Vendors Plug Thin Client as Security ElixirBy Matt Hines | Posted 2006-09-25 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
News Analysis: Marketers of thin-client technology are pushing the model as an answer to IT administrators' data security headaches.
The U.S. Commerce Department released a statement on Sept. 21 admitting that more than 1,100 of its laptop computers were either lost or stolen over the last five years, with at least 249 of those machines confirmed to have held sensitive data.
With the litany of security issues facing Windows-based desktops and laptops, and other devices with the ability to store sizeable amounts of data locally, proponents of thin-client computing say such events provide a perfect example of why their technologies are getting a closer look from many enterprises these days.
From stolen devices to sophisticated malware viruses and data protection measures mandated by regulatory compliance laws, the ever-growing list of security concerns piling up on the desks of IT administrators worldwide is demanding that companies rethink the ways they handle and store data. Coupled with the push by workers to be allowed to access corporate networks from wherever they may be located, thin-client experts say businesses are already considering a shift to using larger numbers of the devices that depend on centralized systems to store and protect critical information.
While thin-client machines, which rely primarily on back-end systems for their processing power and access to corporate data, have long been advocated by their makers as a more secure option than their Windows counterparts, the rising tide of computer security threats is driving new interest in the devices, said Henry Fieglein, chief innovation officer at San Jose, Calif.-based Wyse Technology, a maker of thin-client hardware and software.
"A lot of big-name customers and consultants are calling us because they want to have more control over the data that is sitting on laptops and desktops, data that they can't afford to lose because someone left their computer in a car or failed to download a software patch," Fieglein said. "They want to be able to allow workers to use mobile technology, and the proliferation of broadband has made it more feasible for people to rely on the network to access information."
Financial services companies in particular are exploring their options and investing in new thin-client systems, said Fieglein, who is also a former chief technology officer for industry giant Deutsche Bank. In addition to becoming a target for many emerging malware attacks, he said, companies doing business in the United States have struggled with a way to balance employee mobility with demands of the federal government's Sarbanes-Oxley Act, which imposes strict data-handling guidelines.
Another aspect to consider is the growing popularity of software-as-a-service applications, said the executive. He contends that as businesses adopt greater numbers of third-party hosted services to handle their data, most of which are accessed online, the demand to store critical data locally is being reduced.
Other industry players echoed those sentiments, saying that enterprises that have previously balked at the idea of shifting from Windows-based systems to thin clients feel that security issues are finally forcing their hand to do so.
"Security is one of the driving forces behind the growing number of enterprises who are deploying thin clients and server-based computing," said Robert Gianni, senior engineering director of Desktop Systems at Sun Microsystems, of Santa Clara, Calif. "We're seeing many customers come back after looking at thin clients a few years ago because when implemented correctly, all the data, applications, and file access can be centralized and contained in the data center where the best resources and talent can manage it."
Next Page: Analysts remain skeptical.
Despite the security benefits promised by thin clients, some industry watchers remain skeptical that enterprises are going to make major investments soon. While the computing model works well for employees such as bank tellers and customer service representatives who don't typically take laptops home from work with them, information workers such as engineers and consultants still need the ability to access business data when they can't get online, said Natalie Lambert, an analyst with Cambridge, Mass.-based Forrester Research.
"There's no doubt that thin client is a hot topic and CIOs are talking about it, but I think the pure thin-client model won't work for a lot of companies with large numbers of information workers who need access to data when they're on the road or flying in airplanes," Lambert said. "Technologies such as full disk encryption and information leakage prevention will allow companies to keep their laptops while lowering the security risks."
Lambert pointed to Microsoft's Windows BitLocker disk drive encryption technology as an example of the kind of tools already being adopted to help better protect data on desktops and laptops, along with data leakage applications made by companies including PortAuthority Technologies and Vontu. The analyst said that businesses are also exploring the use of so-called hybrid computing clients that will allow workers to store some data on their devices, but not in the same volumes as in traditional laptop file platforms.
Of all the reasons being given by CIOs for employing new security technologies, Lambert said that for many the No. 1 concern is keeping their names out of the headlines that have followed high-profile laptop and computer thefts at organizations like AIG, Fidelity Investments and the U.S. Department of Veterans Affairs.
California and a number of other U.S. states have enacted legislation that requires companies to publicly report potential data breaches, and protecting the corporate image often rivals any concern over the actual loss of the sensitive information, the analyst said.
"Public disclosure is a huge security driver, and encryption is being deployed by a lot of firms to solve this tactical issue specifically," she said.
CIOs may be calling technology vendors and industry analysts to talk about solving security headaches using thin clients, but at least one IT executive said that the potential productivity loss that could result in making such a shift remains too significant of an issue to adopt thin clients on a widespread basis.
"We have a project going on to lock down mobile devices, but we're not going to thin client. There are too many impractical aspects and people still need to be able to work offline and have the necessary resources available on their machines," said David Webb, chief information officer for Silicon Valley Bank, based in Santa Clara. "You can do a lot of things to manage data on the machine to help protect yourself; end users get mad when they can't access data, and something like full disk encryption goes a long way toward solving many problems."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.