"Despite this, most of us who work in those fields are expected
to not only know about them, but understand the security
ramifications behind them. This gets to be even more complicated
when you have to take into account that a number of the systems
that are part of HIPAA or PCI based purchases are connected to the
web.
"We can pretty much all agree that web servers, regardless of
the underlying OS, are vulnerable to attack. Further, we can also
agree that once breached, there is a gold mine of data behind these
web servers that the bad guys are just salivating to get their
hands on. What most people forget, or more correctly seem to over
look, is that the majority of data breaches in the United States in
recent memory have not been from the outside in, but from the
inside out. As architects and administrators, security specialists
and day-to-day users, it is our responsibility to ensure that the
data we use daily in our jobs is stored as securely and as safely
as possible."
