![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Friends, it's a good idea to have off-site backups: this is where the key parts of one's sacred data are kept in some place that is not the normal place, in case of tsunami, earthquakes, wildfire, smog, etc.
However!
Having the $200/hour consultant delegate to the $125/hr contractor who hands it off to any of a succession of $10.50/hr interns...
...the last of which, instead of being told to run it to a safe deposit box, or an alternate data center, a dedicated offsite storage facility, or anything, you know, sane...
...is instead told to take the tape home and bring it in tomorrow.
This is not the fault of the intern, who as a student is being taught better--at least he's theoretically, hopefully, being taught better. It isn't the same as "should know better", which I would expect from either of the other two idjits, either of whom is making more than I ever have (and likely ever will).
The intern left the tapes in his locked car overnight, which while absent-minded isn't as wrong-headed as this policy was in the first place.
His car was broken into, along with several others. The tapes were taken, which meant that eight hundred thousand Social Security numbers were compromised, or about seven percent of the total taxpayers of Ohio, where this all went down.
The intern was told not to talk to the police, who might have found the thing in a nearby trash can if alerted straightaway. No, instead, when the internal investigation heats up, the intern, of course, is the prime suspect. He got a three-hour polygraph test, was forced to resign without being given permission to talk it over with his parents (or, in fact, anyone), and was otherwise variously mistreated.
DOcumentation? You got it:
The /. article from which I heard about all of this.
The blog entry that /. referenced.
The report of the Inspector General of the State of Ohio into this affair. The "Executive Summary" is short, sweet, and to the point: not only was their backup policy hopelessly stupid, but the tapes were the backup of a drive with unfettered access to extremely juicy data.
E-mail sent by the poor schlub to the Columbus Dispatch, telling his side.
What I want to know is:
What happened to the hired guns who initiated this complete cockup of a policy in the first place?
Strung up by their thumbs yet?
-- Lorrie
PS: My offsite backups are via encrypted site-to-site transmissions to another server, done nightly.
However!
Having the $200/hour consultant delegate to the $125/hr contractor who hands it off to any of a succession of $10.50/hr interns...
...the last of which, instead of being told to run it to a safe deposit box, or an alternate data center, a dedicated offsite storage facility, or anything, you know, sane...
...is instead told to take the tape home and bring it in tomorrow.
This is not the fault of the intern, who as a student is being taught better--at least he's theoretically, hopefully, being taught better. It isn't the same as "should know better", which I would expect from either of the other two idjits, either of whom is making more than I ever have (and likely ever will).
The intern left the tapes in his locked car overnight, which while absent-minded isn't as wrong-headed as this policy was in the first place.
His car was broken into, along with several others. The tapes were taken, which meant that eight hundred thousand Social Security numbers were compromised, or about seven percent of the total taxpayers of Ohio, where this all went down.
The intern was told not to talk to the police, who might have found the thing in a nearby trash can if alerted straightaway. No, instead, when the internal investigation heats up, the intern, of course, is the prime suspect. He got a three-hour polygraph test, was forced to resign without being given permission to talk it over with his parents (or, in fact, anyone), and was otherwise variously mistreated.
DOcumentation? You got it:
The /. article from which I heard about all of this.
The blog entry that /. referenced.
The report of the Inspector General of the State of Ohio into this affair. The "Executive Summary" is short, sweet, and to the point: not only was their backup policy hopelessly stupid, but the tapes were the backup of a drive with unfettered access to extremely juicy data.
E-mail sent by the poor schlub to the Columbus Dispatch, telling his side.
What I want to know is:
What happened to the hired guns who initiated this complete cockup of a policy in the first place?
Strung up by their thumbs yet?
-- Lorrie
PS: My offsite backups are via encrypted site-to-site transmissions to another server, done nightly.
