In a reaction to the announcement from Quest to OEM the Liquidware Labs VDI assessment tooling and rebranding it as Quest VDI assessment, Lanamark, a competitor of Liquidware Labs responded to that announcement by stating that Sensitive data will be at risk when the Quest VDI assessment is used.
This statement is based on information provided in the login screen of the Quest VDI assessment, which states:
“…all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected and disclosed to…government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic and foreign…”
Besides that Lanamark puts a big question mark to the fact that after installation there is an agent sitting on every single machine under this privacy policy raising the question: “how will this fly by any company’s legal department?”
Update: Quest officially responded stating that the warning in the screenshot provided is carried over from Liquidware Labs Stratusphere. They state that the VDI assessment tool will not share assessment data with Quest or any other 3rd party and that Quest will remove the text in an updated version which can be expected very soon.
Update 2: Now Liquidware Labs has officially responded to virtualization.info: Here is their statement:
Liquidware Labs Stratusphere provides unprecedented in-depth monitoring of desktops to assess for next desktop readiness and provide ongoing user experience management.
The in-depth information that it can provide about desktop/server usage and access is also used by some customers to assist in compliance of rigid government requirements such as HIPPA, GLBA, and Sarbanes Oxley.
Any commercial product that goes as in-depth for assessment and user experience monitoring should carry a disclaimer warning about how the data is gathered. Furthermore, customers can modify the advisement notice in the product to reflect their own corporate policies.
Stratusphere also supports the option of scrubbing the USERNAME and MACHINE NAME individually with a simple command that can be used at the security officer’s request. This allows Stratusphere to provide detailed transaction information per application associated to AD/LDAP user groups
.