Page 316 -
P. 316
SeCUrity GUiDe One-Stop Shopping
PRIDE’s use of the cloud brings up another important from anywhere, and it had a very large sum of money that 315
security concern, one that exists at both the enterprise and could be electronically stolen. Hackers from around the
inter-enterprise levels: How secure is the cloud vendor? world would never stop trying to steal from Mt. Gox. Gold is
The more important the information you store, the more hard to steal because it’s so heavy. But bits are light and easy
attractive a target you become for attackers. The simplest to transport. Healthcare records, personal identities, finan-
example of this comes in the form of bitcoins. cial records, and credit card information are all in digital
In February 2014, Mt. Gox, the largest bitcoin exchange form now, too.
at the time, lost about 850,000 bitcoins valued at $460 mil- The fall of Mt. Gox should cause one to wonder about
4
lion. Mt. Gox declared bankruptcy and wouldn’t, or couldn’t, the security of cloud storage. Most of the time, we don’t
explain where all the bitcoins and cash had gone. Essentially, even know the physical location of cloud data, let alone how
bitcoins represented a large cloud-based monetary system well the data center is secured, who works there, what pro-
that was supposed to replace national currencies. It was, and cedures and policies are in place, and so on. We will return
still could be, a revolutionary idea. to this question in Chapter 10; for now, just understand that
The downside of Mt. Gox was that its very nature made this issue exists.
it a perfect target. It was centrally located and accessible
DiSCUSSion QUeStionS
1. Summarize why security risk is higher for integrated da- “Our system’s security ensures that no one can see your
tabases than for information silos. Describe a factor that clients’ data.” How do you respond?
can compensate for this increased risk. 6. Suppose the salesperson in question 5 says, “Only others
2. Using PRIDE as an example, explain how users’ incen- who are coaching the same clients as you can see your cli-
tives to protect data differ between an enterprise sys- ent data.” How can you verify the truth of this statement?
tem and an inter-enterprise system. How does the use 7. Suppose that a personal trainer at a health club uses a
of security procedures differ between the two types of trivial password, such as dog. One of that health club’s
system? members watches the personal trainer sign in, obtains
3. Suppose you are a health club owner and you are ap- that password, and later steals all of the data on the cli-
proached by a PRIDE salesperson who says, “The PRIDE ents who use that club.
database is located in an XYZ cloud facility,” where a. Who is responsible for the data theft?
XYZ is the name of a large, reputable company, such as b. How do you respond if you are the personal trainer
Amazon, Oracle, Microsoft, or IBM. You ask about data using the trivial password?
security, and the salesperson says, “You and I don’t know c. If you are the club owner, how will you likely learn
anything about their security, but it has to be better than about this theft? How do you respond when you do
the security you have on that server you’re operating in learn of it?
the closet down the hallway.” How do you respond? d. If you are a participating healthcare provider, how
4. If you were a personal trainer at a health club, explain will you likely learn about this theft? How do you
the value to you of having competitors’ data about cli- respond when you do learn of it?
ents you share. Explain the value to you of obtaining, if e. If you are a client who is using this system, whom do
you can, data about competitors’ PRIDE clients who you you hold accountable, and why?
have never trained. 8. Where was Mt. Gox physically located? Is the physical
5. Suppose you are a personal trainer at a health club and location of where your data is being stored important?
you are approached by a PRIDE salesperson who says, Why or why not?
