For normal day-to-day work in the office, most people have no need to move data “outside” the office network. We can save files on shared servers or even email large files within the office environment without question. The challenge comes when we have to go outside our office. That’s when the USB key rears its ugly head. That’s when our risks go off the grid.
As much as we tell everyone not to copy the data to a USB key or some other device, it still happens. We all know why. We’re all working to a common goal, all trying to get the job done, all good people working hard. It’s just that the system won’t support us. “I have a meeting across town and the file is too big for email”, “I’m going to a conference and I’ll need access to the file while I’m away”, or simply “I’m working from home this weekend.” Whatever the reason, taking the data “off site” places it at undue risk. So how do we solve this? It’s called the Thin-Client Workstation, an old idea that is garnering a fresh look.
Now, before anyone jumps on board and says, “We tried that years ago and it failed miserably,” let’s get something straight: the world has changed dramatically since this was first implemented. Computing power, network reliability and high-speed bandwidth have now caught up to the business demands. It’s time to throw away our performance fears and get back to basics. Ultimately, considering the alternatives and the impacts of data that goes AWOL, the thin-client benefits of greater security, reliability and business continuity are hard to contest.
For those readers who don’t know what I’m talking about, the thin-client approach involves the implementation of a Virtual Desktop Infrastructure (VDI) where the Windows Desktop and applications are running on servers in the data center. In other words, for all intents and purposes, the workstation on your desktop is actually just a dumb piece of hardware.
Accessing your virtual PC means inserting a chip-enabled smart card into a local workstation, entering a user name and password and the windows desktop appears. Need to go to another location? Simply remove the smart-card and the desktop is literally on-hold. Visit another government office across the city, find a thin-client equipped office, insert the smart-card and that exact desktop complete with applications running will re-appear and you can pick up where you left off.
It’s a secure desktop with follow-me roaming – the only information moving down the wire are the keystrokes, mouse clicks and a pixel stream using a network display protocol. Furthermore, smart-card and username/password approach provides the security of two-factor authentication to meet policy compliance.
This solves three issues. First, the data can be used securely from almost any location where we can establish a network connection. Second, the data stays at rest inside the data centre because there is, generally, no need for it to leave. Lastly, if data does have to travel, it can be tracked and traced easily.
While the thin-client provides the identical user experience as the PC, data “in-use” remains secure in the back office since the workstation does not process or store data locally. The absence of a hard drive and high clocked CPU mean these units consume a fraction of the power required by a PC and the manageability benefits for IT departments are significant since the software and data assets are shifted to the data center. The user’s hardware is about as complicated as a stapler and can be managed as such. There is no need for an army of IT support staff inside every office building!
Sure, these edge devices employ USB ports but they are remotely configured to only accept specific types of USB devices that can be encrypted or otherwise restricted. For those users trusted with this capability, centralized tools monitor the data that is “in-motion” and keep a record of what was moved or copied, and by whom.
So, we have established that data at-rest, data in-motion and access/authorization are the key challenges and that the security benefits of thin-client network computing warrant serious consideration. Say good-bye to the USB threat.
In the future we’ll discuss other ways to leverage thin-client computing, securely and on tablet and smartphone devices plus a software-based version of a thin-client that offers the same security while retaining your PC infrastructure investment.