While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Information needs to move easily, cheaply and securely. To fill those requirements,
many federal agencies are taking a close look at mobile thin clients: portable
devices with minimal storage and processing power that deliver networked applications
and data via a wireless connection. These clients can go virtually anywhere
and run tasks that full-powered notebook systems can, but they’re less
expensive and more secure.
Yet, mobile thin clients remain a fairly well-kept secret, accounting for less
than 4 percent of all thin devices expected to sell worldwide in 2010, says
Bob O’Donnell, vice president for clients and displays for IDC. In part,
that’s because many organizations run thin-client software on existing
hardware such as full-fledged notebooks, which aren't included in these thin-client
The National Wildfire Coordinating Group (NWCG) — an umbrella organization
that includes the Agriculture Department, Bureau of Land Management, Forest
Service and other federal land management agencies — takes mobile computing
literally. As part of its Mobile Incident Management Information Technology
(MIMIT) pilot, NWCG developed networks on wheels inside trailers that can be
hauled to the sites of forest fires and other natural disasters.
Andy Jones, an IT program manager at the Forest Service, says each trailer
contains a high-powered Windows server, 20 HP thin clients, notebooks and all
necessary switches, routers and other networking equipment. MIMIT teams create
their own wireless networks using multiple access points, which the thin clients
use to communicate with the server inside the trailer. That server can connect
to the Internet via any available connection, whether it’s a commercial
T1 Ethernet line from a nearby facility, or other service such as a 3G wireless
hookup or satellite.
One major advantage of using thin clients is ease of use. With notebooks, users
had to first log on to the computer, then log in a second time to access a virtual
session — a process many found confusing. Using Windows Server 2008’s
Hyper-V technology, users can log in once to a virtual XP session and access
all their Microsoft Office and database applications.
The second advantage to thin clients is that they are more secure than notebooks.
“Data security is huge,” Jones says. “When you download data
to a device, you don’t really know what happens to it after that. It’s
really easy for people to walk up and steal a notebook with all your data sitting
on it. When you’re using thin clients, all of that data is on the server,
never on the client itself.”
Jones says NWCG is evaluating the results of its pilot while conducting additional
studies during this year’s fire season. The group hopes to expand to other
areas besides incident management.
The Veterans Affairs Department, in contrast, wants to deploy thin clients
for more traditional mobile users — agency executives and traveling caregivers.
About 15 to 20 percent of the VA’s 300,000 desktops run thin clients,
says Jeff Lush, executive chief technology officer for enterprise infrastructure
engineering in VA’s Office of Information and Technology.
Right now, VA has only just begun its three-phase program. In phase three,
the agency plans to turn its 15,000 notebooks into thin clients so department
officials can take their desktop images on the road. VA will probably use VMware’s
VDI software to replicate the desktops, though the plan could change by the
time VA reaches this phase.
“The key to success is to make the environments seamless, so everything
is the same for users no matter what machine they’re using,” says
Lush. “The business objective is to enable them to operate exactly as
they would in an office while they’re sitting on an airplane or working
remotely at hospitals and clinics.”
There is one important difference in the VA’s configuration: Instead
of receiving images of their operating system and applications from a network
server, the VA’s notebook users will boot up the thin-client software
from an encrypted partition on the notebook’s hard drive. Any changes
users make are synced when they reconnect their notebooks to the VA network.
End users won’t notice any difference, though this configuration does
negate one of the advantages of thin clients because data is still stored locally.
Lush says VA will simply encrypt the local data, the way they encrypt files
on all notebooks now.
The percentage of organizations that have not established security standards for handheld or portable devices
Source: Proofpoint Report, Outbound Email and Data Loss Prevention
in Today's Enterprise, 2009; survey of 220 e-mail decision-makers at U.S.
organizations with more than 1,000 employees
Eventually, as broadband becomes more ubiquitous, traveling VA officials may
be able to log on directly to department networks via thin clients. But that's
not the case today, says Lush, and won’t be for quite some time.
A mobile thin client is ideal for an environment in which users move from building
to building and have good connectivity, says O’Donnell. Beyond that, he
says, “if there’s no guarantee of strong wireless bandwidth or a
reliable 3G connection, mobile thin clients become more problematic.”
Still, as fourth-generation networks come online and cloud computing becomes
ubiquitous, such bandwidth issues will likely become less prevalent.
“In general, people are moving toward what I call ‘portable digital
identity,’ where their ability to function isn’t dependent on a
particular hardware device because all their stuff lives in the cloud, enabled
by software like Citrix or VMware,” says O'Donnell. “At that point,
it doesn’t matter whether you use a thin client, a PC or something like
an iPad to access it.”