LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Technology News: Mlware: 'H*** You H*ve' Exposes Internet Security's Achilles' Heel
From:	Jesse Wilkins <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 13 Sep 2010 09:51:04 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (85 lines)

At risk of opening a huge can of worms on a crisp Colorado Monday - haven't
there been some pretty high-profile cases of information being compromised
through either a) paper records being inappropriately disposed of or b)
tapes being transported unsecurely? Yet I don't remember any missives
calling for mandatory onsite industrial shredders, prohibitions against all
offsite storage, or eschewing tape storage.

I don't mean to trivialize the impact of this worm to the organizations
affected by it, but I also know that I didn't get it because I was trained a
billion years ago (well, in 1999 after Melissa) not to open emails and
attachments I don't recognize. I suspect most people on this list didn't get
it either for the same reason. So to jump from this moderately successful
worm based on timeless social engineering principles to the cloud being the
death of information management as we know it is a piece too far.

<snip and rewording for irony>
> "A lot of companies do have policies in place, but the reality is, it's
much easier to click delete on the document, because a lot of people are
busy and don't have the time to verify that it's not on hold," Masiello
said.
</snip>

JW: Would you as records managers accept this statement in an article
uncritically? If not, why on earth would you accept the original statement
in the article uncritically?

<snip snip snip>
Those who suggest the Cloud as our only means of storing information are a
threat to us all. Tape storage offsite allows you a means to go back to the
day or the minute before the infection occurred and reboot from there. If
everything is online all the time, the w*rm can just keep burrowing into all
the data.

Records management needs to talk with executive management and point out
these flaws and talk about storage of tapes, offline, in a secure
environment. If they wish to use the Cloud, fine but do not walk away from a
technology that has been extremely effective since the first use of
computers.

Imagine if every source of clean water was linked together so that one
terrorist at any point in the water supply could infect it all, thus
rendering all water poisonous. That is how the Cloud has the potential for
massive data loss and damage to our platforms. Yet the IT world keeps
pushing for total use of the Cloud????? All that risk just so they can make
a few more dollars.
</snip>

JW: I still don't see the connection between email and "the Cloud" except
that both of them relate to information transmitted over the Internet.
Besides, at least for the major cloud email providers like Google and MS
Exchange Online, I imagine that they do in fact have some sort of backup
segregated away from the primary online message store and could restore
pretty quickly. Of course, they also have better access to security
resources than all but the most hardened IT shops. If your IT staff is
better than the hundreds or thousands of dedicated bodies Google, Microsoft,
et al throw at backup, provisioning, and security, you need to give them a
raise. That's also not how cloud computing works today, but I'll leave that
statement alone for today.

And FWIW, I don't know a lot of IT people "pushing for total use of the
cloud". Many IT people are as reluctant as Hugh to move everything to the
cloud, for the same reasons, and despite a near-perfect history with regards
to security. (Performance and availability is not quite as good as onsite -
yet - but as noted above I'd still trust Google's resources over most
organizations' in-house IT staff, and I don't say that to slag on the
in-house people. It's just recognition that lots of smart people tend to be
better than fewer smart people at keeping bad guys out.)

So, as has been the case for at least 10 years, don't open things you're not
expecting, from emails with grammatical errors and cryptic messages, without
at least confirming with the sender. And run antivirus/anti-malware
software. This is baseline internet savvy in 2010.

Regards,

Jesse Wilkins, CRM, CDIA+
[log in to unmask]
(303) 574-0749 direct
Twitter: http://www.twitter.com/jessewilkins

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US