28 May 2018

Thin client vs fat client – security of meeting room booking systems

Creating a flexible, affordable, power-efficient and eco-friendly IT environment is music to any organization’s ears. And thus far, Joan, the meeting room booking and scheduling system, has successfully struck all the right notes. However, there is another burning issue at stake: security. Although years of customer satisfaction have earned Joan the title reliable solution, a very legitimate concern that pops up in users’ minds is how safe is it? Let’s answer that question step by step.

By introducing any new gadget or application to your company, you’re potentially opening your cyber doors to unwanted guests. This is one of the biggest worldwide fears looming over the corporate community. It’s what is keeping many an IT department specialist up at night; not only worrying if or how someone could break in, manipulate and/or steal delicate information, but also how safe their data is in the hands of external sources. The recent Facebook fiasco, for instance, is a clear-cut example of what can go wrong. To explain how Joan is tackling this highly sensitive matter, we first have to familiarise ourselves with the available options. It might sound complex, but you’ll find the solution is in fact surprisingly simple.

Simplicity is simply superior.

Today, over 95% of all security breaches occur on one particular endpoint. In other words, on devices like computers or androids that have most of their resources (e.g. hard drives, DVD drives, software applications, etc.) stored locally. This means that data is processed on the device itself. In IT lingo, these are called fat clients.

Typically, fat client oriented architecture provides rich functionality independent of any central server. At first glance, the fact that the bulk of data processing is performed on one location without the need for continuous server communication may appear convenient, right? Absolutely. But what about the risk factor? This is where things tend not to be so rosy. Fat clients are vulnerable. The most common risks include unauthorized access and authentication bypasses, which result in information disclosure. In layman’s terms: if someone gets hold of your password, slips through the cracks of your firewall protection, or simply steals your phone or laptop, they’re in. There’s nothing you can do about it.

Joan devices, on the other hand, are different. They belong to a server-based computing environment, also known as thin clients. In order to function, these endpoints rely predominantly on external servers. This does not only give them an almost unfathomable advantage connected to battery autonomy and efficiency, it prevents any malicious activity from occurring on the device itself. Consequently, as all features, including sensitive information, are stored separately, the risk of malware attacks decreases dramatically to an almost negligible percentage, making Joan virtually impenetrable. In short, the very simplicity of its design makes it safer than anything else out there. No wonder an increasing number of respectable organizations are opting for this type of client-server architecture. But let’s dig a little deeper to see why.

You can’t snatch what isn’t there.

Thin client technology is old school. We’re talking about an ecosystem comparable to that of the mainframe model of the 1950s. Instead of using powerful workstations to run an application, all heavy lifting is done by one or more central servers. Which means that whatever appears on the screen has been optimized, compressed or altered in any other way on a server (or cloud), not on Joan. End users are therefore presented with what is commonly dubbed in the industry “dumb-terminals”.

The term may sound unflattering, but its function is very smart indeed. Essentially, the screen accepts users’ input in the form of clicks or taps (touch screen), sending commands up to the smart server with only image data being pushed back down onto the device. What you see is exactly what you get. The technology might have gone a long way since these were first introduced in the 1970s, but in principle, their main security benefit remains just as solid: if someone were to hack the line, all they would end up with is the exact same data that is already displayed on the screen.

No system is bulletproof, but for a bullet to hit, you first need a target.

Unlike other room booking systems on the market that use android tablets or iPads, which rely on fat client technology that can easily be broken into, Joan is purposely built according to the following philosophy: store as little as possible. Our devices can be configured, meaning they can either store the latest images, or they can show a disconnected sign. Nothing more, nothing less.  And that’s the main feature that gives Joan the edge over its competition.

It’s true that everyday cyber-criminals are evolving into more sophisticated culprits, which begs the question: could thin clients eventually become softer targets? No existing technology is 100% immune to attacks. So even if malware could infiltrate a network through a locally accessed web browser or other connected peripheral devices, with no important data actually residing on the device, the risk of incurring any significant damage is non-existent.

Additionally, Joan requires an internet connection, which leads to another very simple solution: no connection, no target – no target, no risk. That said, the majority of criminals will look for the path of least resistance. In our case, this would mean physically removing the device. But as no data can be copied or saved to any other location than the server, a thin client, acting as a dumb terminal, is in itself the best deterrent.

At this point, it might be a tad pretentious to describe Joan as the Fort Knox of meeting room systems, but as has been heard through the latest IT grapevine, it literally is just that.