Another option is to house a server at the ACD co-hosting location on North Grand River. A 1U server costs $119 per month to store there and you get online access to your backups. You can also automate your backup system to do weekend archiving. -----Original Message----- From: Michael S. Surato [mailto:[log in to unmask]] Sent: Thursday, December 14, 2006 4:10 PM To: [log in to unmask] Subject: Re: [MSUNAG] off site backups This is turning into a very fascinating conversation! If I could summarize what I have found so far there seem to be 3 possible locations for off site backups: 1. Another unit on campus 2. A service that stores tapes for money 3. At home The argument against another unit on campus are that it is still on campus. So this would help if your building burns down, but not against campus-wide failures. The argument for another unit is that transportation of data is very secure (you carry it) and that it can be accessed by appropriate people on short notice. It is also very cheap. The argument that has been said against a service is that it costs money. What is not said is that you had your tape to a stranger. Yes you have paid the service money, and yes the service has signed the NDA. However, the disgruntled employee of that service has physical access to that tape for a week. If they were to restore the data to a machine and then hand you the tape when you come for it, you may not realize that the data was compromised. A rare chance for sure, but possible. The argument for the service is that you can blame someone else for security breaches related to tape storage (see http://money.cnn.com/2005/06/06/news/fortune500/security_citigroup/). Much more has been said regarding taking tapes home. However, the reasons against boil down to: 1. It could be stolen from your home. This could result in many possible outcomes including you have to take full responsibility for the cost of the breach. 2. Your home is not staffed by professionals. This means that people in your home may not realize what they are dealing with and may damage/lose/give away the tapes without meaning to do so. 3. Loss of access by MSU. If the tape is not clearly linked to MSU your family may not voluntarily give the tape to MSU. This would cost time/money/possibly credibility. 4. Blame/Credibility. There is no one to blame for problems except for the employee. This may cause MSU to lose credibility and trustworthiness. The advantage is that you know where the tape is and it is cheap. In all of the arguments there are champions for each argument. It often boils down to what is required. For example HIPPA is very particular about what is stored, where, and who has access. This would probably eliminate the "at home" option. In the far recesses of my memory I seem to recall a conversation similar to this several years ago. During that conversation another option was offered. That option would be to use an Extension office (specifically the Ingham county office in Mason) for a tape repository or a hot backup site for central services. Does anyone else remember this option, and if so, was there any result of these discussions? +-------------------------------------------+ | Michael Surato | | College of Arts and Letters | | Michigan State University | | 320 Linton Hall | | East Lansing, MI 48824 | | Voice: (517) 353-0778 Fax: (517) 355-0159 | +-------------------------------------------+ -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Thomas P. Carter Sent: Thursday, December 14, 2006 3:35 PM To: [log in to unmask] Subject: Re: [MSUNAG] off site backups To this I will also add that a determined cracker with access to encrypted stolen tapes could eventually be successful cracking the encryption. -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jeff Domeyer Sent: Thursday, December 14, 2006 2:55 PM To: [log in to unmask] Subject: Re: [MSUNAG] off site backups This is a means to shift responsibility from you to the service provider whose responsibility it is to protect the data. Other implications are the bad publicity that MSU would receive if they had to inform individuals that an employee stored their information at the employee's house, and it was compromised. If that situation arose with relation to a Bank, there would probably be heads rolling. As an exaggeration; if the data is public, or not sensitive in nature, then there probably wouldn't be a need for encrypting it. If you can store it in that fashion on a table on Grand River without supervision, then you might have an argument for taking it home. The thing to remember is that you have to transport that data to and from work, which isn't as secure as you might think your home is, but I might just be paranoid. It's all just about liability. -Jeff -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Michael S. Surato Sent: Thursday, December 14, 2006 1:06 PM To: [log in to unmask] Subject: Re: [MSUNAG] off site backups Just to play devil's advocate. What would be the problem of taking the backup tape home if the data was encrypted. While this adds the complexity of storing an offsite copy of the decryption key, it also solves the issue of stolen tapes/computers with sensitive data. +-------------------------------------------+ | Michael Surato | | College of Arts and Letters | | Michigan State University | | 320 Linton Hall | | East Lansing, MI 48824 | | Voice: (517) 353-0778 Fax: (517) 355-0159 | +-------------------------------------------+ -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Richard Wiggins Sent: Thursday, December 14, 2006 12:09 PM To: [log in to unmask] Subject: Re: [MSUNAG] off site backups I agree with Chris. Yesterday UCLA reported a break-in that exposed SSNs and other personal information for 800,000 people (which must included fac/staff/students/applicants for decades). That was a tightly-guarded server locked in a machine room on campus. And Boeing revealed that for the third time this year (!!!) a laptop with SSNs and other personal info was stolen, affecting 322,000 people. This was a direct violation of company policy. So I think a better statement would be that you shouldn't use home backup for systems that house confidential or sensitive information. And you should not carry around large datasets with personal information on laptops, thumb drives, or other portable devices. It might help if people thought of sensitive data as radioactive. You wouldn't carry radioactive materials in your car or to your house. /rich On 12/14/06, Chris Wolf <[log in to unmask]> wrote: > I'm not sure I see the problem with taking backups home for off-site > storage in some situations. It's not perfect, but it adds an enormous > amount of additional safety in a very cheap and convenient way. I have > even recommended that faculty keep one copy of their backup of their > office desktop computer at home. Regarding possible theft, faculty all > over campus take their university-owned portable computers containing > university data home (not to mention all over the world), and I would > say that a computer is much more likely to be stolen during a home > burglary (or from a traveler in an airport) than some tapes are. > > I agree that for AIS servers and other machines that have large > amounts of sensitive data, it's worthwhile to have a more secure > arrangement, but for many other situations in academic departments a > home is not a bad off-site location. > > > -----Original Message----- > > From: MSU Network Administrators Group [mailto:[log in to unmask]] > > On Behalf Of Peter J Murray > > Sent: Wednesday, December 13, 2006 4:24 PM > > To: [log in to unmask] > > Subject: [MSUNAG] off site backups > > > > What solutions are different units on campus using for 'off site' > > backup, or at least, backups in another building. Is there a > > service that ACNS or AIS provides for those of us who want to keep a > > redundant data source outside our building? Are system > > administrators taking home tapes with them for off site storage (and > > is that even allowed)? Does MSU have an agreement or preferred > > vendor for off site backup? > > > __________ NOD32 1922 (20061214) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com