What’s The One Thing That Most Agree Is Right In Computer Security, But Few Actually Do It?

So, here is a question for you:

What’s The One Thing That Every Agrees Is Right In Computer Security, But Few Actually Do It?

Well, everyone knows that we should be encrypting data at its core level (or in the application layer), and not relying on tunnels or single encryption keys for our protection. In this way we can embed encryption into the actual data and then define the actual access rights (and without relying on domain/operating system rights). Few people still trust the security of user names and passwords to properly protect data, but we still blindly use it for our accesses to data.

Why can’t I give access to my daily step count to a cancer research company, but make sure that a tobacco company have no rights to it?

And, so, if Bob the patient wants to give Alice the GP access to his health record, he might provide the right encryption key to open it. But, what if Bob is not on-line for the access? Well, we typically define an access policy, and where we can define the rules for access. This access can then relate to the generation of the required encryption key. It thus doesn’t matter where the encrypted data is stored, as only the required encryption key will open-up the data.