I'm doing my best to go through my VMworld notes and post on a few of the more interesting demonstrations seen there. While walking the trade show floor at VMworld, I saw an interesting presentation of how a type 1 hypervisor combined with isolated Windows virtual machine could add up to a way to create a secure environment even through the remote staff member is operating in an environment that offers little to no security (such as a coffee house or airport lounge WiFi network) or on a machine that is not secure (such as a kiosk.)
Here's what the Neocleus product literature says
The Problem: Securing access to corporate resources from outside the corporate perimeter is a major headache for IT. Worries about data leakage, adherence to corporate computing compliance policies and the impact Internet services have on business continuity are a few challenges facing IT when providing remote access solutions.
The Solution: Neocleus leverages client-hosted, type 1 virtualization (also referred to as endpoint virtualization) to fundamentally change the way organizations secure the enterprise. With Neocleus multiple instances of isolated Windows environments run concurrently on a single device and work as secure “containers” of functionality safe from attack. Neocleus supports RDP ICA application and Web interfaces with the option to run other Windows-based applications. Applications and services maintain complete access to all the capabilities offered by the underlying hardware, while user experience and application performance are not compromised. Innovative approaches to authentication and configuration management provide IT with a secure remote access solution that is predictable and easy to control
Neocleus delivers secure access to corporate resources.
The Result: Neocleus is the best possible solution for protecting access to company resources inside and outside the corporate perimeter.
Although there are many ways to create a secure environment, Neocleus appears to have developed something interesting and new. They've found a way to "slip" a type 1 hypervisor underneath an established operating system so that security can be enforced at a new level, one that is outside of the operating system itself. This approach also means that a secure container that encapsulates corporate applications and data can either be accessed remotely from a system whose security is in question or delivered down to that system.
Although I'm rather skeptical of add-on approaches to security rather than "baked in" models, this approach appears to address most, if not all, of the draw-backs of other methods.
If you've not had the opportunity to see their demo, it's pretty impressive.