One of my pet peeves in the SaaS industry is when vendors that make false claims about their conformance to security requirements and it was encouraging to read this article where the Federal Trade Commission took some action over false claim.
The article states that the “software vendor was lying through its teeth” about its conformance with the HIPAA (Health Insurance Portability and Accountability Act) security standards. HIPAA states that data should be encrypted with top-grade encryption algorithms like AES (Advanced Encryption Standard) and higher. The company also lost a laptop containing medical information which would be exempted from reporting a data breach incident to law authorities if the medical data was encrypted (with AES and higher).
As US-CERT learned in 2013, Henry Schein’s Gentrix G5 did not use minimal HIPAA encryption levels, despite saying so in its brochures, online website, newspaper interviews, and newsletters. The US-CERT team issued a public vulnerability note in June 2013, warning Henry Schein customers of the lack of proper encryption in its product. The warning also addressed an issue with a similar software product sold by Faircom, another software maker. According to CERT, both companies used DES (Data Encryption Standard) to secure data. DES is an outdated symmetric-key method of data encryption.
Promising to meet security regulations is easy but meeting them is tough – its like an arms race! As one method of data encryption is declared outdated/crackable and new more secure algorithms become available software vendors have to keep replacing core components to keep up.
Assessment software is a prime target for attacks as these systems contain Personal Identifiable Information (PII), valuable content and test results. Questionmark has invested heavily to “keep up” but maintaining security is a constant challenge and requires smart people and constant investments. Let’s hope that government actions help expose the fraudsters so that secure systems and appreciated by those that rely on them.
The flagship scheme for certifying UK builders has been called into question after a string of test centers were caught rigging health and safety exams. Construction workers across the UK are required to hold a CSCS card to prove skills and grasp of health and safety. But a joint BBC London/Newsnight investigation revealed widespread, organised cheating, allowing untrained builders on to dangerous sites.
With an increasing number of online e-examinations replacing traditional paper based tests, protecting exams is a growing issue. In 2012/13 over 1600 Scottish University Students were caught cheating in some form and more than 100 students a year are expelled from Universities in the UK for cheating offences.
The controversial law in Indiana just became more controversial. It turns out that not only does the gays, lesbians and transgendered community are potential victims of the new law but also pet owners, restaurateurs and farmers. Indian’s Religious Freedom Restoration Act now permits discrimination based on the pets that you own.
Based on religious writings some pets are considered ‘unworthy’ and owning such a pet is now a justifiable reason to evict someone from their home and even foreclose on their mortgage. Sen. Rubio Marco said on Foxy news "I think the fundamental issue in that some pets, especially cats, are annoying and can draw attention to the mental instability of their owners; these laws will help restore some right thinking into American life.” The Senator continued to say that “…discriminated against cat owners, as long as they are based on religious views, and is both fair and reasonable."
Recent disclosure that farmers, specifically those that raise animals such as pigs and cows, are now a protected group under the law has drawn widespread criticisms from the Jewish and Hindu communities as it does not permit them to discriminate effectively.
Wisconsin Gov. Walker Scott took a different approach, saying he needs to get ahead of the issue and is promoting a law to protect cheese eating as a religious freedom. Scott said "We don’t plan to discriminate against non-cheese eaters, however, we will if we have to.”
This photo shows parents scaling a multi-story building to help their kids cheat on an exam.
That people are apparently willing to risk a 20-foot fall to help children cheat on a test speaks to how important parents see these exams as being for a child’s future. But the blatantness of it all shows the total lack of taboo around cheating: these amateur spidermen were happy to scale the walls in broad daylight. Source Article.
This video helped me distinguish which applications need which type of data storage from rapid access required for transactional systems (e.g. real time and Assessment Management Systems), to file access (e.g. Content Management Systems), to systems for occasional access and archival purposes. The wide array of integrated data storage solutions (hybrid solutions) simplify application development, application development, data protection, archive, and helps use the most economic/secure method of storage.
As integrated storage progresses we’ll be able to reduce the complexity of applications and rely on the synchronization systems to make the right data available, at the right time, at the right speed of access whilst storing data in a safe, secure and economical way.