mlryan blog
My thoughts on the IT industry.
Monday 23 July 2007, 12:05 PM
Trusting a supplier with your confidential data
During the Postini takeover discussion, a lot of the community members do not seem to trust a supplier to keep secure their confidential data. For example using a hosted email service would fail the test since confidential business communications are sent using such a service.
I wonder what proportion of businesses routinely require all external email to be sent only via encrypted emails? Not many - due to a lack of standard technologies.
I also wonder how many hosted application providers commit to storing only encrypted data. Is it beyond the realm of possibility for a supplier to only allow encrypted communications between the customer and their infrastructure. HTTPS is a reasonably robust and secure mechanism for the transmission of data. But if suppliers were to add to that encryption of all data *stored* in their data centre, then where is the issue? The data stored can only be accessed by the customer because only they can transmit the keys that are used to decrypt it, manipulate it and re-encrypt it ready for transmission back to the customer.
The confidential data stored by the supplier is only ever held in plain text format in the memory of applications which are acting on it. These applications can only do that when the customer is explicitly connected and has authenticated and provided the keys that allow the data to be decrypted for processing.
Therefore, no amount of stealing of laptops, servers, backup tapes, etc, from the supplier, or of hacking in to their data centre, etc, will give you access to the confidential data they are storing on behalf of their customers.
What am I missing?
I wonder what proportion of businesses routinely require all external email to be sent only via encrypted emails? Not many - due to a lack of standard technologies.
I also wonder how many hosted application providers commit to storing only encrypted data. Is it beyond the realm of possibility for a supplier to only allow encrypted communications between the customer and their infrastructure. HTTPS is a reasonably robust and secure mechanism for the transmission of data. But if suppliers were to add to that encryption of all data *stored* in their data centre, then where is the issue? The data stored can only be accessed by the customer because only they can transmit the keys that are used to decrypt it, manipulate it and re-encrypt it ready for transmission back to the customer.
The confidential data stored by the supplier is only ever held in plain text format in the memory of applications which are acting on it. These applications can only do that when the customer is explicitly connected and has authenticated and provided the keys that allow the data to be decrypted for processing.
Therefore, no amount of stealing of laptops, servers, backup tapes, etc, from the supplier, or of hacking in to their data centre, etc, will give you access to the confidential data they are storing on behalf of their customers.
What am I missing?
Monday 16 July 2007, 11:29 AM
Tiny click targets
Are you generally fit and healthy with limbs that respond accurately to your mind's wishes?
Lucky you. Not everyone does.
And if you do have hands that shake or reduced mobility in your arms and fingers, it can be a great pain (sometimes literally) to use some software and websites.
Accurately positioning a mouse over a very small target on the screen and holding it steady while you click can be a difficult task. And one that would be immeasurably easier if the target was just a bit bigger.
Take the links at the top of the ZDNet.co.uk page. The banner ad is big, easy to click on. The top level of navigation (home, news, opinion, etc) are smaller but well-sized. The second level under that (forums, people, etc) is I think borderline. Anything smaller than that (such as the excruciatingly small RSS button) and a visitor could well be struggling.
Anyone got some examples of websites or software that demands precision mouse movements worthy of a neuro surgeon?
Lucky you. Not everyone does.
And if you do have hands that shake or reduced mobility in your arms and fingers, it can be a great pain (sometimes literally) to use some software and websites.
Accurately positioning a mouse over a very small target on the screen and holding it steady while you click can be a difficult task. And one that would be immeasurably easier if the target was just a bit bigger.
Take the links at the top of the ZDNet.co.uk page. The banner ad is big, easy to click on. The top level of navigation (home, news, opinion, etc) are smaller but well-sized. The second level under that (forums, people, etc) is I think borderline. Anything smaller than that (such as the excruciatingly small RSS button) and a visitor could well be struggling.
Anyone got some examples of websites or software that demands precision mouse movements worthy of a neuro surgeon?
