On 03/19/2012 05:22 PM, Marsh Ray wrote:
On 03/19/2012 06:22 PM, Arshad Noor wrote:
* IBM's developerWorks.com. http://ibm.co/rc3dw
Regulatory compliant cloud computing security ... in a box!
Brilliant!
Our key-management comes in a box; the architecture does not.
I'll just go out on a limb here and guess that the weak link in the
system will be the Xray tech's Windows XP embedded IE6 web browser that
she's using for work email (if not Facebook) and also for setting the
cathode voltage and exposure time.
Business people are in the business of taking risks. Tolerances
vary, but that's why they get paid. Security practitioners
might like a perfect world; but the business person does not
care - they're only willing to assume the risk they believe
they can balance with their over-arching goal to make money.
If the healthcare industry truly cared about people's privacy,
they could have solved the problem a long time ago. But the
doctors in the industry have a trump card that slows adoption
of more secure environments: protecting your life.
It is my opinion that businesses will go to the Cloud - and damn
the torpedoes. (The drum-beats from AWS, Salesforce, etc. at
the HIMSS 2012 conference were deafening). The reasons for
moving to the Cloud are compelling (starting with the business
executives' bonus from the additional EPS when they get rid of
the capital & operating expenses on in-house IT equipment and
salaries).
To the extent the architecture can help address some holes
before the exodus to the Cloud begins, the RC3 architecture is
out there for the taking/improvement - no royalties required.
Arshad Noor
StrongAuth, Inc.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
