This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
|PC Blades Another Alternative|
By Michael S. Mimoso
Thin clients aren't the only way to alleviate desktop security concerns. The John C. Lincoln Health Network of Phoenix replaced a chunk of its traditional PCs with PC blades, an architecture similar to thin clients where local hard drives are eliminated and put on centrally managed, rack-mounted blades.
CIO Rob Israel says his users interface with traditional peripherals--keyboard, mouse, monitor--but rather than a thin client, the desktop image is accessed via a device called an iPort from vendor ClearCube. The iPort connects via a direct a cable or Ethernet to the blade, which supports four simultaneous connections (400 blades have been installed). Israel says security and management of the blades were paramount to the decision to remove traditional desktops.
"Increased security is tremendous," Israel says. "We no longer have computers sitting in the hallways getting accessed or stolen. There were no longer hard drives out there, saving stuff."
The network (two hospitals and 11 clinics) also supports home-based transcriptionists, who access and transcribe audio files via a dedicated network. With sensitive patient data potentially saved on a home computer, the iPort deployment to these remote contractors eliminated potential HIPAA compliance issues.
"Having a hard drive is a security hole, a risk," Israel says, adding the cost of the iPort deployment is more than a traditional PC upgrade, but the benefits outweigh that burden. "Anything that provides users with the response time they're used to, but takes away the potential for us to show up on the front page of The Wall Street Journal, is quite beneficial."
Michael S. Mimoso is editor of Information Security.
Not Without Resistance
"There definitely was initial pushback from a physical perspective--what the thin clients actually looked like," says Barter. He tried several tactics designed to overcome any objections to the thin clients, including building education and awareness. "Everybody knows what a PC will look like. They know what's inside of it and what it will do for you. But when you put a thin client in front of them, you get a funny look that says, 'What's this tiny box? How can it be as powerful as what I already have?'"
So Barter started slowly, and provided a few HP Compaq t5525s to a high-end user in each office.
"I asked them to give this a try and to tell me what they thought," he says. "We also improved the deal by adding new flat-panels. When they saw that, they forgot the whole PC thing." The result was certainly faster performance than the previous SSL VPN connection, and because sessions could be shadowed, Barter and his team could fix anything that broke. "They no longer had to wait for two hours," he says.
Androscoggin's IT team also objected at first to the new password rules.
"It's a cultural thing. They were so used to being able to turn around and do something for 20 minutes and then go back to work. Now that doesn't happen; you go do something else for 10 minutes and you have to sign in with your password again," he says. "They didn't like it. But they grew to understand and appreciate it. They know the HIPAA requirements. They're used to covering paper medical records. They learned that they have to treat this no differently than paper, and have the proper security in place."
This was first published in March 2007