Thin Clients fit well into a general enhancement of a company´s security plans because their very nature makes them very easy to secure. This article presents some of the security benefits inherent in the Thin Client model.
Distributed PC architectures leave data literally all over the plant. Whether it is manufacturing data, production quotas, recipes, email or even financial data, much of this information would be damaging if discovered by the wrong people. Even client/server applications rely on the client to do some of the data processing, which requires that sensitive data be sent out over a variety of networks, including wireless. Often that data remains on the client computer long past the time that it is needed for calculations.
Thin Clients only display the result of calculations made on a server, and that display is sent pixel by pixel as it is needed. Pixels that don´t change are not sent. Unlike PCs, Thin Clients that are taken out of service have no chance of retaining sensitive information. And if someone steals a computer, all they get is a commodity piece of hardware.
Compliance with Security Regulations
The Sarbanes-Oxley Act is designed to protect investors by improving the accuracy and reliability of corporate disclosures. The result is that now companies have to keep any document (including email) that may needed in a future investigation. If the government suspects that you deleted that old email or attachment to avoid producing incriminating correspondence, you could be in violation of the document-retention clause of SOX.
Suppose any employee makes a sexual harassment report to the Human Resources department and the EOC. Once HR hears about the problem, they need to keep every document or email that could possibly confirm a sexual discrimination bias. If users have the ability to load games, animations, or photos onto their PC (and then onto the network) these have to be accounted for as well.
Regulations like those imposed by HIPPA (the Health Insurance Portability and Privacy Act) require healthcare firms to prevent unauthorized access to electronic medical records. Large companies now have to ensure that all of their data is accounted for.
The centralization of desktop applications and data inherent in the Thin Client design make compliance possible. Additional security is provided because only screen updates and keystroke information pass between the Thin Client and server, with none of this data inadvertently stored on distributed PCs.
Without a doubt it is now irresponsible to allow remote offices or users to store corporate information on local servers or hard drives. Imagine the problems for a financial company that allows sensitive information to be stored on a contractor’s laptop when that laptop is stolen. If the contractor only had access to applications (and necessary programs) via Terminal Services the theft becomes almost a non-event.
Thin Client technology, by definition, ensures that all communications, documents and work flows originate and are stored on central servers. Once these servers have been made secure and are regularly archived, management will always have copies of every stored document and can take whatever steps are necessary to index and retain the data.
So, which makes more sense – storing corporate information on individual hard drives of PCs and servers across the country, or centralizing all corporate information in corporate data centers where it is always backed up, managed, redundant and secure?
Security of Application Software
Traditional distributed PCs require distributed software, which means that your very expensive SCADA and industrial software is installed all over the factory. Some of that software even requires the use of a hardware key, and loss of the computer (or just the key) is very difficult to overcome. Application software can also be compromised if the operator has the ability to load additional programs or in any way change the local environment.