http://it.slashdot.org/article.pl?sid=07/12/14/1353230
These alternatives offer the prospect of software that is in theory more stable (i.e. fewer upgrades and some argue more resilient to attack) and less costly (certainly for licenses) that can also be adapted to suit specific needs because the software itself is available to be changed. Time will tell whether this approach delivers the desired service at the right cost compared to commercial alternatives. Even if it fails to meet expectations the immediate prospects for commercial organisations used to selling proprietary software into these markets are now not so good. However they are fighting back:
http://www.pcworld.com/businesscenter/article/141695/microsoft_tailors_apps_for_local_governments.html
Any commercial software has to be:
- Not something local government currently has
- Is something local government needs
- Is not something local government can obtain as an open-source package
One of the pitches for this software is to "...create and manage citizen information databases that can be shared among different agencies...". Irrespective of whether a need exists (there will no doubt be a small army of sales people ready to argue it is), and irrespective of whether local government has the spare money to throw at new software applications (given the prospects for the global economy over the next few months and years), it is security that ought to force local governments to at least pause for serious thought before embarking on more projects to create yet another raft of databases full of sensitive information.
Each and every European citizen is likely subject to some form of electronic cataloguing and there’s no going back. They might be harder to walk out the door with but paper cards and filing cabinets are not going to be making a comeback any time soon. The focus must be on improving what is out there now because it needs to be improved, and can be improved.
Recent cases demonstrate that control over personal information held on databases is far from watertight. Personal information these days has a value on the open market and organisations in all their forms have proven themselves unable to offer much confidence that their technology and their operational management of it comes with much in the way of guarantee regards its security. There seems to be little progress on the issue either, in fact it seems to be going in reverse given the numbers of cases that are coming to light.
It looks unlikely that left to their own devices and the current data protection act, any organisation is going to lift their game to the required level. It should therefore fall to governments to put in place the right framework to force this issue to be addressed. By all accounts these issues can be addressed – for example tighter policies and procedures, regular inspections, and a more circumspect attitude to where copies of data are kept. The right incentive is required in the form of a significant financial penalty. It should not be difficult to devise a figure that would leave all parties in no doubt they have no option but to sort their acts out.
Whether open-source brings anything different to the security equation is arguably un-tested as yet. Though experience suggests that whatever technology is in use, the weakest link in the chain is always the persons that operate it.
Regards,
treboona@googlemail.com
http://www.treboona.co.uk/
No comments:
Post a Comment