Permitting associates to bring their personal laptop or computer to work and use that laptop as their company computer has become popular with many corporations. In many instances, these programs allow an employee to use their personal computer in lieu of a company machine. While the program has many advantages, one of the large disadvantages of having an employee use their personal computer for work-related computing, is that employees often store sensitive company documents and application information to their generally unsecure personal computer. Memory on a personal laptop is typically unmanaged and it is difficult to enforce security policies when a user is not logged into a company network. Thus, systems and methods are needed to protect the confidentiality of corporate information on the user's computing device and enforce policies to protect the same.
In some instances, providing a secure storage repository on a client computer can be difficult. Often, those applications executing on the client to facilitate the display of remote applications do not have access to a local client's persistent storage or do not have the ability to partition the persistent storage or otherwise create a secure storage area. Although a secure storage area may be manually or automatically created on the client, and then manually or automatically locally encrypting the virtual disk, carrying out this process can require local disk creation and encryption software which may not be pre-installed. Conversely, if local encryption software is installed, it may not be up to corporate standards or requirements (e.g. the local encryption software can only perform 128-bit encryption, while the corporation requires 256-bit encryption). Additionally, local encryption software such as BitLocker, distributed by Microsoft Corporation of Redmond, Wash. as part of the Microsoft Windows line of operating systems; PGP Whole Disk Encryption, manufactured by Symantec Corporation of Mountain View, Calif.; or TrueCrypt, manufactured by the TrueCrypt Foundation of Henderson, Nev., typically encrypts an entire hard drive or volume. Thus, it may be difficult to draw a distinction between secure storage for corporate data and storage for the user's personal data (which may be secure from third parties due to whole-volume encryption, but not isolated from corporate data). Furthermore, full disk encryption doesn't provide a mechanism for centralized management and configuration for creating and distributing encrypted disks. Additionally, because the entire disk is encrypted, any backup system must be locally executed. Thus, systems and methods are needed to create, encrypt and deliver virtual disks from a centralized server to one or more clients.