Not long ago, all that you needed to protect systems was network security. In reality, we still have little more than that. For storage, we have user permissions, group permissions and ACL, but not much more than that for Windows, Linux or any operating system that I know of, except for SELinux. Add in network communication to a large distributed file system and you get a null set.
The issues become more significant as more and more data is stored online. Think of the mandate that is coming due to online medical records. This presents huge opportunities and huge challenges.
For example, I would very much like my records to be used by researchers to gain a better understand of long-term health issues and trends. I would love an explanation for why at age 37 my cholesterol went up a huge amount and could not be controlled with diet or exercise even though I had no lifestyle changes and no other physical changes. Maybe if they had similar populations that had the same issue, they could figure out the problem. My doctor had never seen this dramatic a change.
On the other hand, I do not want nor would most want their name associated with the actual data for an anonymous researcher. But I would very much like my doctor to understand and be able to see others in the population. This type of data access is going to take a concerted effort in applications, operating systems, file systems, networks and object interfaces. The whole stack is going to require changes and work.
The problem, as I see it, is that there is no longer a standards body or set of bodies to work on the these more intrinsic and difficult issues. People just throw their hands up and say it is too hard. What is too hard is dealing with all of the groups and vendors.
Labels: network security,Storage,Standards Bodies
posted by: Henry Newman