The title of this post is a well worn meme for CLOUD, but the recent hacking of the FDA’s systems forces yet another revisiting of the topic. Rather than asking lawmakers for the FDA to launch a third-party audit of its recent breach, “FDA Hacked, Drugmakers Want Proof that Proprietary Data is Safe,” PhRMA and BIO should ask that the architecture of data on the Internet itself be revisited. The current notions of a database are antiquated, and until we rethink the problem, we will have breaches like this one, the 40 million credit cards of consumers at Target and many, many others.
The simple problem is this. Current security models for databases are akin to building moats around castles, with the digital analogs of wider moats and more alligators used to increase security. I am certain there are many definitions for a database, but I went to trusty Wikipedia for this one. “A database is an organized collection of data.”
Nowhere in this brief definition does it mention that the database has to be managed by a DBMS. Continue Reading →