(ISF) Is there a nightmare waiting to happen in your sock drawer?

(A version of this item with live links is available at
<http://blog.deborah.elizabeth.finn.com/blog/_archives/2006/9/14/2326736.html>.)

Dear ISF Colleagues,

These days, I'm devoting some time to visiting a number of nonprofit
agencies that advocate for immigrants, learning about their technology
needs and checking out their current infrastructures.

In most cases, the agencies have an alert accidental techie rather
than a full-time CTO in charge of the network server. These are
dedicated and plucky folks. When we get to a discussion of back-up
strategies, it often goes like this:

Accidental Techie: As you can see, we have a tape drive. We do
an incremental back-up every weekday, and a full back-up once a week.

Cyber-Yenta: That's great. Where do you store the latest full back-up?

AT: Well, I think it's important to take it off-site, in case
there's a disaster. So I take it home with me on Fridays and stick it
in a drawer. On Mondays I bring the previous week's full back-up to
the office.

CY: Uh oh.

Is it just me, or is this a nightmare waiting to happen?

Here are a few worst case scenarios:

1) Thieves break into the Accidental Techie's house, and steal
the tape. They use information from the case management files to
engage in identity theft, or to harass vulnerable individuals about
their HIV or immigration status. The agency suffers a major loss of
reputation, the well-being of clients is jeopardized, and AT's home is
not covered by the agency's insurance, thus making AT personally
liable. An organizational nightmare ensues.

2) The nonprofit agency's management and the Accidental Techie
have a falling out. Management decides to accuse AT of taking the
agency's intellectual property off-site without proper authorization,
as a pretext for termination. Litigiously-minded board members take
sides. An organizational nightmare ensues.

3) On the way home one Friday afternoon, both the Accidental
Techie and the back-up tape perish in a previously unthinkable
accident. Panic ensues as the management realizes that AT was the
only person who knew the password of the file server and that the most
recent daily back-ups were unsuccessful. In addition to losing
several days worth of irreplaceable data, the agency has also lost
administrative access to its system and all institutional memory of
how the system was configured. An organizational nightmare ensues.

Some of these scenarios are really, really unlikely. However, I would
feel a lot better if the agency allocated some money to pay a bonded
and insured company to make a weekly pick-up of the tape. Those tapes
should be signed in and out, and then stored in a proper vault. In
some cases, a highly professional remote back-up service can be a good
alternative.

Perhaps it hasn't happened to your agency yet, and maybe it never
will. But in my heart of hearts, I always assume that "yet&quot; stands
for "you're eligible, too."

Best regards from Deborah

Deborah Elizabeth Finn
Boston, Massachusetts, USA
deborah_elizabeth_finnpost.harvard.edu
www.cyber-yenta.org

Messages in this topic (1) Reply (via web post) | Start a new topic

.

I really think the role of risk management is severly misunderstood in this sort of situation. Most of these situations are no just unlikely - they're implausible.

For instance - #1) how many house burgarlars could recognize data tapes? And how to turn them into money? And the small step of encrypting those tapes (which you should be doing anyway, no matter where they're stored) basically negates this scenario.

Using an offsite service - rather than the home of staff member makes higher standards more likely, but isn't intrinsically more secure.

What you're really looking at here (what you're paying for) are trust issues - which is a small part risk management.

-----original message-----
>>;Here are a few worst case scenarios: 1) Thieves break into the Accidental Techie's house, and steal the tape. They use information from the case management files to engage in identity theft, or to harass vulnerable individuals about their HIV or immigration status. The agency suffers a major loss of reputation, the well-being of clients is jeopardized, and AT's home is not covered by the agency's insurance, thus making AT personally liable. An organizational nightmare ensues. 2) The nonprofit agency's management and the Accidental Techie have a falling out. Management decides to accuse AT of taking the agency's intellectual property off-site without proper authorization, as a pretext for termination. Litigiously-minded board members take sides. An organizational nightmare ensues. 3) On the way home one Friday afternoon, both the Accidental Techie and the back-up tape perish in a previously unthinkable accident. Panic ensues as the management realizes that A T was the only person who knew the password of the file server and that the most recent daily back-ups were unsuccessful. In addition to losing several days worth of irreplaceable data, the agency has also lost administrative access to its system and all institutional memory of how the system was configured. An organizational nightmare ensues.>;>

Messages in this topic (2) Reply (via web post) | Start a new topic

.

-----original message-----
>>;However, I would feel a lot better if the agency allocated some money to pay a bonded and insured company to make a weekly pick-up of the tape. Those tapes should be signed in and out, and then stored in a proper vault. In some cases, a highly professional remote back-up service can be a good alternative. >>

You know, I don't disagree with what you recommend - in theory. but Practically, I think it is great when I can get my nonprofit clients to actually make backups. Of course, when I can get them to take them off site that is just one more step towards nervana.

The offsite backup can always be taken home by whomever is authorized to do so. That need not be done by the techie that created it.

For anyone who is in a nonprofit and does not feel they are doing an adequate job in backups, I suggest taking a look at this document on my web site:

http://webpages.charter.net/bobalston/Documents/Non%20Profit% 20Computer%20Backups.htm

Bob

Messages in this topic (3) Reply (via web post) | Start a new topic

.

I really think the role of risk management is severly misunderstood in this sort of situation. Most of these situations are no just unlikely - they're implausible.

