A ZeroTrust Security Scenario

Zerotrust scenario neuropil Calamity Chris

Today, rushing to work Calamity Chris had an accident with his motorbike. Luckily, he was just around the corner from Dr. SiTh’s* practice. Apart from taking care of Chris’s injured wrist, she needs to record information, starting with personal data like his name and his social security number. She also gives a medical diagnosis and refers him to Dr. Bone for an x-ray, who will generate further data.

While Chris is next door for an x-ray, let’s screen what happens to his data in an ideal security environment, aka #ZeroTrust.

Due to legal provisions Dr. SiTh is obliged to keep his records for a period of ten years. She gives Chris full access control over his data. This way Chris can view his data at any time and he can issue access rights to others. He may want to grant these to his social security provider or perhaps he would like to pass the data on to another doctor for a second opinion. To do so Dr. SiTh uses a cloud service. As she has heard of data breach cases at cloud service providers Chris’s data is encrypted to keep it confidential. She makes sure there is a back-up of his records.

Only Dr. SiTh (or whomever else Chris has decided to share data with) has access to view his data. Chris can share access rights to specific parts of his data, if he wishes. Regarding a medical condition it may be necessary to grant legal authorities access to some of his data. While authorities can contact Chris, it is not possible for them to draw conclusions about him and his life.

Some weeks after the accident Chris has changed his phone provider and now wants to transfer his data from the original cloud service. Once deployed with the new provider his data is deleted at the former.

Unfortunately, now we need to take you back down to earth. This is not the real world as you know it. But wouldn’t it be neat to just pass a specific piece of information on and know who last viewed your patient record? Today digital identities are not yet an implemented reality. We believe they could and should be, rather sooner than later. We also believe transparent data communication should be available to everyone and we believe we have an answer to making this scenario a reality: neuropil.io

*Secure Internet of Things