recommended reading

Air Force eyes commercial cloud for unclassified thin client network

The Air Force said it will consider commercial cloud computing services for 1 million users of its unclassified networks as they shift from desktop computers to dumb terminals.

The Air Force Space Command, which manages the service's networks, announced early last month it was considering the move to thin or zero clients to cut operations and maintenance costs and improve security.

Desktop computers store files and applications on local hard drives while thin clients and zero clients access applications stored on remote servers. Zero clients consist of a keyboard, mouse and monitor with no local processing power, while thin clients have some built-in processing power to support rich graphics displays and multimedia applications.

In response to questions posted last week by potential vendors, the Air Force said a commercial cloud solution for its thin-client-based network "may be considered" if it can meet security requirements and provide users with the same experience they have on a desktop.

At an April 2011 hearing, Defense Department Chief Information Officer Teri Takai told the House Armed Services Subcommittee on Emerging Threats and Capabilities that "there will be instances where we [can] use commercial cloud providers . . . [if] they meet our standards."

Bernie Skoch, a retired Air Force brigadier general who has extensive security experience, said that with "appropriate protection" he could see the Air Force and the other services moving unclassified and eventually classified thin-client networks to a commercial cloud rather than hosting them internally.

Thin-client security will have to include user authentication -- handled by the Common Access Card, a computer chip-based card used to log on to military networks -- and "robust connectivity" to withstand distributed denial-of-service attacks, Skoch said.

Thin clients inherently offer more security than desktops because users cannot load their own software. The devices are easier and quicker to update than desktops, which require physical distribution of master disks. Thin or zero clients also make it easier for an individual to move from one terminal to another by saving work in the cloud, Skoch said.

Paul Mancini, marketing vice president for Devon IT, a Pennsylvania thin-client vendor, said since thin clients have no local storage they are more resistant to viruses and other forms of malware.

While a commercial cloud service could save the Air Force money, Mancini said a government cloud structure would provide more security.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.