At the RSA 2007 conference this week, Bill Gates stood up to pitch smart cards as the solution to many of the IT industry's current security issues. Gates suggested that transitioning from weak passwords to smart cards would go a long way toward making distributed computing a reality. "Passwords are not only weak, [they] have a huge problem in that if you get more and more of them, the worse it is...so we have to evolve from them," Gates told the conference during his keynote. When combined with certificates, smart cards offer the cornerstone of a new world of secure identities, he suggested. Not surprisingly, he noted that Microsoft is working on smart card-certificate combos, particularly on making them simple enough so that revocation and exceptions are easy to manage.
To me, the question is whether this is good news for the health IT industry or not. Will the integration of smart card-managed identity--which seems likely to become the norm at some point--be feasible in an already siloed, distributed healthcare architecture? And if revocation of identity isn't super-easy to manage, wouldn't healthcare IT execs face new HIPAA vulnerabilities if they were lost or stolen? I'd love your input on this.
To read more of Gates' remarks:
- read this release from the Smart Card Alliance
Smart card vendors pitch health care pilots. Report