For instance - #1) how many house burgarlars could recognize data tapes? And how to turn them into money? And the small step of encrypting those tapes (which you should be doing anyway, no matter where they're stored) basically negates this scenario.

Using an offsite service - rather than the home of staff member makes higher standards more likely, but isn't intrinsically more secure.

What you're really looking at here (what you're paying for) are trust issues - which is a small part risk management.

-----original message-----
>>;Here are a few worst case scenarios: 1) Thieves break into the Accidental Techie's house, and steal the tape. They use information from the case management files to engage in identity theft, or to harass vulnerable individuals about their HIV or immigration status. The agency suffers a major loss of reputation, the well-being of clients is jeopardized, and AT's home is not covered by the agency's insurance, thus making AT personally liable. An organizational nightmare ensues. 2) The nonprofit agency's management and the Accidental Techie have a falling out. Management decides to accuse AT of taking the agency's intellectual property off-site without proper authorization, as a pretext for termination. Litigiously-minded board members take sides. An organizational nightmare ensues. 3) On the way home one Friday afternoon, both the Accidental Techie and the back-up tape perish in a previously unthinkable accident. Panic ensues as the management realizes that A T was the only person who knew the password of the file server and that the most recent daily back-ups were unsuccessful. In addition to losing several days worth of irreplaceable data, the agency has also lost administrative access to its system and all institutional memory of how the system was configured. An organizational nightmare ensues.>;>

Messages in this topic (2) Reply (via web post) | Start a new topic

.

-----original message-----
>>;However, I would feel a lot better if the agency allocated some money to pay a bonded and insured company to make a weekly pick-up of the tape. Those tapes should be signed in and out, and then stored in a proper vault. In some cases, a highly professional remote back-up service can be a good alternative. >>

You know, I don't disagree with what you recommend - in theory. but Practically, I think it is great when I can get my nonprofit clients to actually make backups. Of course, when I can get them to take them off site that is just one more step towards nervana.

The offsite backup can always be taken home by whomever is authorized to do so. That need not be done by the techie that created it.

For anyone who is in a nonprofit and does not feel they are doing an adequate job in backups, I suggest taking a look at this document on my web site:

http://webpages.charter.net/bobalston/Documents/Non%20Profit% 20Computer%20Backups.htm

Bob

Messages in this topic (3) Reply (via web post) | Start a new topic

.

I agree with Helen and some of the other respondents. Your worst case scenarios are mostly implausible; and they encourage fear on issues that really shouldn't generate too much fear.

The fact of the matter is that tape back-ups are encrypted. So even if you had a fairly tech savvy burglar, the burglar would need to have access to a machine that could read the tape format; as well as be able to determine which back-up software was used to encrypt it. If they also happen to be an encryption specialist, I suppose they could create a script that decrypts it themselves. But my guess is if they had that sort of talent, they wouldn't be robbing an accidental techies home to get nonprofit data. They'd be on the government or some corporate payroll stealing or decoding far more important data.

While the point of having nonprofit organizations invest in their disaster recovery or risk management scenarios is a great goal, feeding implausibilities just increase fear and misunderstanding. I'd rather have a nonprofit really comprehend their risk, and acknowledge what steps they have or haven't done to alleviate it, than one running around in a panic worrying about things that have almost no consequence.

Getting the organization to backup routinely and regularly is far more important. Then getting at least one person to understand the difference between incremental back-ups versus full content back-ups would be nice. Then maybe someone who understands the risk between using taped back-up versus hard drive back-ups. Then even having an off-site backup regardless of where it is stored, followed with actually having someone regular test back-ups to see if the data is actually retrievable. And a laundry list of other items.

There are many easier was for someone who wanted to destroy an organizations reputation to get access to their confidential or critical data files; than robbing someone's house. Lord knows, if I was bound and determined to get access to some organizations data, I wouldn't go after the back-up. Who knows when the last time that happened. I'd go gunning for the source; and 8 times out of 10, it wouldn't be that hard to get.

Alnisa

--
.........................................
Alnisa Allgood
Executive Director
Nonprofit Tech
(ph) 608.241.3616 (fx) 608.241.3709
(url) http://smart.nonprofit-tech.org
(url) http://www.nonprofit-tech.org
.........................................
transforming nonprofits through technology
.........................................

-----original message-----
>>I really think the role of risk management is severly misunderstood in this sort of situation. Most of these situations are no just unlikely - they're implausible. For instance - #1) how many house burgarlars could recognize data tapes? And how to turn them into money? And the small step of encrypting those tapes (which you should be doing anyway, no matter where they're stored) basically negates this scenario.&gt;>

Messages in this topic (8) Reply (via web post) | Start a new topic

.

-----original message-----
>>; For instance - #1) how many house burgarlars could recognize data tapes? And how to turn them into money? And the small step of encrypting those tapes (which you should be doing anyway, no matter where they're stored) basically negates this scenario.&gt;>

[snip]

Let me also add: There have been several high-profile errors made by Iron Mountain (a leading provider of off-site tape storage and transport) recently, such that several cases of backup tapes "vanished." They're still not sure what happened to them.

In the case of a house burglar swiping a tape from the sock drawer, the chance that it will be taken is slim, the chance that it will be taken and used is slimmer. The chance that a thief specifically targeting a backup-tape-carrying-truck doing something nasty with the tapes inside is pretty significant.

Tradeoffs...

I'd say there are more critical risks to manage.

Messages in this topic (9) Reply (via web post) | Start a new topic

.