A Blog dedicated to exploring privacy and technology

Archive for October, 2009

When Privacy Hurts

Posted by Wayne on October 30, 2009

I recently had the opportunity to participate in a Cloud Healthcare Summit sponsored by Microsoft and Capstone Partners in Boston. I generally find the networking at these events to be the best part of the event because I get to meet new people and catch up with old friends. If I also get to come way with ONE good thought or idea then I really consider myself ahead of the game. At this particular summit I learned several things that I think are going to be key to the understanding privacy as it relates to healthcare.

First and foremost the folks on the panel at this event were top-notch with amazing careers, education, and passion. Four out of the five panelists were software/solutions people who have spent decades working in the healthcare (HC)  industry trying to solve HC problems. The fifth person on the panel was the CIO from a large HC provider/hospital network (awesome to have a HC cloud customer on the panel).

The thing that resonated with me most was they all had problems with information silo’s (the customer and the providers). Systems that don’t work together and that aren’t designed to share information or that don’t provide mechanisms to even find information that is in the systems. Combined with these silo’s are what seems to be an age-old problem that has been solved for some time by larger enterprises – hardcopy information (or “trapped”) that has to be manually sorted, filed, updated and searched. Apparently HC still relies heavily on paper copies (yes nurse, I have filled out that form already 10 times – I swear).  Add to this they also are constrained by privacy issues.

WHAT? Did I just say “constrained by privacy issues“? Yes I did, and as a personal advocate for improving our privacy stance through education, technology, and regulation this may seem as a surprise to some. One of the entrepeneurs on the panel who also happened to be an MD took some time to give me a different view by explaining the artificial ceiling that regulation and policy has created with regard to patient data. From his perspective these have a three-fold impact on the HC business:

  1. Innovation is stifled – being unable to take samples of data and perform analytics on them or share information across systems.
  2. Research is slowed down – one example was being unable to take significant samples to provide statistically meaningful results has forced researchers to hoard the data they get because it is so hard to acquire and is tied to their ability to get future funding. 
  3. Medical errors are higher – consider being in an emergency situation where your records first have to be released then sent by currier or faxed or mailed via USPS. All these affect timely and responsive outcomes that impact a patients safety.

What this all boils down to is that privacy has to live by the same rule that security does – controls must be strong enough to protect while still enabling efficient and effective use. Technologies such as the cloud, bigdata, and XBRL are all technologies that will enable HC improvements but only if regulations and policies in HC change with the innovations. Regulatory efforts  such as HITECH are heading in the right direction – but as always we must find the right balance between protecting our liberties and safety as patients while improving medical science by leveraging information technology in new ways never possible before.

As always – looking forward to your comments!



Posted in Uncategorized | Leave a Comment »

Multi-tenancy: It’s not just for databases anymore

Posted by Wayne on October 16, 2009

This week I had the priviledge to participate as a moderator with some of EMC’s smartest innovators at the 3rd Annual EMC Innovation Conference. I got to ask them what their views were on multi-tenancyas it applied to the basis of their work – storage, virtualization of servers, and databases.

For the cloud – multi-tenancy is going to mean all of the above plus networks.

One of the analogies I’ve heard on multi-tenancy  floating around work for a while had to do with the notion of a motel where the rooms are temporarily occupied by a tenant. When the tenant doesn’t need the room anymore the room is cleaned out and then can be used by someone else. The motel analogy is certainly one that is a fair metaphor for server virtualization but seems to fall down with database multi-tenancy.

Database multi-tenancy tends to be a little more complex – not because it is hard to create a good “motel room” for the tenants – but because it is much harder to provide the tenants all the amenities they tend to want. By amenities we’re talking about the trade-offs in granularity, scale, performance, customization, and security/privacy. These trade-offs are tough enough to manage when they are inside your own data center but are much harder when out in the cloud world with external, unknown tenants who bring along a new set of risks for the provider and the tenant.

Network multi-tenancy has been around for years in the form of VLAN’s, NAT’s, and VPN networks which provide segementation and protection of connected tenants – or resource isolation.

Now – what happens when you mash these layers  together and make them all multi-tenant? Isn’t this an attribute of the cloud?

