On 07/31/2012 09:17 PM, Mike Bydalek wrote:
> When people (*especially* internal
> Dropbox employees), start putting unencrypted NPI data out there, that
> falls in the whole, "You're doing it wrong!" bucket.
>
Here here. I would say most business fall into this in some way
however, that is the reality. User security is like cat herding.
> I agree with everything in your post except I'm not so sure about the
> "no pii data should live outside a firewall." While generally (for
> network accessed data), yes, the reality is that it is not always
> practical.
>
Indeed, well I meant more what is stored by the organization receiving
your data, provide some pretense to security within their application to
maintain under layered security. We do transmit, and trust via SSL/TLS
for this otherwise, which is somewhat flawed in the fact most systems
will still downgrade to weak crypto or backward-compatibility to keep
vermin like ie6 compat alive. Or the pki registrars sell an
intermediary to the gov to mitm your sessions anyways. :)
The fact a list of emails, of users, were stored in a "project document"
(ahem, spreadsheet) is telling of just what else occurs there as a
general corporate posture. Only with all your personal data too as raw
files.
So yeah, how was that "personal cloud" projet going by the person that
mentioned it before?
> -Mike
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)