VSJ – July 2007 – Sounding Board

Robin Jones gives some thought to recent security issues and invents the VTC. What’s a VTC? Well, read on…

Hardly a week goes by without a report of some major company’s data having been potentially compromised by the loss or theft of a notebook computer. At the time of writing, the most recent example is a laptop containing the salaries, addresses, dates of birth, National Insurance details and telephone numbers of 26 000 Marks & Spencer employees. It appears that the data were not encrypted and that the laptop was stolen while entrusted to a third party who needed it “to mail to these employees details of their pensions”. I say ‘it appears’ because I have a healthy scepticism about press reports and I’m guessing the real story is more complicated than that. But for the purposes of the argument that follows, let’s allow that something like this could happen even if it didn’t on this occasion. So far as the routine encryption of data is concerned there does seem to be a frightening casualness afflicting the industry. According to a Silicon.com survey carried out in May, 56% of firms neither physically secure nor encrypt the data on their staff’s laptops.

Silicon.com also canvassed police forces for their statistics of laptop thefts for 2006, specifically restricting their request to ‘on the road’ thefts (i.e. excluding those from office or home) so as to highlight the relative vulnerability of laptops over desktop machines. Countrywide, there was a 6% rise last year. In London, the increase was more than double that, rising from 5 735 to 6 576. If only 20% of them held confidential data, that’s around 730 embarrassed firms in London alone last year – two every day. So there’s definitely a problem.

Now, perhaps you’ll allow me to career off at an apparent tangent. Thin clients appear to be making a comeback. Several reasons occur. First, they’re inherently more secure than all-singing all-dancing PCs. Second they’re more easily manageable, since you don’t have to roll out updated applications to multiple users. Third, the appearance of Web-based applications means that, in principle anyway, those users can be anywhere they like and not even connected to your network. I experimented with Ajax Writely just before Google snapped it up and rebadged it under the Google Docs label. It performed OK but was clearly a work in progress. I certainly wouldn’t have wanted to do all my word processing on it as it stood then. Doubtless, things will improve. I can’t imagine Google sitting on its hands. So in the medium term, a laptop (see, I’m back there already) with access at least to a WiFi node can act as just another thin client.

But why stop with the applications? Plenty of companies offer Web archiving facilities that allow you to keep your data at arm’s length. So the ultimate goal of this model is to have a machine that stores nothing at all. A Very Thin Client, in fact. Now security issues are separated entirely from the machine in the user’s hands. The thief has nothing but a piece of hardware. And not much hardware at that. There’s no need for a hard disk and we don’t need a huge amount of memory. Batteries will last a lot longer as well.

The Achilles Heel in all this, you’ll have noticed, is that it depends on uninterrupted Web access. So let’s make some compromises to allow for occasional Web-inaccessibility. First, we could have the applications in local firmware. That would make them fast and virus-hardened. Of course, we can’t upgrade them easily but since most upgrades are security-driven anyway that’s not going to matter too much. Second, we could have a chunk of local flash memory into which we allow users to download the specific data they’re working on. Let’s call this the ‘flash cache’. As soon as Web contact is re-established, a utility synchronises the cache with the database. Of course, that means that the data copied to the cache must be locked from other users in the interim but nothing’s perfect. On power-down, the system default is to flush the flash cache (I’ve been waiting 700 words to say that) so long as it’s been synchronised. We might give the user an override option but, even if we do, we could arrange for it to be flushed on power-up unless a specific sequence is followed. That way, a thief doesn’t even get the limited data the user was working on.

There’s a fair amount of design to be done here but it’s more than likely offset by the lower cost laptops to be rolled out. And that’s before the costs of sweeping up the mess after a security breach are considered.  After all, in the M & S example, the company offered all the affected employees free credit checks. There’s a cool quarter of a million pounds straight away.

[Something you’d like to get off your chest? Email me (Robin Jones) at eo@iap.org.uk.]

Comments are closed.