Moving Securely into the Cloud
Anyone can implement safe, secure access to information stored in a single database located on their local network. Until now secure, affordable on-demand sharing of sensitive information owned by many individuals stored at physically different sites and utilized by many different individual agencies has not been possible.
The barriers to sharing data from multiple sources over the internet are:
- Different database structures, database engines, and operating systems
- Loss of security when a database is opened to an internet gateway
- Loss of control over what is shared
- Loss of originator control of shared data once it has been “accessed” by others
- Cost of management and physical facilities for external duplicate data storage
- Conflicting data access policies
Keep Confidential, LLC, has created a new infrastructure with robust integrated processes that allows owner controlled on-demand access to sensitive data using the highest Level-4 security. This combination of software and hardware tools uses an external control system to rigorously define what data is to be shared, who is granted access, and as a by-product provides a complete audit record.
The focus is on: “who owns the data” rather than who runs the database; and on internal and external security protocols to achieve the highest security of Level-4 registration, authorization, and access. A fundamental principle is that secured access uses two-factor independent authorizations: internal and external.
The system accesses the data in the database where it originated – no data aggregation is used.
This means that all data maintenance is local - data updates and error corrections are made as needed by the local database operations independent of any outside access.
Companies in a supply chain can use this infrastructure to move from Just-in-Time data-push to an on-demand data-pull without compromising the security of the to-be-shared and the not-to-be-shared data of the member companies.
In healthcare, it allows patients complete access to all of their electronic data (the government has required electronic records by 2015), and gives patients control of what healthcare information is to be shared with whom. Healthcare providers can then freely access the patient’s information (within the patient specified permissions) regardless of where it is located, and in an XML format that is easily stored for documentation purposes. This approach eliminates the need for major investments in infrastructure to store duplicate or aggregated information while insuring the highest security for this sensitive and private information.
As a by-product the infrastructure allows pooled data to be used in Business Intelligence and Healthcare Research without ever releasing personal or business-specific sensitive information.