![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
lwoodFriends, it's a good idea to have off-site backups: this is where the key parts of one's sacred data are kept in some place that is not the normal place, in case of tsunami, earthquakes, wildfire, smog, etc.
However!
Having the $200/hour consultant delegate to the $125/hr contractor who hands it off to any of a succession of $10.50/hr interns...
...the last of which, instead of being told to run it to a safe deposit box, or an alternate data center, a dedicated offsite storage facility, or anything, you know, sane...
...is instead told to take the tape home and bring it in tomorrow.
This is not the fault of the intern, who as a student is being taught better--at least he's theoretically, hopefully, being taught better. It isn't the same as "should know better", which I would expect from either of the other two idjits, either of whom is making more than I ever have (and likely ever will).
The intern left the tapes in his locked car overnight, which while absent-minded isn't as wrong-headed as this policy was in the first place.
His car was broken into, along with several others. The tapes were taken, which meant that eight hundred thousand Social Security numbers were compromised, or about seven percent of the total taxpayers of Ohio, where this all went down.
The intern was told not to talk to the police, who might have found the thing in a nearby trash can if alerted straightaway. No, instead, when the internal investigation heats up, the intern, of course, is the prime suspect. He got a three-hour polygraph test, was forced to resign without being given permission to talk it over with his parents (or, in fact, anyone), and was otherwise variously mistreated.
DOcumentation? You got it:
The /. article from which I heard about all of this.
The blog entry that /. referenced.
The report of the Inspector General of the State of Ohio into this affair. The "Executive Summary" is short, sweet, and to the point: not only was their backup policy hopelessly stupid, but the tapes were the backup of a drive with unfettered access to extremely juicy data.
E-mail sent by the poor schlub to the Columbus Dispatch, telling his side.
What I want to know is:
What happened to the hired guns who initiated this complete cockup of a policy in the first place?
Strung up by their thumbs yet?
-- Lorrie
PS: My offsite backups are via encrypted site-to-site transmissions to another server, done nightly.
However!
Having the $200/hour consultant delegate to the $125/hr contractor who hands it off to any of a succession of $10.50/hr interns...
...the last of which, instead of being told to run it to a safe deposit box, or an alternate data center, a dedicated offsite storage facility, or anything, you know, sane...
...is instead told to take the tape home and bring it in tomorrow.
This is not the fault of the intern, who as a student is being taught better--at least he's theoretically, hopefully, being taught better. It isn't the same as "should know better", which I would expect from either of the other two idjits, either of whom is making more than I ever have (and likely ever will).
The intern left the tapes in his locked car overnight, which while absent-minded isn't as wrong-headed as this policy was in the first place.
His car was broken into, along with several others. The tapes were taken, which meant that eight hundred thousand Social Security numbers were compromised, or about seven percent of the total taxpayers of Ohio, where this all went down.
The intern was told not to talk to the police, who might have found the thing in a nearby trash can if alerted straightaway. No, instead, when the internal investigation heats up, the intern, of course, is the prime suspect. He got a three-hour polygraph test, was forced to resign without being given permission to talk it over with his parents (or, in fact, anyone), and was otherwise variously mistreated.
DOcumentation? You got it:
The /. article from which I heard about all of this.
The blog entry that /. referenced.
The report of the Inspector General of the State of Ohio into this affair. The "Executive Summary" is short, sweet, and to the point: not only was their backup policy hopelessly stupid, but the tapes were the backup of a drive with unfettered access to extremely juicy data.
E-mail sent by the poor schlub to the Columbus Dispatch, telling his side.
What I want to know is:
What happened to the hired guns who initiated this complete cockup of a policy in the first place?
Strung up by their thumbs yet?
-- Lorrie
PS: My offsite backups are via encrypted site-to-site transmissions to another server, done nightly.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-07-27 06:53 pm (UTC)no subject
Date: 2007-07-27 06:54 pm (UTC)-- Lorrie
no subject
Date: 2007-07-27 07:23 pm (UTC)Same here. And that should read "done automatically every night"; after all, OAKS' backups were taken off-site "nightly", but it required human intervention each time.
