Thin-client technologies surge thanks to easier security, says Deloitte

By Ron Condon, U.K. Bureau Chief 01 Feb 2010 | SearchSecurity.co.UK

Security UK News Digg This!     StumbleUpon     Del.icio.us

Ease of security management is a major factor driving companies to adopt a thin-client computing model, according to a new report from Deloitte LLP.

The statement comes as part of the consulting giant's broad technology forecast for 2010. Another notable prediction that may affect information security professionals is that virtual desktop infrastructures (VDI) are set to challenge the PC in the enterprise. It predicted that by 2015, 10% of the world's workstations will be thin-client devices.

A thin-client computing approach centralises processing power and data storage, and replaces a user's PC with a dumb terminal that is limited to sending keyboard and mouse inputs and receiving screen inputs.

Paul Hanley, head of technology, media and telecoms security at Deloitte, said that as long as thin-client architectures are implemented properly, they can make it easier to administer security, and they can limit the risk of data leakage.

"One of the key benefits of thin-client technology is that you only have one area to administer; one set of software to keep patched and updated," Hanley said. "That can really keep costs down.

More on thin-client technologies NCC raises doubts about thin-client security

"It can also help prevent data leakage. Most thin-client technology has no local storage, so everything is stored in secure back-end storage devices. It means you can concentrate on securing one or two crucial points. You can also spend more time on rigorous testing, rather than spreading the efforts across a lot of devices."

But thin-client computing can also create new security issues. "There is a danger of putting all your eggs in one basket," he said. "You need to make sure you have sufficient bandwidth in place to eliminate latency on the systems. You must also make sure your connections are appropriately robust. If the connection is cut or broken -- and these things do happen, because roads get dug up, for example -- you need to be sure you have some other mechanism to transfer data."

The Deloitte report acknowledges that thin-client technology has been around for years without managing to dislodge PCs to any great extent, but it argues that several factors are now making it more attractive to organisations, and concerns about bandwidth and unreliable connections can be overcome.

Lower power consumption and lower cost per user terminal are both important factors in a difficult economy where companies are looking to save money. But the report states that the main direct cost savings arise from lower support and maintenance and move-related costs: "New recruits would not need a technician to build and install a PC for them, and human resources could simply handout a standard thin client as part of the employee orientation. Employees could even pick up a unit from a stationery cupboard. Technical staff would not be required to undertake moves and changes."

The report also points out that with thin-client technology, major software refreshes could be undertaken overnight, with no need to bring everyone's PC back to base. "There would be less need for technical support to fix mechanical failures, as thin-client units have no moving parts." The report continues: "The cost per software and operating system licence could also be lower in a thin-client environment. Economies could be achieved through having a central pool of virtual desktops that are shared between users but only activated when in use. If 10% of users are not using their desktops on any given day, a commensurate reduction in software costs is possible. With a thick-client environment, licences are typically paid for on a per-device basis."

Despite the proven advantages of the thin-client approach, some products may still cause security concerns. Last August, a study carried out by NCC Ltd found that several well-known thin-client products had basic security flaws that could make them vulnerable to DDoS attacks and buffer overflows. It also made the point that firmware in terminals needed to be patched and that some companies might lack the Linux skills needed to manage the devices.

Tags: Endpoint and NAC Protection,  Network Security Monitoring: Tools and Systems,  Platform and OS Security Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint and NAC Protection Considering two-factor authentication? Do cost, risk analysis Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Voice data security risks on the rise, say experts The value of booting from a VHD in Windows 7 A closer look at Internet Explorer 8 security features USB drive security best practices and processes First step in forensics: Create a bootable Windows environment CD Protecting enterprise networks from new mobile application downloads Four things to remember about server virtualization security concerns College learns lessons in choosing the right NAC appliance Network Security Monitoring: Tools and Systems Scapy tutorial: How to use Scapy to test Snort rules How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse SIEM systems streamline compliance processes, offer security benefits How to set your baseline with host integrity monitoring software Network discovery and the Simple Network Management Protocol Finding the best log management product for your organisation How to maintain network control plane security Conficker-infected machines now number 7 million, Shadowserver finds A guide to internal and external network security auditing Platform and OS Security Management Microsoft issues advisory on new IE security vulnerability Microsoft patches SMB flaws, Hyper-V problem in big update Microsoft blue screen affecting few corporate PCs Microsoft to fix 26 flaws in Windows, Office Microsoft issues critical security update, blocks IE 6 attacks How to use Windows XP Mode in Windows 7 Microsoft to patch single Windows 2000 vulnerability How to prevent memory dump attacks Microsoft gives Internet Explorer a major security overhaul Exploit code targets Internet Explorer zero-day display flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary