Hear, Hear.
It is a lot less expemsibe to provide a software solution to
confidentiality which can be rolled out to all, than to provide a hardware
solution which has to be implemented x times - x being the bumber of sites.
When will logic prevail?
Alan
-----Original Message-----
From: Ewan Davis <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
Date: 01 May 1998 19:37
Subject: RE: Locality Communications
I find John's comments rather strange. Are we not already being asked to pay
through the nose for security on NHS (the belt braces and spare pair of
trousers approach to authentication to name but one example) and does not
the security already get in the way of the use of the network (the
attachment stripping gateway to Internet mail for example).
The security model applied to NHSNet is inappropriate seeking as it does to
provide security at the perimeter and assume all authorised user can be
trusted.
Adequate security requires simple firewall protection between the network
and end systems and message content needs to be protected via encryption.
This can probably be provided at lower cost than the current inappropriate
security measures and would allow NHSNet to provide the sort of connectivity
with the rest of healthcare community that will make it actually usable.
We can forget white paper targets until NHSnet is repositioned to recognise
the impact that the Internet has had on wide area networking. A review of
the security model is an important part of this.
----------------------------------------------------------------------------
---------------------
Ewan Davis
AAH Meditel - Voice +44 (1) 527 579414 Fax +44(1)527 837287
Email [log in to unmask] also at [log in to unmask]
-----Original Message-----
From: John Coulthard [SMTP:[log in to unmask]]
Sent: 01 May 1998 16:25
To: [log in to unmask]
Subject: RE: Locality Communications
-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]] On
Behalf Of Paul Galloway
Sent: 29 April 1998 23:33
To: [log in to unmask]
Subject: Re: Locality Communications
Go on, give us a clue to what you think the answers to your eminently
sensible questions are , then I'll argue my corner
(unless of course we agree!)
:-)
Paul Galloway
Unfortunately we agree.
The network was designed to be "open" from a systems point of view, hence
application providers can do what they want, and I am sure they will, and
charge us! If I wanted to add considerably to the cost of any system I
would try to convince the customer that they needed the latest 128 bit
encryption. The fact that they might not need it is neither here nor there
if they THINK they need it. Security, in sales, is about paranoia not
reality.
My point is that until we identify a threat that might risk patient data,
that is network specific, then we should carry on with the current safe
guards.
I am of course not just talking about NHSnet, the same is true of links to
branch surgeries and for that matter home links to the Internet.
My questions stand, can we find a threat that is real and quantifiable that
we can write a business case against it, or are we going to pay through the
nose for security and encryption that would protect the us against nothing
and get in the way of the necessary interaction with patient data.
Do people remember the Zergo Report, try reading it again, if you have a
copy, they could not find the threat and neither can I.
Regards
John
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|