Keith C. Perry on 26 Oct 2014 14:50:21 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Spark Core (corrected) |
Blaming the guy over there very much plays in the outsourcing context, LOL. I've mentioned to people that this economic recovery in regards to IT is going to be a bit different. I see more comfort in using consultants / outsourcing in small and medium size businesses because the economic environment is going to tighten and organic growth is going to be a must. Outsourcing is are generally more cost efficient than bringing on FTE's. Sign a contract and you instantly have access to very knowledgeable people (at least in the FOSS world). Once companies start losing money that will force a more technology neutral approach to solving issues. We're still some years out from that being the norm but its only a matter of time. We're much closer now, that's for sure. ----- Original Message ----- From: "Rich Freeman" <r-plug@thefreemanclan.net> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> Sent: Sunday, October 26, 2014 2:49:13 PM Subject: Re: [PLUG] Spark Core (corrected) On Sun, Oct 26, 2014 at 2:27 PM, Keith C. Perry <kperry@daotechnologies.com> wrote: > Good point there Rich. I would add that the health IT / medical IT space is > more conscious as well. One of things I had to do as result of HIPAA > regulations was to write security statements. > ... > I can't say I've ever been asked to verify. That's the rub. Speaking as somebody who works in the health IT industry I've seen lots of statements on RFPs asking companies to certify that their software encrypts data/etc, but rarely any real follow-up/verification. If they say it is encrypted, then it must be. Maybe somebody will look in the database and note that a field isn't human-readable, but they won't ask questions like "if I can't read it, how can the software, and what are the implications of how it does it" (hint, if you didn't have to install an HSM, that encrypted data is only as secure as the drive the key is sitting on). Companies love to have documents that say things like "your digital signature is not repudiable" without realizing what that actually means (hint, saying it or agreeing to it doesn't make it so). > > I call that "the buck stop there" syndrome :) > Getting back to your earlier email, I think this is a BIG driver for outsourcing. You can say with a straight face that you don't hire illegal aliens or commit fraud, while getting many of the cost benefits of doing those sorts of things because you hand off your work without looking too closely at those you hand it off to. Of course, you do insist that they sign a contract saying that they're completely above-board. Outsourcing overseas often is more of the same, except that even the laws are often more lax letting you get away with still more... -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Owner, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ----- Original Message ----- From: "Rich Freeman" <r-plug@thefreemanclan.net> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> Sent: Sunday, October 26, 2014 2:49:13 PM Subject: Re: [PLUG] Spark Core (corrected) On Sun, Oct 26, 2014 at 2:27 PM, Keith C. Perry <kperry@daotechnologies.com> wrote: > Good point there Rich. I would add that the health IT / medical IT space is > more conscious as well. One of things I had to do as result of HIPAA > regulations was to write security statements. > ... > I can't say I've ever been asked to verify. That's the rub. Speaking as somebody who works in the health IT industry I've seen lots of statements on RFPs asking companies to certify that their software encrypts data/etc, but rarely any real follow-up/verification. If they say it is encrypted, then it must be. Maybe somebody will look in the database and note that a field isn't human-readable, but they won't ask questions like "if I can't read it, how can the software, and what are the implications of how it does it" (hint, if you didn't have to install an HSM, that encrypted data is only as secure as the drive the key is sitting on). Companies love to have documents that say things like "your digital signature is not repudiable" without realizing what that actually means (hint, saying it or agreeing to it doesn't make it so). > > I call that "the buck stop there" syndrome :) > Getting back to your earlier email, I think this is a BIG driver for outsourcing. You can say with a straight face that you don't hire illegal aliens or commit fraud, while getting many of the cost benefits of doing those sorts of things because you hand off your work without looking too closely at those you hand it off to. Of course, you do insist that they sign a contract saying that they're completely above-board. Outsourcing overseas often is more of the same, except that even the laws are often more lax letting you get away with still more... -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug