to other endpoints, such as Chromebooks. This is especially true for personal devices, and it’s quite common for work-from-home employees to use their preferred devices for professional tasks at least some of the time. As a result, securing a company-issued machine isn’t helpful if hybrid or remote employees are going to access enterprise resources from other endpoints.
The IT challenge is thus to support machines not only outside the corporate network but also outside traditional PCs. Some kind of remote desktop is obviously part of the solution, but most existing approaches cannot match the scale of this challenge.
Legacy VDI usually involves an enterprise running Windows in its own data center so it can provide remote access to workers. This solves the problem of making enterprise resources securely available outside the office, but that’s just about all it solves.
VDIs require a lot of IT resources to maintain—another potentially significant problem, given that most CEOs want their technical talent focused on strategic projects, not IT curation.
Physics can’t be cheated, so the farther workers are from that single data center, the worse latency and performance become. For example, let’s say a few years ago, a small group of contractors or remote employees needed access but were relatively close to the home office, so this wasn’t a big problem. However, as the number of users grew and their distance from the office increased, legacy VDI fell flat, offering slow, productivity-killing performance.
This situation, as unhelpful as it is, doesn’t even take into account that VDIs require a lot of IT resources to maintain—another potentially significant problem, given that most CEOs want their technical talent focused on strategic projects, not IT curation.
Because of these limitations of legacy on-premises VDIs, a variety of alternatives have emerged, but few of them meet the core demands for scalability, performance, and manageability. For instance, Desktop-as-a-Service (DaaS) offerings are often just a VDI in a managed service provider’s (MSP) data center.
This doesn’t solve the challenge of scaling remote resources up or down as the workforce changes, and depending on the MSP’s geographic footprint, may not do much to address performance concerns either.
Even running VDI in a top public cloud is not the panacea it may seem. When it comes to managing a VDI, it’s just like legacy VDI, only with hardware maintained by someone else. This means that if a business wants to extend remote access to workers in new regions, it will need to duplicate its VDI solution into those regions.
So while this approach may not require the same capital expenses as on-premises VDI, in terms of IT resources required for ongoing management, it is still costly and onerous.
How are Cloud PCs different?
Rather than attempting to retrofit legacy VDI for today’s landscape, businesses need a fresh, cloud-native approach—a Cloud PC.
By cloud-native, I mean a Software-as-a-Service (SaaS) model defined by the following:
Elastic scale and flexible pricing: New Cloud PCs can be spun up as needed in less than an hour, without the traditionally lengthy and complex provisioning processes, and enterprises only pay for the resources they use. Just as the number of Cloud PCs can be scaled up or down as needed, so too can the underlying compute and storage resources. This gives the Cloud PC more potential power for intense and complicated tasks, compared to running the OS locally on each machine, let alone compared to legacy VDI.
Up-to-date security, low latency, and global availability: Because SaaS services are always connected to the network, they always offer the most-up-to-date security resources, and because Cloud PCs can be deployed on public cloud networks in the region closest to each user, latency is a non-issue.
Comprehensive visibility: Because the OS runs in the cloud, IT can monitor usage for security and insights. Moreover, if an employee logs in with their own device, rather than a corporate-issued machine, the SaaS model keeps a clean separation between personal and corporate data, which allows for end point flexibility without sacrificing security or employee privacy.
Multicloud compatibility: Some workloads run better on some clouds than others, and this relationship is not necessarily static over time, so enterprises need the flexibility to optimize and update their Cloud PC deployments over time based on their business requirements, employee preferences, and the strengths of different providers.
Rather than simply shifting the legacy model to the cloud without any real modernization or improvement, the Cloud PC approach reimagines what a remote desktop experience is and how it should be delivered. As hybrid working conditions continue to become the norm, the enterprises that choose the more forward-looking options now will be poised for success as their workplace models continue to evolve for years to come.
Amitabh Sinha is CEO at Workspot. Amitabh has more than 20 years of experience across enterprise software, end user computing, mobile, and database software.