Thin Solutions for Data Breaches

It is no secret that data thieves are becoming increasingly devious. The recent attack on Framingham, Mass.-based TJX Cos.’ computer systems proved this. Worse, the incident reminded the industry just how far-reaching data breaches can be.

Sadly, my suspicions were further confirmed by the unbelievable story about how a group of high- tech thieves recently “shoplifted” data from four stores within the Quincy, Mass.-based Stop & Shop supermarket chain. It was then I realized that hackers are indeed raising the stakes and all chains must beef up their data-protection efforts.

Hackers reportedly broke into the grocer’s point-of-sale card payment terminals and planted high-tech bugs to steal customer information, including personal identification codes. Ironically, this incident followed a report made by community banks in New England that have identified approximately 200,000 credit- and debit-card accounts compromised in previous data breaches.

Following the incident, Stop & Shop quickly “bolted down card readers at each of the company’s 385 supermarkets in New England, New York and New Jersey…the units cannot be tampered with like before,” company spokesman Robert Keane, reported in a recent Boston Globe article.

Stop & Shop’s incident reminds the industry that critical data is being stored in unlikely places. Similarly, data breaches are not just confined to often-vulnerable data repositories.

The good news is that these seemingly unlikely data breaches will spur the growth of thin clients.

Unlike “fat” PCs or laptops that are loaded with applications or mission-critical information, thin clients are network computers sans a hard disk drive. Since a majority of data processing occurs on a server, thin clients are a viable option for retailers to manage assets and protect data from security risks.

This configuration enables retailers to push necessary information to thin-client PCs or laptops on an as-needed basis. Thus, this distributed environment lowers tampering risks.

When you consider that a typical data breach can cost a company an average of $5 million in direct costs, thin clients’ low-cost investment is also commanding retailer attention. While the cost of PCs has dropped dramatically in years past, retailers can get a basic thin-client unit for under $300. This is almost half the price of a fully loaded PC embedded with an XP operating system.

Thin-client penetration remains conservative. In fact, thin-client usage is less than 10%, noted Matthew Wrabley, executive VP, marketing and business development for King of Prussia, Pa.-based Neoware, at the recent A.G. Edwards Retailing 2007 conference. However, “Worldwide thin-client growth will expand fast as more regulations on protecting mission-critical and customer data are imposed,” he said.

The sobering truth is that more retailers are falling victims to hacking attacks. And each event shines the spotlight on just how well (or poorly) retailers are storing and securing private information.

Although thin clients are not the silver bullet to this ever-growing problem, they may solve two important issues. They are another layer to safeguard extremely sensitive information, as well as a retailer’s reputation.