We’re building a medical app. Of course, Therapy-Smarter isn’t collecting deeply intimate data – just basic contact information, some physiotherapist’s notes, exercise prescriptions and exercise performance data – but nevertheless, medical data is medical data- it’s inherently sensitive, and any company that cares about its reputation needs to take data privacy – and thus data security – very seriously indeed.
So, we’ve been thinking about it fairly hard – but not in a technical way; it’s a specialist domain and we assume that we will need to pay people who know what they are doing to advise us on best practice and then get them to assess our implementation.
No, we’ve been thinking hard about security in terms of business culture, because it seems painfully clear that this is where security weaknesses really come from. That’s right – I’m saying that security weaknesses have much more to do with business culture than they have to do with engineering.