Air Force eyes commercial cloud for unclassified thin client network

The Air Force said it will consider commercial cloud computing services for 1 million users of its unclassified networks as they shift from desktop computers to dumb terminals.

The Air Force Space Command, which manages the service's networks, announced early last month it was considering the move to thin or zero clients to cut operations and maintenance costs and improve security.

Desktop computers store files and applications on local hard drives while thin clients and zero clients access applications stored on remote servers. Zero clients consist of a keyboard, mouse and monitor with no local processing power, while thin clients have some built-in processing power to support rich graphics displays and multimedia applications.

In response to questions posted last week by potential vendors, the Air Force said a commercial cloud solution for its thin-client-based network "may be considered" if it can meet security requirements and provide users with the same experience they have on a desktop.

At an April 2011 hearing, Defense Department Chief Information Officer Teri Takai told the House Armed Services Subcommittee on Emerging Threats and Capabilities that "there will be instances where we [can] use commercial cloud providers . . . [if] they meet our standards."

Bernie Skoch, a retired Air Force brigadier general who has extensive security experience, said that with "appropriate protection" he could see the Air Force and the other services moving unclassified and eventually classified thin-client networks to a commercial cloud rather than hosting them internally.

Thin-client security will have to include user authentication -- handled by the Common Access Card, a computer chip-based card used to log on to military networks -- and "robust connectivity" to withstand distributed denial-of-service attacks, Skoch said.

Thin clients inherently offer more security than desktops because users cannot load their own software. The devices are easier and quicker to update than desktops, which require physical distribution of master disks. Thin or zero clients also make it easier for an individual to move from one terminal to another by saving work in the cloud, Skoch said.

Paul Mancini, marketing vice president for Devon IT, a Pennsylvania thin-client vendor, said since thin clients have no local storage they are more resistant to viruses and other forms of malware.

While a commercial cloud service could save the Air Force money, Mancini said a government cloud structure would provide more security.