GEORGIA THIN CLIENT TECHNOLOGY ENHANCES SECURITY Thin Client Technology Enhances Security ACP > TechLINKS - The Guide to Technology in Georgia > Community Publishing > TechLINKS - The Guide to Technology in Georgia
Thin Client Technology Enhances Security

Thin Clients fit well into a general enhancement of a company's security plans because their very nature makes them very easy to secure. This article presents some of the security benefits inherent in the Thin Client model.

Security of Data

Distributed PC architectures leave data literally all over the plant. Whether it is manufacturing data, production quotas, recipes, email or even financial data, much of this information would be damaging if discovered by the wrong people. Even client/server applications rely on the client to do some of the data processing, which requires that sensitive data be sent out over a variety of networks, including wireless. Often that data remains on the client computer long past the time that it is needed for calculations.

Thin Clients only display the result of calculations made on a server, and that display is sent pixel by pixel as it is needed. Pixels that don't change are not sent. Unlike PCs, Thin Clients that are taken out of service have no chance of retaining sensitive information. And if someone steals a computer, all they get is a commodity piece of hardware.

Compliance with Security Regulations (Sarbanes-Oxley, HIPPA, etc.)

The Sarbanes-Oxley Act is designed to protect investors by improving the accuracy and reliability of corporate disclosures. The result is that now companies have to keep any document (including email) that may needed in a future investigation. If the government suspects that you deleted that old email or attachment to avoid producing incriminating correspondence, you could be in violation of the document-retention clause of SOX.

Suppose any employee makes a sexual harassment report to the Human Resources department and the EOC. Once HR hears about the problem, they need to keep every document or email that could possibly confirm a sexual discrimination bias. If users have the ability to load games, animations, or photos onto their PC (and then onto the network) these have to be accounted for as well.

Regulations like those imposed by HIPPA (the Health Insurance Portability and Privacy Act) require healthcare firms to prevent unauthorized access to electronic medical records. Large companies now have to ensure that all of their data is accounted for.

The centralization of desktop applications and data inherent in the Thin Client design make compliance possible. Additional security is provided because only screen updates and keystroke information pass between the Thin Client and server, with none of this data inadvertently stored on distributed PCs.

Without a doubt it is now irresponsible to allow remote offices or users to store corporate information on local servers or hard drives. Imagine the problems for a financial company that allows sensitive information to be stored on a contractor’s laptop when that laptop is stolen. If the contractor only had access to applications (and necessary programs) via Terminal Services the theft becomes almost a non-event.

Thin Client technology, by definition, ensures that all communications, documents and work flows originate and are stored on central servers. Once these servers have been made secure and are regularly archived, management will always have copies of every stored document and can take whatever steps are necessary to index and retain the data.

So, which makes more sense - storing corporate information on individual hard drives of PCs and servers across the country, or centralizing all corporate information in corporate data centers where it is always backed up, managed, redundant and secure?

Security of Application Software

Traditional distributed PCs require distributed software, which means that your very expensive SCADA and industrial software is installed all over the factory. Some of that software even requires the use of a hardware key, and loss of the computer (or just the key) is very difficult to overcome. Application software can also be compromised if the operator has the ability to load additional programs or in any way change the local environment.

Thin Clients completely eliminate these concerns because all application software is stored on central servers that can be easily maintained in a secured environment. Limited access assures only authorized administrators will be making system modifications, and keeps the systems free from unwanted programs and data.

Security of Business Operation

In spite of any company's best efforts, there will still be incidents that result in the loss of the operator interface station. This may not be because of intentional wrongdoing or sabotage - it may be a result of an accident or other unavoidable event. The most important thing to do when this does happen is to get the operator interface back up and running as quickly as possible.

Finding a replacement PC and reinstalling and reconfiguring software and drivers is a complex task that requires specially trained personnel and, usually, a great deal of time. A Thin Client, however, can be replaced by plugging in a new one. Not only is the software and configuration ready to go immediately, but in most cases the application will still be running and displaying the same screen.

Reduction of theft risk

A true Thin Client is not a PC. Thin Clients have no local storage, and, if it is Thin Client that boots over the network, does not even have a local operating system and will not boot without a Windows Terminal Server. There are many locations where Thin Clients have replaced laptop computers because a Thin Client is not an item that will be of any use away from the Thin Client network. Installing an interface that is non-functional outside of your plant will discourage people from taking it, even for use at other locations within your company.

Resistance to viruses

PCs that are used to display the operator interface for manufacturing processes are frequently the object of hackers. There are several reasons for this, but one of the most common is that operators have idle time alone with the computer, often very late at night and often far away from other people.

Most hacking attempts and addition of virus programs are made via the floppy drive, either by rebooting the computer or by breaking out to a DOS shell. Although companies usually try to keep their computers secure, the truth is that you could walk out on the plant floor right now and probably easily get to the DOS prompt and the "A:" drive on a number of computers.

Thin Clients have no floppy drive, or any local drive at all for that matter. This greatly reduces the number of entry points for user break-in attempts and the addition of unwanted software. IT can now focus on the much easier task of keeping the company's servers secure, which is something that they are doing an excellent job of anyway.

The addition of a virus is often unintentional; unwanted and malicious programs can attach themselves to games installed by operators, or to a floppy disk itself. Even programs that are working as they are supposed to may have an unanticipated impact on the operation of the PC.

Each day it seems that security concerns are becoming more at issue, but a Thin Client and Terminal Services system will go a long way toward providing solutions for the long term without adding an undue burden.