Yes – this is a key attribute and a requirement for much of the cloud (private or public). The design goals of multi-tenancy are pretty straightforward and should resonate with folks who have already embarked on the server virtualization journey or who :

  • Leverage technology – both the hardware and software  by creating shared resources for multiple users or uses (apps) while maintaining isolation. For the cloud this applies to all layers (net, server, etc.)
  • Improve cost structure –  improve repeatability by reducing customizations and sharing resources while maintaining resource isolation.

The challenges of building and supporting this type of architecture with regard to the cloud exposes a couple of  divergent requirements: 

  • Custom vs. Utility – How to provide a “utility” based economic model, support strong resource isolation for the tenants, while allowing “custom” and temporal workloads?
  • Siloed Tenancy – Multi-tenancy is currently silo’d to a layer of the infrastructure (e.g. DB is not related to Network multi-tenancy).

In particular I’m interested in the second one (silo’s) because I think the first one will work itself out as the market makes trade-offs and  incremental improvements. The silo issue is a bigger one – that I think we’ve seen public cloud providers Google App Engine and Amazon Web Servicessupport today (by obfuscation). With the delivery of new capabilities in the hypervisor vendors such as with VMwares VMware vCloud API and vApps which allow applications to run seamlessly across private or public cloud infrastructures – we should begin to see other layers take advantage of these kind of API’s.

One example I can see of this being a good path to go down is so that the role/identity problem that exist’s today within one layer is tough enough. Add in multi-tenancy – role management and resource access (protection) are critical to making sure a database with a shared schema protects the tenants data. Take that notion and expand it to the other layers. Now the identity needs to persists across the network, OS, and database while also allowing the identity to have multiple roles – such as group or department leader who may own managing access rights to a subset of the departments data by other. The department leader may also be a plain user of their own groups information, user of several other groups information, etc. This quickly can become complex and unmanageable (“just give me admin access!”) – so an easy to use and flexible identity management capability is just ONE of the major challenges of a true multi-tenant cloud.

What do you think?



Some urls and papers worth reading on multi-tenancy:

 Virtualization-based Techniques for Enabling Multi-tenant Management Tools

Architecture Strategies for Catching the Long TailMulti-tenant Data Architecture

 Agrawal, R., Ailamaki, A., Bernstein, P. A., Brewer, E. A., Carey, M. J., Chaudhuri, S., et al. (2009). The Claremont report on database research. Communications of the ACM, 52 (6), 56-65.


Aulbach, S., Grust, T., Jacobs, D., Kemper, A., & Rittinger, J. (2008). Multi-tenant databases for software as a service: schema-mapping techniques. 2008 ACM SIGMOD International Conference on Management of Data, Proceedings of the1195-1206.


 Aulbach, S., Jacobs, D., Kemper, A., & Seibold, M. (2009). A comparison of flexible schemas for software as a service. Conference on Management of Data, Proceedings of the 35th SIGMOD International881-888.


Candan, K. S., Li, W., Phan, T., & Zhou, M. (2009). Frontiers in information and software as services. 2009 IEEE International Conference on Data Engineering, 1761-1768.


Kaliski, B. (2008). Multi-tenant cloud computing:  from cruise liners to container ships.  In W. Mao, editor, Third Asia-Pacific Trusted Infrastructure Technologies Conference (APTC) 2008.  IEEE Press, 4.


Posted in Uncategorized | Leave a Comment »

A Question of Transparency …

Posted by Wayne on October 8, 2009

Yesterday I was on my monthly IEEE-USA CCPconference call to discuss the 4th quarters plans, papers underway, and plans for 2010.  The topics are all around communications policy which I always find fascinating. I volunteered about a year ago to be on this committee because I felt at the time that privacy/security and communications go hand-in-hand. I also wanted to learn how a group of scientists worked together to try and influence Congress, FCC, FTC, etc.

