Next Security Elixir?

The jury is still out on whether thin clients could curtail data losses

The U.S. Commerce Department on Sept. 21 said that more than 1,100 of its laptop computers were either lost or stolen over the last five years, with at least 249 of those machines confirmed to have held sensitive data.

Could an arsenal of thin clients have prevented those mishaps? Proponents of thin-client computing say its possible, but executives arent so sure. Nevertheless, the litany of security issues facing Microsoft Windows-based desktops and laptops, as well as other devices capable of storing large amounts of sensitive data, mean thin-client technologies are getting a closer look from enterprise customers.

Although thin-client machines, which rely primarily on back-end systems for their processing power and access to corporate data, long have been advocated by their makers as a more secure option than their Windows counterparts, the rising tide of computer security threats is driving new interest in the devices, said Henry Fieglein, chief innovation officer at Wyse Technology, a maker of thin-client hardware and software in San Jose, Calif.

"Customers want to have more control over the data that is sitting on laptops and desktops—data that they cant afford to lose because someone left their computer in a car or failed to download a software patch," Fieglein said.

Financial services companies in particular are exploring their options and investing in new thin-client systems, said Fieglein, who once served as chief technology officer for Deutsche Bank. In addition to becoming a target for many emerging malware attacks, Fieglein said, companies doing business in the United States have struggled with a way to balance employee mobility with demands of the federal governments Sarbanes-Oxley Act, which imposes strict data-handling guidelines.

Another aspect to consider is the growing popularity of SAAS (software-as-a-service) applications, said Fieglein. He contends that as businesses adopt greater numbers of third-party hosted services to handle their data, most of which are accessed online, the demand to store critical data locally is being reduced.

Other industry players echo those sentiments, saying that enterprises that once balked at the idea of shifting from Windows-based systems to thin clients feel that security issues are finally forcing them to do so.

"Security is one of the driving forces behind the growing number of enterprises who are deploying thin clients and server-based computing," said Robert Gianni, senior engineering director of desktop systems at Sun Microsystems, in Santa Clara, Calif. "Were seeing many customers come back after looking at thin clients a few years."

Despite the security benefits promised by thin clients, analysts remain skeptical that enterprises will open their wallets soon. While thin clients work well for employees who dont typically take laptops home, such as bank tellers and customer service representatives, information workers, such as engineers and consultants, still need offline business data, said Natalie Lambert, an analyst with Forrester Research, in Cambridge, Mass.

"Theres no doubt that thin client is a hot topic and CIOs are talking about it, but I think the pure thin-client model wont work for a lot of companies," Lambert said. "Technologies such as full-disk encryption and information-leakage prevention will allow companies to keep their laptops while lowering the security risks."

Lambert pointed to Windows BitLocker Drive Encryption as an example of the kind of tools already being adopted to help better protect data on desktops and laptops, along with data-leakage applications made by companies including PortAuthority Technologies and Vontu. She said businesses also are exploring the use of so-called hybrid computing clients that allow workers to store some data on their devices, but not in the same volumes as in traditional laptop file platforms.

According to Lambert, CIOs cite bad press as their No. 1 concern following high-profile laptop and computer thefts at organizations such as American International Group, Fidelity Investments and the Department of Veterans Affairs.

However, bad press still may not be enough to juice thin-client sales. One technology executive said the potential productivity loss that could result from making such a shift remains too significant to adopt thin clients on a widespread basis.

"We have a project going on to lock down mobile devices, but were not going to thin client. There are too many impractical aspects, and people still need to be able to work offline and have the necessary resources available on their machines," said David Webb, CIO for Silicon Valley Bank, also based in Santa Clara. "End users get mad when they cant access data."

AA Thinner Security Footprint

Security advantages of thin-client


* Very little data stored locally

* Fewer applicable viruses

* Difficulty downloading suspicious


* Tighter policy enforcement controls

* Easier regulatory compliance management

Source: eWeek