Think of a computer network as an apartment building. You can install the most sophisticated security systems—locks that can't be picked, keys that can't be duplicated, alarms that will sound if an intruder attempts to enter. But if your tenants prop open the front door, even the stupidest criminal won't have any trouble getting inside.

"Invited entry, whether intentional or not, is the most common cause of security problems," says network security consultant Jerry Adams. "Even the best-intentioned user can unknowingly invite a criminal into the network."

In fact, a recent poll by the Ponemon Institute revealed that 39 percent of data security breaches at the 163 companies surveyed resulted from non-malicious employee error.

The bottom line: If users can install software on their individual PCs, your network isn't as secure as it should be. Experts say that in addition to known problems caused by computer viruses and other e-mail-borne security threats, keystroke loggers, spyware, and other similar threats are becoming more common.

"Once the thieves have accessed the data they can use it to carry out identity theft and other scams, or they can attempt to blackmail the rightful owners, promising that a cash payment will ensure the safe return of the purloined data, with no nasty publicity," says Adams. "It's getting really ugly."

Health Data Defense

Healthcare organizations have a lot at stake when it comes to the security of their computer networks. The Ponemon Institute survey showed that 27 percent of data breaches involved personal information about customers. While no business wants private customer information released into the world, healthcare organizations are bound by a code of ethics as well as regulations such as the Health Insurance Portability and Accountability Act (HIPAA) to protect patient data.

One solution is to lock down desktop PCs to ensure that users can't install software without asking and require users to input complex passwords every time they log on to the network or launch an application. Add to that ongoing user education to keep employees updated on the latest security threats as well as assigning IT resources to round-the-clock network triage, including applying new software patches as they're released.

Healthcare facilities could spend a lot of time and resources doing those things. Or they could deploy Sun Ray ultra-thin client devices from Sun Microsystems.

With Sun Ray ultra-thin clients, system data is stored on a central server rather than on individual desktops. Because there is no data, operating system, or software running on the Sun Ray devices, they are immune to computer viruses and other types of hack attacks. Network resources are also protected, simplifying system administration.

As security has risen to the top of the list of priorities in many industries, including healthcare, it has become clear that thin clients offer the strongest possible desktop security.

"Thin clients were touted as low-cost replacements for desktops a few years ago," says security consultant Albert Forsenzo, who has worked with healthcare clients. "They do cost significantly less to deploy and maintain, but what we've also found is that thin clients are highly secure systems that make it much easier to ensure the health of a network and comply with privacy and data protection regulations. I honestly can't think of a single reason why a hospital would opt for a standard desktop PC rather than a Sun Ray."

"The beauty of the Sun Ray device model is that there's no local operating system, no local CPU, no local memory, and no local state," says Sun CIO and Senior Vice President Bill Vass. "So there's nothing to hack. There's no place to introduce a virus or some other exploit. Your applications, data and files, and compute resources are stored elsewhere."

Security with Mobility

Strong security isn't the only benefit offered by Sun Ray ultra-thin client devices. Part of Sun's mobility with security solution set, Sun Ray devices allow employees to move around a facility as necessary, giving them access to their data and applications from any terminal.

With Java technology-based smart cards—ID cards embedded with computer chips that store employee information—users can log on to their individual desktop from any Sun Ray device anywhere in the facility. As soon as a user removes his or her smart card from the card reader attached to the machine, the terminal goes blank and the information and applications that user had access to become inaccessible. However, that same user can insert his or her ID badge into another Sun Ray device and pick right back up—a feature known as "hot desking."

"Java Card technology is enterprise-class, yet inexpensive," says Vass. "At Sun we've launched the Java Badge program, based on Java Card technology, to unify several credential-based applications onto one centrally issued and managed platform. The Java Badge program is the key to our enterprise.

"The Java Badge links physical and cyber security like no other token. Also, unlike other tokens, it has an employee photo on the front, so it is regularly validated by other employees."

Sun customers such as the U.S. Department of Veterans Affairs and Kingston General Hospital are replacing desktop PCs with Sun Ray ultra-thin client systems, increasing security and dramatically reducing user frustration.

"With the Sun Ray hot desking solution, our doctors and nurses are able to access critical patient data at any Sun Ray within the medical center without the need to log on and off or to tediously navigate through our CPRS (Computerized Patient Record System)," says Charles T. Becker, chief financial officer at the James E. Van Zandt VA Medical Center in Altoona, Pennsylvania. "In a primary care, multi-treatment room environment this can save up to 40 minutes of time—time that we can now use to focus on caring for our patients."

Upon inserting the smart card and entering a password, doctors at VA hospitals across the country have instant access to patient files and other critical applications such as VistA, their healthcare information system. Sun Ray devices are mounted throughout VA hospitals and clinics, allowing doctors to have easy and secure access to patient records as they move throughout the facility.

"Some of our most savvy healthcare customers such as the VA hospitals are already reaping the productivity benefits of the Sun Ray ultra-thin client in a clinical setting," says Mike Haymaker, global healthcare industry manager for Sun. "The Sun Ray offers a unique approach to physician mobility while supporting strict security and privacy requirements in that no data resides on the desktop—it's all stored on the server. And, since the Sun Ray itself requires literally zero maintenance, ongoing IT support costs are significantly reduced."

Flexible, Functional Devices

VA hospitals are using the latest in thin-client technology with portable, wireless notebook-style machines from Tadpole Computer and the Sun Ray 170.

Tadpole's Comet looks like a notebook computer and has a battery life of six to eight hours. Like all Sun Ray ultra-thin clients, the Comet supports Java technology-based smart cards. It also features built-in encrypted Wi-Fi so sensitive data can be securely transmitted to and from the machines wirelessly as long as the user is within range of a wireless base station.

"When you're using wireless, you're sending information over public airwaves, the same airwaves radio signals travel over," says Adams. "If data isn't encrypted, anyone in the vicinity with a wireless connection can access the transmitted data. Encryption makes information unreadable until it arrives at its intended destination."

The Sun Ray 170 ultra-thin client combines Sun Ray functionality with a 17-inch flat panel display in an elegant design that is ideal for tight desktop spaces. Like all Sun Ray devices, the 170 offers true plug-and-play functionality: Just plug it into the network and it's ready for use. It also consumes 80 percent less power than a typical desktop PC.

"Sun Ray was designed for applications like healthcare where patient privacy and HIPAA compliance are major concerns," says Mark Johnston, CEO of Tadpole Computer. "Tadpole's encrypted wireless clients and the Sun Ray architecture are proving a big success with healthcare customers like the VA whose doctors and nurses need secure access to privileged patient data as they perform their hospital rounds. Based on current customer interest we expect to see many successful implementations of Sun Ray and Comet in the healthcare market."