I’ve been honored to be involved with this group since then and I’ve learned so much. When I listen to them working I think things like:

  • Scientists don’t always agree! Who would have thought!
  • Agendas exist in all facets of life and work
  • Patience is a virtue
  • Wow – these are some wicked smart people
  • Some of them have clearly embraced social networking, some seem to fear it a bit.
  • All of them really care about science and this country

The last point is alway what I leave the meetings thinking about. Without fail several of the people I work with on this team really try to foster team work while also moving forward. Without that – this is hard work and since it is volunteer work you have to feel like you are working with a group of people on something important and feel your efforts are appreciated, or else why do it? This team does that for me every time and I alway enjoy the time talking, listening, and learning from them.

The topics for this meeting ranged from “new technologies for broadband access” to “FCC spectrum reform” to “VOIP” to “Privacy and Security(my favorite of course).

The security and privacy topic has been hotly debated by all – which has meant to me that it is an important issue to the team. The issue with this particular topic is that it is a “boil the ocean” topic area – especially when you add in the communications spin. So how do we resolve it? Well once again – the insights of people on the committee who have been at this a lot longer (and are smarter than me) took my executive summary for this paper and suggested two major changes:

– Make it about privacy and security “transparency” instead of safety

– Take an example from other work by picking and prioritizing the Top 10 issues to write about (instead of boiling the ocean).

Bam – that was it. I had struggled to get my arms around it for so long because it is such a broad topic and while safety is a huge issue – from a policy perspective it is hard to generate a lot of interest at this time in our history.

Transparency – If you think about the problems with technology and privacy it often boils down to an issue of transparency. Is information being gathered that you are not aware of? Will it be used in a way unknown to you? Will it be stored somewhere you didn’t intend it to?

Add to this notion of transparency with regard to National Policy and perhaps we can suggest some things when it comes to communications systems:

  • Are we clear on what the regulations are and what the ramifications are if they are not followed?
  • Do we have a good education eco-system that enables children, consumers, citizens to understand how their privacy is being affected by the entity they are engaged with (or follow-on entities)?
  • Does our system allow for innovation by fostering collaboration between our government, academia, and commercial entities?

These are important tenets that need to permeate our national policy and behaviors as we build and manage communications systems in this country. So in my next few blogs I’ll take a shot at what are some of the areas that need changees that will enable Transparency with regards to privacy and security.  Then I’ll try to begin to distill it down to my list of the Top 10 issues – we’ll see if I hit the target and it fosters some of you to comment on it.


Posted in Uncategorized | Leave a Comment »

Why Privately Exposed?

Posted by Wayne on October 3, 2009

Seems to me like privacy issues come up every day in the news whether it is good news, bad news, or just new regulations and laws about privacy – it is becoming harder to hide or be off the grid. I just googled the word privacy and got over 1 billion hits! The UK has installed over 10,000 cameras in 32 boroughs (dated 2007) and Washington DC has a penchant for the same type of privacy invasion with CCTV cameras appearing on every corner, at all public transport sites, all government buildings, etc

Add to this the fact that our lives are becoming a mere shadow of our digital existence and it quickly becomes an area that I think we should be paying close attention to. Security provides the instruments needed to protect our privacy – and privacy is information about us that we choose to share, we understand where that information is going to be seen and used, how it will be combined with other information, where it will be stored, how long it will be kept around, and have choices/consent when all this will happen with OUR information.

Add to that the “cloud computing” phenomena and now you have some really smart people scratching their heads about privacy in this new computing paradigm. What happens when information that used to be inside the chinese wall of the enterprise are now sitting in a 3rd party providers data center? Does the Patriot Act come into play in a different way than it did when the data was inside the enterprise? What about the use of 3rd parties that use 3rd parties? Do the protections flow with an “inheritance clause” or is each sub-level of agreement treated with a new service level and privacy protection level?

Like I said – the good news is some really smart people are spending a lot of time discussing  and working towards solving these issues – from government to academia to the enterprise. My hope is to help expose some of the good and bad of what is going on in the privacy domain (especially as it relates to cloud and the enterprise), put my opinion out there, show what I find in the research, and together we can come away with a new consensus on how to proceed.

Also – be warned – I’m here to learn and use what I learn in my research for my doctorate and beyond so I may want to contact you directly if you comment to find out more from you!


Posted in Uncategorized | Tagged: , , , , | Leave a Comment »

%d bloggers like this: