The title of this post is a well worn meme for CLOUD, but the recent hacking of the FDA’s systems forces yet another revisiting of the topic. Rather than asking lawmakers for the FDA to launch a third-party audit of its recent breach, “FDA Hacked, Drugmakers Want Proof that Proprietary Data is Safe,” PhRMA and BIO should ask that the architecture of data on the Internet itself be revisited. The current notions of a database are antiquated, and until we rethink the problem, we will have breaches like this one, the 40 million credit cards of consumers at Target and many, many others.
The simple problem is this. Current security models for databases are akin to building moats around castles, with the digital analogs of wider moats and more alligators used to increase security. I am certain there are many definitions for a database, but I went to trusty Wikipedia for this one. “A database is an organized collection of data.”
Nowhere in this brief definition does it mention that the database has to be managed by a DBMS. Unfortunately, our frame of reference for a database and a DBMS continues to be the filing cabinet and the corresponding paper-based paradigm that continues to drive our thinking in the digital age. Citing Wikipedia once again, “A database is not generally portable across different DBMS.” This quote highlights the entire problem. DBMS, originally meant to help us manage data, have instead become about managing databases. This is the fundamental flaw in the current understanding of Big Data (something addressed more extensively in this post). Yes, we may have tools like SQL, ODBC or even XML to extract and move around data from one DBMS to another, but that movement of data reflects exactly why the drugmakers are worried about their proprietary data at the FDA.
In order for the FDA to have the relevant data in their digital filing cabinets (databases) for regulatory purposes, they had to receive a copy of the data from each of the drugmakers digital filing cabinets (databases). This creates two problems. The first is basic: which is the most current piece of data? The second is at the heart of the drugmakers concerns in this specific instance, as well as Target’s customers over the holiday shopping season: I now have to worry about the size of the moat and the number of alligators around the new castle for my data. What if we return to the original definition of a database being an “organized collection of data?” That is the foundation for Part 2 of this post to be shared later this week.
(This post resulted from spotting the original article in a tweet by @KimRamkoEY, pointing to the PharmaManufacturing.com feed. CLOUD’s thanks to both.)