FDA Hacked | When Is a Database Nothing More than a Digital Filing Cabinet? (Part 2)

We start Part 2 of “When is a Database nothing more than a digital filing cabinet?” where we left off in Part 1. According to Wikipedia, “a database is an organized collection of data.”
If we truly embrace this definition of data, then we can completely redefine the issues of security, privacy, interoperability and identity. However, there are two essential words in this short definition of a database. One of them is data; the other key word is “organized.” Nowhere in the idea of organizing data is a further definition of when it must be organized. We used to organize data by carving information into wet mud that then dried into tablets. We progressed to scribes replicating information with ink on papyrus and really accelerated things when Gutenberg rethought the wine press and moveable type with the printing press. Unfortunately, for all the horsepower and capacity of our databases, our organizing principles remain paper-based. Continue Reading →

FDA Hacked | When Is a Database Nothing More than a Digital Filing Cabinet? (Part 1)

The title of this post is a well worn meme for CLOUD, but the recent hacking of the FDA’s systems forces yet another revisiting of the topic. Rather than asking lawmakers for the FDA to launch a third-party audit of its recent breach, “FDA Hacked, Drugmakers Want Proof that Proprietary Data is Safe,” PhRMA and BIO should ask that the architecture of data on the Internet itself be revisited. The current notions of a database are antiquated, and until we rethink the problem, we will have breaches like this one, the 40 million credit cards of consumers at Target and many, many others.
The simple problem is this. Current security models for databases are akin to building moats around castles, with the digital analogs of wider moats and more alligators used to increase security.  I am certain there are many definitions for a database, but I went  to trusty Wikipedia for this one. “A database is an organized collection of data.

Nowhere in this brief definition does it mention that the database has to be managed by a DBMS. Continue Reading →