You don't need to search by name? As I understand the law, (which may be very incorrect) First and Last name, or other identifying information is what makes a record sensitive, under the law.
That is incorrect. Name combined with any number of those other pieces of information is what makes the record sensitive. The pieces by themselves is not considered sensitive.
Also, searching by TIN, is very useful when finding accounts.
What's wrong with name, address, phone number, account number, invoice number, PO number, support record number or the like?
If they have none of those, you really have no business pulling up the account for them. If they do have them, you don't need the index on the sensitive information.
Simple solution. Encrypt the sensitive information before storing it in the database. Leave all of the other information unencrypted. You don't need to search by the sensitive fields anyway, so the inability to index them doesn't matter.
Use filesystem/os level support for locking down the key on the system that needs to be able to decrypt it so that only the account/application authorized to access it can. That limits the vulnerabilities a single system. Even once on that system it is limited to "root" and the actual application.
Now you may safely let any number of insecure systems query your database. You can use trivial database backup schemes with no additional encryption. You don't need to worry about the physical security of those backups. Since you only need to backup the key when you first generate it, there is never any danger of the key and backup data being lost together in transit.
There is no speed penalty anywhere in the system except the sensitive parts.
Companies outsource the entry level positions and only direct hire senior level positions.
The problem is that without the junior level positions, you'll not increase the number of senior level workers. As technology changes, new senior level positions are created and the existing senior level people move to it. So now you have the same senior level people filling both the old jobs and the new jobs but no new senior level people being created.
No company wants to do the training, because it costs them a lot of money. They don't even save money when the employee is more experienced since they have to give them significant raises to keep them from going elsewhere. Every company thinks they can save on training by hiring away these people, but since nobody is willing to train them in the first place, they just don't exist.
Lack of qualified workers? That just means that the company is trying to skimp on training.
Another thing to consider is how horribly expensive fossil fuels would be if they had to trap 100% of their pollution. They complain now about how expensive it is to add scrubbers to smokestacks.
And before you complain that radiation is far more dangerous than carbon dioxide, keep in mind that the majority of power in the US is produced from coal power plants. Each coal plant gives off far more radiation than does a fission plant.
The key radioactive substances in the pollution from coal plants are isotopes of uranium and thorium. Both of which can be used as fuels in the very same reactors which are too dangerous to operate. Uranium, obviously, is the fuel in the Toshiba reactor. Thorium is used in breeder reactors like in the radioactive boy scout story from about 4 months ago.
The drag on the adoption of fission over coal isn't about safety, nor is it about the cost to dispose of the hazardous substances. It's about coal plants getting away with far more than a fission reactor is allowed. If we held all power plants to the same standards, there would be far more fission plants today.
Slashdot Mirror
You don't need to search by name? As I understand the law, (which may be very incorrect) First and Last name, or other identifying information is what makes a record sensitive, under the law.
That is incorrect. Name combined with any number of those other pieces of information is what makes the record sensitive. The pieces by themselves is not considered sensitive.
Also, searching by TIN, is very useful when finding accounts.
What's wrong with name, address, phone number, account number, invoice number, PO number, support record number or the like?
If they have none of those, you really have no business pulling up the account for them. If they do have them, you don't need the index on the sensitive information.
Simple solution. Encrypt the sensitive information before storing it in the database. Leave all of the other information unencrypted. You don't need to search by the sensitive fields anyway, so the inability to index them doesn't matter.
Use filesystem/os level support for locking down the key on the system that needs to be able to decrypt it so that only the account/application authorized to access it can. That limits the vulnerabilities a single system. Even once on that system it is limited to "root" and the actual application.
Now you may safely let any number of insecure systems query your database. You can use trivial database backup schemes with no additional encryption. You don't need to worry about the physical security of those backups. Since you only need to backup the key when you first generate it, there is never any danger of the key and backup data being lost together in transit.
There is no speed penalty anywhere in the system except the sensitive parts.
Companies outsource the entry level positions and only direct hire senior level positions.
The problem is that without the junior level positions, you'll not increase the number of senior level workers. As technology changes, new senior level positions are created and the existing senior level people move to it. So now you have the same senior level people filling both the old jobs and the new jobs but no new senior level people being created.
No company wants to do the training, because it costs them a lot of money. They don't even save money when the employee is more experienced since they have to give them significant raises to keep them from going elsewhere. Every company thinks they can save on training by hiring away these people, but since nobody is willing to train them in the first place, they just don't exist.
Lack of qualified workers? That just means that the company is trying to skimp on training.
Another thing to consider is how horribly expensive fossil fuels would be if they had to trap 100% of their pollution. They complain now about how expensive it is to add scrubbers to smokestacks.
And before you complain that radiation is far more dangerous than carbon dioxide, keep in mind that the majority of power in the US is produced from coal power plants. Each coal plant gives off far more radiation than does a fission plant.
The key radioactive substances in the pollution from coal plants are isotopes of uranium and thorium. Both of which can be used as fuels in the very same reactors which are too dangerous to operate. Uranium, obviously, is the fuel in the Toshiba reactor. Thorium is used in breeder reactors like in the radioactive boy scout story from about 4 months ago.
The drag on the adoption of fission over coal isn't about safety, nor is it about the cost to dispose of the hazardous substances. It's about coal plants getting away with far more than a fission reactor is allowed. If we held all power plants to the same standards, there would be far more fission plants today.