The last couple of days were quite interesting for me. I had the opportunity to work with a customer that I have never worked with; a government type customer. The customers I normally speak with are very large corporate customers, not government. There were many things that I take as common sense or “of course you have to do it that way” that weren’t necessarily things that were common sense in the government world and other things they took for granted that never would have occurred to me. Â
The challenges seemed to be both quite different and quite similar. They struggle with many things that big business (and even small business) struggles with and many things that we not only take for granted in big business environments but couldn’t imagine living without. Â
Overall it was quite a learning experience and I hope that I added value for them by giving a different perspective on their challenges.
I understand what you mean – I arrived new to the health-care business, and in doing security reviews of applications that vendors are offering us, I frequently ask questions that I think the vendor should be able to slam-dunk.
“Of course we authenticate using Integrated Windows Authentication… Of course we encrypt all communications… Of course we provide fully configurable audit tracing…” – or at least that’s what I expect them to say.
What I hear more often, and what scares me silly, is “None of our other customers have ever asked for that.”
I talk to my colleagues, and apparently I’m not asking questions that they don’t also ask, and this is just an indication that we are a leader in information security (hey, I sound just like a salesman) – but if we are a leader for asking these basic questions, who’s looking after your private medical information?
Speaking as a government employee, I can tell you that there’s not much common sense in government. ‘Nuff said.