It should be simple. First task is to restrict access (using anything from passwords to fingerprint recognition to smart cards); secondly, to frustrate anyone who manages to breach the first hurdle (typically, with encryption techniques). The reality is far from simple. Let us begin by examining some of the exposures.
Biometric watchdogs - without a full set of teeth
Biometric techniques, such as fingerprint recognition or retinal scans are very much flavour of the month and they certainly do have some compelling strengths. They are highly specific and incredibly easy to use - there is nothing to remember. They are also high tech, so they must be good.
In reality, they are nothing more than a complex password. Putting aside the problems and cost of implementing the necessary hardware across the extended enterprise, including field workers such as trials monitors, not to mention CROs, there can still be an overwhelming weak link. If, in order to validate the fingerprint or scan, a record of the original is kept somewhere on the network, then that record is just as vulnerable as any other record on the system. Not only is it vulnerable to external hackers, it is also sitting on a network that is managed and probably routinely backed up by a junior in the IT department - available to be copied electronically. In fact, biometric checks are nothing more than cleverly packaged static passwords and, apart from ease of use, can be almost as vulnerable.
Encryption - a shaky Tower of Babel
The concept of encryption is not new - the Third Reich employed an (almost) perfect technique of converting information into gibberish that could be deciphered only with the appropriate key. Modern computer encryption techniques are remarkably secure, but they can suffer operational problems.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.