The United States federal government is massive. According to the latest numbers from the U.S. Census Bureau, there were just over three million people on the government’s payroll in 2010 (census.gov) – Wow! As you might imagine, the government’s IT footprint is also massive, which allows hundreds of agencies to provide services to the public. Availability of government information is vital to these operations and the use of private networks (NIPRnet/SIPRnet) and public networks (Internet) has allowed this to happen. Unfortunately, the current IT environment is inherently risky; if you consider the massive amounts of sensitive data, along with the number of personnel that access this data on a day to day basis, you can begin to understand the risk problem. What change can the Federal Government implement to reduce risk? Replacing existing desktop computing devices with specialized terminals that embrace thin client technology is one change that allows this to happen.
The Federal Government has launched several initiatives over the past years to address security issues. A couple of them include the Federal Data Center Consolidation Initiative (FDCCI), which is their plan to reduce the number of underutilized data centers scattered throughout the U.S. The number of Federal data centers as of 2010 stood at just over 2000 (cio.gov). The goal of this plan, besides the obvious, is to create an agile IT environment where customized IT systems that only perform one specialized function can be phased out in place of agile IT systems. This initiative happens to align perfectly with their other strategy, the Federal Cloud Computing Strategy, where IT systems are built & deployed as services rather than in the traditional sense.
The latter initiative is an important one. Cloud computing, as most IT experts know, is really just a buzzword from a technical standpoint. Most web applications in use today can be classified as cloud computing applications as enterprise architectures t really aren’t much different from Cloud computing. However, the strategy behind Cloud computing is most certainly different and makes perfect sense for the government, which is why 20 billion dollars of the Federal Government’s estimated IT budget is being allocated for Cloud technology (cio.gov).
Most desktop resources used by Federal personnel today come in the typical form of hardware, operating systems (Windows), and applications. These are all local to the user which means their security vulnerabilities need to be addressed individually, and increases the likelihood of gaps in a system’s security posture. Exploits known as Zero-Day attacks specifically target weak code before the software vendor is even aware. For weaknesses that have been identified, security gaps may still persist in workstations and applications that are out of date on patches. This problem has forced the government to put lots of resources and time into reducing these vulnerabilities in an effort to manage risk. They have attempted to reduce these risks in various ways including conducting annual IT audits on all information systems, participating in the government’s Certification & Accreditation program, and others. Bottom line, the desktop computing devices in use today make managing risk a challenging task.
Now, how does using Terminals address the government’s IT risk problem? A solution in my view is the use of thin clients. In the early days of computing, this was essentially what Terminals were – desktop resources were delivered remotely to terminal devices and were managed centrally. In a nutshell, the less code on your computing device, the less chance of vulnerabilities being present. Bandwidth is at a point where resources, like those currently residing locally on desktop devices can all be delivered remotely, eliminating the need for local software. Indeed, not all solutions are perfect and the use of thin clients or terminals is no exception. Inherent weaknesses with this technology include single points of failure, usability, and even performance due to the increased traffic. But, the centralized management enhancement and the fact that fewer resources are required to secure desktop devices outweigh the issues just mentioned, and more importantly, begin to create the agile IT environment the government is striving for.