Back to the Future

That statement struck me that not much has changed over the last 30 years other than the intentional or unintentional amount of risk that a company takes when providing access to information outside of the data center. For example, consider the implications and potential exposure of a lost employee laptop.

While the freedom of working from home and on the road is increasing in popularity -- so, too, has the sophistication by the "bad guys" to gain access and compromise your data or even infer from your usage. By infer, I mean the potential usefulness of knowing who is accessing what data, applications, sites, and even how often the data is being accessed. The ever-increasing dilemma is access authorization, tracking, and protection versus business needs of the organization.  

Years ago, this wasn't as big an issue. Your work was on the mainframe and access was from a dumb terminal or a terminal emulator. The inherent benefits were manifold and understated. For example, no files or even records left the data center -- only pixels and keystrokes moved between the terminal and the pipes could be encrypted. Dial-in solutions were usually coupled with "call-back" logic to make sure that the requested connector was where they said they were. The biggest hassle was the administration required to open a call-in port to restrict the access to the authorized callers. Backup and recovery was managed inside the data center and the only security risk was exposing your monitor screen to prying eyes or someone's camera.

Over the past 30 years, we went through various iterations of distributed intelligence for remote and mobile users including schlepping your piece of the data center around in your PC bag or having it sit in your office at home on your company-issued PC. We have learned about hardware and software VPNs and wish we could afford the communication accelerators to let us remotely have the same experience as we had at the office. In the last year or two, employees' use of computers and personally driven sophistication has led to BYOPC (Bring Your Own PC). This shift can reduce the cost of access devices, but puts even more stress on the already fraying fiber of security associated with viruses and exploits that were designed to steal information and login credentials or corrupt the data being exchanged.

Suddenly, we are back to looking for a terminal solution and I don't mean thin client. I am referring to a zero state and zero touch terminal. Zero state meaning that if lost or hacked, there is no information, no files and no connection information -- not even the address to get to the data center. By zero touch, I mean that it dials up to the authentication and connection service and is maintained over-the-wire or over-the-air by the connection service. The user is always using the latest terminal. This zero state, zero touch terminal could be embedded through a piece of software that runs on your PC or provided through a browser.

Sound familiar? Well, it needs encrypted data, certificate authentication, "call-back" and no administration on the data center firewall and we would be back to where we were BEFORE we opened up all the holes. A much less expensive device that can be owned by the company or the user and that has a very clean wall between business use and personal use. This sounds reasonable, especially to an old timer like me, but it is only possible assuming that appropriate infrastructure is in place. The solution needs a secure, public connection service as well as a controller at the data center that does the call-back, establishes a secure, high-speed session between the terminal and your data center service (.e.g., your desktop in the data center or locally connected to the data center).

So, "Data is always at risk. No matter if it's in the cloud, on your servers and especially on your user's laptops" can be altered to "data is always at risk. No matter if it's in the cloud or on your servers." Using a viable zero state, zero touch terminal and the supportive infrastructure eliminates the "especially on your user's laptops" and lets you focus on the security and preservation of the data on your servers in the data center or in the cloud.