Page 315 -
P. 315

Security Guide






                        one-StoP ShoPPInG








                    In this chapter,  you’ve learned how the problems of   providers need to see a  client’s complete exercise data. This
                    information silos shown in Figure 7-5 can be eliminated by   means,  however, that  competing personal trainers  (and
                    increasing  the scope of information systems: Workgroup-  health clubs) view data on their competitors’ practices. Is this
                    induced silos can be eliminated by developing enterprise IS,   a problem? It’s likely to be perceived as a problem even if there
                    and enterprise-induced silos can be eliminated by develop-  is no real danger, and that perception could limit PRIDE sales
                    ing inter-enterprise IS. Nowhere in this discussion, however,   and use.
                    have we thought about security.                         This example underlines some of  the management
                       In fact, while removing information silos does have the   problems of inter-enterprise IS. Unlike an enterprise system,
                    advantages discussed, moving data into a single, central-  where everyone works for the same employer and, except for
                    ized facility creates a  potential security  problem. Namely,   inter-departmental rivalry, has the same incentive to protect
                    fraudsters can find all the data they want in one convenient   data, an inter-enterprise system can connect competitors
                      location. It’s one-stop shopping. So, data integration can   with different incentives and agendas.  This fact not only
                    make organizations more vulnerable.                   increases security risk, it takes away one of the major ways
                       On  the other  hand, centralizing data in one  location   of dealing with security flaws: procedures. In an enterprise
                      enables the organization to focus security measures on a single   system, it’s  possible for  the organization  to set up manual
                    resource. The IS support staff need not manage security over   procedures that compensate for security weaknesses in pro-
                    several, possibly many, distributed databases, but rather can   grams or data controls. However, in an inter-enterprise sys-
                    focus security management on a single database. So, assum-  tem, if system users compete, they may have an incentive not
                    ing appropriate security management, the two factors coun-  to follow the compensating procedures.
                    terbalance one another: Risk of
                    loss is higher, but security against
                    such loss can be focused and ulti-
                    mately result in less actual risk.
                       Consider  how  a  large-scale
                    integrated IS like  the PRIDE sys-
                    tem discussed at the start of this
                    chapter can create unique secu-
                    rity  concerns.  To  start,  for  the
                    purpose of this guide, let’s assume
                    that client privacy is appropriately
                    protected. Clients only share  the
                    data with each of the PRIDE en-
                    tities (employers,  health clubs,
                    equipment manufacturers, insur-
                    ance companies, and  healthcare
                    providers) that they want to.
                       Even  with  that  assumption,
                    however, there are significant pri-
                    vacy and security issues. Clients,
                    personal trainers, and healthcare
                                                                                     Sources: © zentilia/Shutterstock and © andreiorlov/Fotolia
                314
   310   311   312   313   314   315   316   317   318   319   320