In a casual conversation following an event in San Francisco, I was dumbfounded by what one security consultant said. “There are cows roaming the halls of every hospital in the country.”
“I beg your pardon,” I replied.
“Yes, there are cows roaming the halls of every hospital, and it’s a clear violation of HIPAA.”
OK, the joke’s on me, since it was the first time I heard the acronym “COWS,” which this gentleman explained to me stands for “computers on wheels.”
It’s kind of a silly acronym, but more than appropriate. The Health Insurance Portability and Accountability Act includes numerous digital security requirements, including prohibiting the use of unsecure computers—particularly notebooks—in hospital wards. The law’s intent is to prevent unauthorized persons from walking up to any workstation and accessing confidential patient information. Theft-prone notebooks present a particularly thorny problem, since they can store copious amounts of health care and insurance data.
The physical security threat to data is real. A recent study by Microsoft found that nearly 38 percent of all data breaches in the first half of 2008 were attributed to the theft of devices. An analysis by Baseline magazine of identity theft cases in 2007 found that nearly 40 percent of the incidents were a result of physical security breaches, including the theft of desktops, high-end workstations and servers.
Thin-client technology is not a new idea for tightening physical and logical security to protect data. Many security evangelists have long advocated abandoning widespread client/server architecture in favor of a more secure mainframe paradigm. In the old mainframe systems, all the software and data resided in the data center. Users accessed applications and data through dumb terminals and thin clients.
In our ultramobile age, thin clients have taken a back seat to the portability of fully functional notebook computers that are able to connect to the Internet and servers through virtually any wireless access point.
The tide may be turning in favor of a thin-client model, as the technology evolves to include notebooks and, dare we say, smartphones.
Tarkan Maner, CEO of Wyse Technology, believes thin clients’ time has come for a variety of reasons, security among them. The technology, he says, is evolving rapidly, fueled by new form factors that connect users to back-end applications and resources, virtualization technology, and, of course, reliable and consistent connectivity to the Internet and data centers. “Cloud computing, green IT and cost cutting [are] creating the perfect storm for us,” he says gleefully.
Working against conventional PCs, Maner says, is the gross total cost of ownership. In the traditional PC model, a solution provider or a vendor will sell the machine and then come back for a second bite at the apple with a full slate of client-side applications. The second wave of costs comes when the fully loaded PC is deployed; then you have the cost of supporting and maintaining those clients and paying recurring licensing fees. And, because they’re fully functional platforms, PCs—particularly notebooks—are susceptible to abuse, misuse, security compromises and theft.
“When you add everything up, you’re saving 40 percent to 50 percent of the client cost by moving to a thin-client model,” Maner says.
Hospitals and health care institutions are a prime target for Wyse and its partners. Even though HIPAA prohibits the use of any mobile computing device with a hard drive, many hospitals have no choice but continue the use of conventional desktops and notebooks. Thin clients—particularly thin-client notebooks and handheld devices—are already providing an alternative to conventional computing devices. With no client-side software or stored data, thin clients don’t have the physical security risks, and they have higher security manageability with all of the applications on servers in the data center.
Maner and his crew at Wyse believe thin clients that enable more manageable, cost-effective and secure platforms for business users could ultimately displace conventional desktops and laptops. And, as smartphones evolve to include more memory, they too could become thin clients.
Of course, mobile thin clients have their own limitations. While thin-client apps can be cached for offline work, it’s not perfected and not enabled for all applications—particularly non-Web-based apps. And keeping data secure on thin clients is great so long as you can control access, which means imposing automated log-out controls that can often annoy users.
Will thin clients bring an end to COWS? For that matter, will thin clients make conventional desktops and notebooks obsolete? Chances are that mainstream PC vendors such as Dell, Hewlett-Packard and Lenovo will keep thin clients in check for some time even as they develop their own thin-client product lines. But, if you follow Maner’s logic, thin clients may have reached the point where they could be a better choice for business-technology consumers.
Lawrence M. Walsh is vice president and group publisher of Channel Insider.