And I get an email about it every morning, letting me know either that it succeeded, or that it didn't for some reason.
The major flaw in my backup plan is that the offsite destination is also within San Francisco, which means that a big earthquake could actually take out both my house and the place where the offsite backups go. I realize this possibility, and consider it my backup plan's greatest wekaness.
no subject
Date: 2007-07-27 07:30 pm (UTC)I was, yes, in jest.
Obviously. Painfully. With complete awareness...
Same here. And that should read "done automatically every night"; after all, OAKS' backups were taken off-site "nightly", but it required human intervention each time.
Yes, that too--hm, come to think of it, I should change it from a cronjob to an anacronjob...
The major flaw in my backup plan is that the offsite destination is also within San Francisco, which means that a big earthquake could actually take out both my house and the place where the offsite backups go. I realize this possibility, and consider it my backup plan's greatest wekaness.
Ditto, only s/San Francisco/Castro Valley/
-- Lorrie
no subject
Date: 2007-07-27 09:34 pm (UTC)Oddly timely, since I'm currently in the server room waiting for the robot arm in the tape library to finish loading tapes into the bin that goes in the lockbox that gets picked up next week while I'm on vacation. We hope to be able to afford site-to-site snapshot replication in the very near future, as magnetic tape is starting to seem terribly medieval at this point, what with the advent of cheap RAID boxes and 'Virtual Tape Library' software. I do work for a museum, of course - but that's no excuse...
no subject
Date: 2007-07-27 10:07 pm (UTC)-- Lorrie
no subject
Date: 2007-07-27 10:52 pm (UTC)Reminds me of when I was signing up with Temp agencies- they handed me a stack of paperwork to fill out, including a piece of paper saying I had recieved and read their safety guidelines. Apparently I was the first person in the history of their company who went back and asked for the safety guidelines- and actually read them- before signing the paper. But, you know- I'm just awesome like that.
no subject
Date: 2007-07-27 11:08 pm (UTC)It's a desperate measure. ;)
Apparently I was the first person in the history of their company who went back and asked for the safety guidelines- and actually read them- before signing the paper. But, you know- I'm just awesome like that.
Bwahahaha--I do that too. Because, frankly, if I'm giving my word that I read a thing? It'll be because I read that thing. Mmmmm, heathen ethics.
-- Lorrie
no subject
Date: 2007-07-27 11:26 pm (UTC)He wanted to split up 2 servers onto a couple flash drives and call it a back up.
How long do you think it would take to put 20 gigs of Documents onto Flashdrives? And that's not including either our email system or our 5 gig database with customer addreses and credit card numbers...
Heathen ethics are awesome, aren't they? Like me. And you. And bacon.
no subject
Date: 2007-07-27 11:33 pm (UTC)How long do you think it would take to put 20 gigs of Documents onto Flashdrives? And that's not including either our email system or our 5 gig database with customer addreses and credit card numbers...
Long enough for me to consider cradling my knees, sitting in the corner, rocking back and forth while gently humming to myself as a viable reaction?
8-P
Heathen ethics are awesome, aren't they? Like me. And you. And bacon.
Well, there's the bit where "you screw me, I screw you back", which is also perfectly valid heathen ethics, says right there in the ol' Havamal.
As long as we're clear. ;)
Oh AND speaking of bacon, Wil Wheaton saw this at the San Diego Comicon:
-- Lorrie
no subject
Date: 2007-07-27 11:38 pm (UTC)As long as we're clear. ;)
Ok, but I don't want your husband coming after me with an axe. ;)
That is an awesome pic- I definitely need one of those. And yes- there has been much knee cradling this past year. And the year before, although that year was typically coupled with whiskey.
no subject
Date: 2007-07-27 11:11 pm (UTC)Of course you won't. $125/hour and $200/hour gigs (at present cost-of-living) are reserved for those whose competence is in the field of bullshitting, not getting stuff done.
no subject
Date: 2007-07-27 11:28 pm (UTC)-- Lorrie