The Return Of The Thin (Cloud) Client

Is the arrival of the (Google) Chromebook  the arrival of a business class Thin-Client-for Cloud-Computing?

Now, the Thin-Client concept is anything but new, and thin clients are actually an endpoint-security dream for the InfoSec Manager. Application as well as OS vulnerability based attack vectors against thin clients are minimal compared to those of a “fat” endpoint.  If there is something capable of causing me problems to sleep at night,  it is the Time To Production (TTP) for security patches, the time it takes from the release of a patch to get it through the change control and staging process and implemented in production.  Now, this challenge does not vanish in thin air in a thin client environment, however, it is much easier to address, not least because of the far lower number of patches that are even remotely relevant for a thin client.

That said, the InfoSec manager still has an interest in knowing the actual and very concrete endpoint security situation, it might be also one of the metrics she/he has to report (e.g. percentage of workstations that have implemented the most up to date security patch level). In a Chromebook based business user environment this might get a bit tricky, the OS (and its one and almost only app: the browser) are apparently working in fully auto-update mode without any user intervention/notification and without any enterprise security management interface …

Still, wherever/whenever the InfoSec manager does have the opportunity to serve business needs with a thin client approach – do it!

In the case of Chromebook we deal with a Thin Client for Cloud-Services. The improvements/advantages in terms of endpoint security are enormous – so are the potentials for (operational as well as infosec management) TCO savings.

Also there should be no doubt that the manifestation of the much anticipated Google Chrome OS,  the software engine powering the Chromebook, is somehow the last warning sign: If you still have not started to look into the subject of Cloud Security issues – it is about time.