Am Mon, 15 May 2017 21:47:17 +0100 schrieb lee <l...@yagibdah.de>: > > Depending on what data is transferred, you should also take into > > account if your solution is certificated to transfer such data. E.g. > > medical data may only be transferred through properly certificated > > VPN appliances. Otherwise, you should fall back to sneakernet. I'm > > not sure how that is any more secure but that's how things are. > > Interesting, who certifies such appliances?
I really never asked... ;-) Maybe I should... > What if I, as a patient, > do not want my data transferred that way, See your words below: "nobody in Germany actually cares"... So you won't be asked because it's secure by definition (as in "certification"). ;-) The old transport was ISDN. But that is being shut down. Or did you direct your concern to sneakernet transmission? I doubt that such data would even be encrypted... Although it clearly should. > and how do I know if they > didn't make a mistake when certifying the equipment? That's German bureaucracy: It has the certificate stamp, so it's okay. The technical internals do not matter: Nobody asks for that after it's been certified. > It's not medical data, and nobody in Germany actually cares about > protecting peoples data anyway. The little that is being done towards > that is nothing but pretense. We are servicing a medical laboratory: They take this certification very seriously, so at least they care to fulfill the requirements. However, we do not control that: After the initial setup they do most configuration by themselves and we only deliver equipment now. As far as I know, they cannot even freely choose the provider on their side of the connection. And they are managing their internal network by themselves, we wouldn't be easily allowed to do that. Usually, as a IT service company, you would also sign a non-disclosure contract when working for a company handling sensitive data. But only few companies seem to know that... -- Regards, Kai Replies to list-only preferred.
