Data Protection and Integity

Traditionally, data integity and confidentiality have only played a subordinated role in software development. The focus was always on features and convenience. Worse, this general attitude is still prevalent. A critical point is that software companies earn money selling 'solutions' for security problems they created.

As a result, we have applications normally saving content neither encrypted nor signed. Without hurtles, files are being loaded into applications just because of their file suffix. There are many such obvious security risks build into applications.

Despite all the talk about IT-security, the issue is usually only tackled after some incident. Apart from sloppy programming and reckless implementation of dangerous features, the main security risk are the people using IT-resources. It requires clear and coherent directives and consistent observance by the superiors to implement data protection measures and establish confidential communication.

There are some simple rules