Eric Vanderburg


Information Security Green

Historically, ecological concerns have been significant drivers for change.  Topics ranging from global warming to protecting various species carry a strong emotional appeal, thus, motivating business and personal change with the ultimate goal of protecting the environment.  These environmental initiatives have been termed “green initiatives” and they impact IT in the form of “green computing.”  The popularity of the green computing initiatives stems not only from environmental concerns but also from a financial concern. A primary goal of many green computing initiatives is to reduce power consumption as this has a direct impact on the bottom line.

This article addresses three green computing initiatives and identifies information security action items associated with each initiative. Information security is a concern when programs such as these are implemented.   These initiatives are important because information security is easier to sell if it’s green.


Green computing is not necessarily new.  In the early 1990’s, the Environmental Protection Agency (EPA) and the Department of Energy created the Energy Star program that defined, among other things, efficiency requirements for computers.  Restrictions have also been placed on how computing equipment, such as monitors and uninterruptable power supplies, can be disposed of.

Recently, a great deal of government spending has been focused on green initiatives.  In 2009, the American Recovery and Reinvestment Act (AARA) provided $70 billion towards green initiatives including developing more efficient energy use for equipment and software and creating more effective IT cooling solutions. $47 million of that money was allocated to the datacenter energy consumption and efficiency programs.

You might be thinking, “the environment is great and all but my company doesn’t really care about that.”  It is of little consequence if your company is concerned with the environment or not because it has been proven that green computing saves money.  Power is expensive and these costs continue to rise, thus, making green computing an easy sell.

Is it Green?

Software Efficiency and Green Computing

Software efficiency is important to green computing because as equipment consumes less power, machines can be configured to go into a power saving mode resulting in less power being required to perform the same operations.  This initiative saves fossil fuels through the conservation of energy.

Information security practitioners are also concerned with software efficiency because the possible outcome of combining resources provides hackers with fewer options for malicious use. Advocates of consolidation and reduction efforts can claim that these are not only information security initiatives but also green initiatives.

Virtualization and Green Computing

Virtualization, in computing, is the creation of a virtual (rather than actual) version of a device, such as a hardware platform, operating system, a storage device or network resources which makes it possible to consolidate many machines onto fewer platforms.   This is especially advantageous when legacy systems can be consolidated onto newer hardware platforms.  Legacy systems often do not incorporate the latest advances in power technology and thus, are less efficient to maintain.  If these systems are virtualized, fossil fuels can be saved through more efficient power management on the newer hardware.

For information security practitioners, virtualization brings an array of advantages and disadvantages.  It can be a great option for improving security, especially availability and business continuity.  However, unless information security personnel are involved in the process and proper controls are tailored to the virtual environment, it may create more security risks than benefits.

Terminal Based Computing (Thin Computing) and Green Computing

Terminal based computing is another technology that can reduce the amount of energy consumed by workstations.  Because most of the processing power is consumed on the server side where the terminal sessions are managed, the workstations can be very basic machines that require little power to operate.

Terminal based computing provides advantages to the security architecture of a company because more control can be applied over the actions taken on the terminal based environment than in decentralized client server models.  The disadvantage to information security is that the terminal environment can introduce a centralized point of attack and point of failure for an environment. Thus, additional controls  may be needed to ensure availability of the terminal servers and confidentiality and integrity of the information contained on such systems.


This article looked at software efficiency,  virtualization and terminal based computing to emphasize their inherent  green computing advantage, allowing information security professionals to present the additional value of these initiatives to decision makers.  These options are not just a safe choice; they are a green choice too.