December 21, 2007
By Paul A. Strassmann
Access to Web applications is typically the most frequent use of a personal computer. Whether this should be done by means of a "fat" computer or by the increasingly available "thin" client is a question on many enterprises' agendas.
The fat solution offers mainframe-like—as well as stand-alone–capabilities for the desktop that make it attractive from the standpoint of the individual user. The thin approach has demonstrably lower operating costs and significantly lower security risks, both of which favor a corporate point of view.
The security side of this equation is what enterprises should really take into consideration. The following are five security justifications that underscore why enterprises should adopt thin-client models.
1. Zombie Prevention
By far the greatest damage an adversary can inflict on an enterprise is capturing its PCs and turning them into zombies. A zombie is a PC infected with an application—a Trojan—that gives hackers unfettered access. Zombies linked together in a network are often referred to as a botnet, which can be used to attack other networks. All it takes to get in is an unsuspecting operator who downloads a malicious file, despite regulations prohibiting that.
One advantage of thin clients is their inability to become zombie hosts. They possess operating systems that are closed and have no disk drives. That means zombies have no place to insert malicious code, at least at the endpoint. Thin clients depend entirely on applications hosted on servers that typically have more secure computing power, defenses, operator attention and software configurations than the average fat client.
2. Theft Dodging
Stories about stolen laptops containing thousands of confidential records ending up in unauthorized hands abound. Although some enterprises have policies that require sensitive data to be encrypted on laptops, this level of protection is rarely implemented—and even if data is encrypted, users often compromise encryption applications by applying weak passwords to the cipher key. Another advantage of thin clients is they do not have disk memory, rendering a stolen thin client useless to a thief. It cannot be used except on an authorized and better-protected hosting server. The tradeoff, obviously, is thin clients lack mobility.
3. File Management
IT policy restricts sending gigantic file attachments because they clutter disk files. For instance, several versions of a 100-KB PowerPoint presentation can expand to anywhere from 20 GB to 100 GB. In a thin-client environment, an originator posts the source file on a shared server. This makes it possible to track all attachments and to store only a single archival copy as a reference.
Thin clients should be initially restricted to environments that call for well-defined functions, such as confidential communications or highly structured tasks. Thin clients may have limited use in dealing with applications that involve a lot of graphics. Within limited choices the extraction of redundant attachments should be easy.
4. Unauthorized Software
IT management is reluctant to permit users to install unauthorized software—particularly software published by unknown sources. This is more than a licensing issue; applications downloaded from Web sites often contain Trojans and other malicious code that open back doors or leak data. While it's possible to configure a fat client to prevent the installation of software, an IT department has much greater control over application installations and configuration management in a thin-client architecture.
5. Personal Use
Company-owned PCs are often used by employees for personal purposes, such as online shopping and travel planning. It's not feasible to block personal access to every conceivable Internet location. Besides, users will always find ways how to circumvent blocks put up by IT departments. In a thin-client architecture, enterprises have much greater control over the applications and Web sites users can access.
Obviously, thin clients aren't best for every enterprise or every class of user. But enterprises with large number of stationary, non-power users, thin clients may present the best option for secure, cost effective and ease of management.
Paul A. Strassmann is a former technology executive at General Foods, Kraft, Xerox, the Department of Defense and NASA. Share your experience with thin-client architectures with Baseline at editors@baselinemag.com.
Copyright (c) 2007Ziff Davis Enterprise Inc. All Rights Reserved.
http://www.baselinemag.com/print_article2/0,1217,a=222263,00.asp
By Paul A. Strassmann
Access to Web applications is typically the most frequent use of a personal computer. Whether this should be done by means of a "fat" computer or by the increasingly available "thin" client is a question on many enterprises' agendas.
The fat solution offers mainframe-like—as well as stand-alone–capabilities for the desktop that make it attractive from the standpoint of the individual user. The thin approach has demonstrably lower operating costs and significantly lower security risks, both of which favor a corporate point of view.
The security side of this equation is what enterprises should really take into consideration. The following are five security justifications that underscore why enterprises should adopt thin-client models.
1. Zombie Prevention
By far the greatest damage an adversary can inflict on an enterprise is capturing its PCs and turning them into zombies. A zombie is a PC infected with an application—a Trojan—that gives hackers unfettered access. Zombies linked together in a network are often referred to as a botnet, which can be used to attack other networks. All it takes to get in is an unsuspecting operator who downloads a malicious file, despite regulations prohibiting that.
One advantage of thin clients is their inability to become zombie hosts. They possess operating systems that are closed and have no disk drives. That means zombies have no place to insert malicious code, at least at the endpoint. Thin clients depend entirely on applications hosted on servers that typically have more secure computing power, defenses, operator attention and software configurations than the average fat client.
2. Theft Dodging
Stories about stolen laptops containing thousands of confidential records ending up in unauthorized hands abound. Although some enterprises have policies that require sensitive data to be encrypted on laptops, this level of protection is rarely implemented—and even if data is encrypted, users often compromise encryption applications by applying weak passwords to the cipher key. Another advantage of thin clients is they do not have disk memory, rendering a stolen thin client useless to a thief. It cannot be used except on an authorized and better-protected hosting server. The tradeoff, obviously, is thin clients lack mobility.
3. File Management
IT policy restricts sending gigantic file attachments because they clutter disk files. For instance, several versions of a 100-KB PowerPoint presentation can expand to anywhere from 20 GB to 100 GB. In a thin-client environment, an originator posts the source file on a shared server. This makes it possible to track all attachments and to store only a single archival copy as a reference.
Thin clients should be initially restricted to environments that call for well-defined functions, such as confidential communications or highly structured tasks. Thin clients may have limited use in dealing with applications that involve a lot of graphics. Within limited choices the extraction of redundant attachments should be easy.
4. Unauthorized Software
IT management is reluctant to permit users to install unauthorized software—particularly software published by unknown sources. This is more than a licensing issue; applications downloaded from Web sites often contain Trojans and other malicious code that open back doors or leak data. While it's possible to configure a fat client to prevent the installation of software, an IT department has much greater control over application installations and configuration management in a thin-client architecture.
5. Personal Use
Company-owned PCs are often used by employees for personal purposes, such as online shopping and travel planning. It's not feasible to block personal access to every conceivable Internet location. Besides, users will always find ways how to circumvent blocks put up by IT departments. In a thin-client architecture, enterprises have much greater control over the applications and Web sites users can access.
Obviously, thin clients aren't best for every enterprise or every class of user. But enterprises with large number of stationary, non-power users, thin clients may present the best option for secure, cost effective and ease of management.
Paul A. Strassmann is a former technology executive at General Foods, Kraft, Xerox, the Department of Defense and NASA. Share your experience with thin-client architectures with Baseline at editors@baselinemag.com.
Copyright (c) 2007Ziff Davis Enterprise Inc. All Rights Reserved.
http://www.baselinemag.com/print_article2/0,1217,a=222263,00.asp
全站熱搜
留言列表
