There is a very interesting piece in the NYT today regarding how researchers have figured out how to steal encrypted data. All you need is a can of dust remover to crack local file encryption. Literally, even if that data is encrypted on a local drive, its not safe.
One of the quickly disposed of objections to web-based applications is that they are somehow less secure. I’ve had lawyers and incredibly, law firm IT bureaucrats insist “but this computer is right here, how can this be less secure than your web servers?”
We have long maintained that the least secure technology model possible is the one currently employed by most law firms, which will come as no shock to anyone who interfaces regularly with law firm IT. That model is to try to lock down laptops using network configurations and user permission rights that have the end result of making the laptop practically impossible to use and crushing the performance of even the speediest computer.
And now it seems, without even being secure. All the pain, no gain.
Web-based apps are far more secure and provide much better performance at the same time. Every use is authenticated and logged. Access can be shut off immediately. It can’t be left on a plane or on the subway. And no one is going to steal our web servers and freeze them with stuff you can buy at Staples.
None of which you can say about that supposedly secure laptop.