It is now relatively common for employees to work on their employer's business using their own devices. Such devices can include portable devices such as laptop computers, netbook computers, tablet computers (such as the Apple® iPad®) and smartphones. However, although use of such devices can be convenient to both the employee and the employer, their use can create security vulnerabilities, since the employer is not in ultimate control of the devices and is unable to fully implement security and/or access policies.
Corporations often use applications to allow access to business critical data. Users can access these applications running directly or via Virtual Desktop Infrastructure (VDI) or Remote Desktop Services (RDS) sessions, henceforth referred to as a virtual desktop, from almost any device anywhere, provided a suitable network connection is available. This may present a problem to corporations in terms of control and security of their business information when users use virtual desktops from portable devices, since the data may be more susceptible to being compromised by technological means e.g. packet sniffing. Also, simple visual interception (known as shoulder surfing) can be a problem, whereby sensitive data can simply be observed by third parties on the screen of the user's device.
It is an aim of embodiments of the present invention to permit the application of an access policy, which takes into account a number of different conditions to allow, block or redirect access to certain resources or web pages on the basis of the evaluation of these conditions.