Slashdot Mirror
The Importance of Deleting Old Stuff
An anonymous reader writes: Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, "One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
My company deletes emails after 90 days unless you jump through burning hoops to save a limited number of them. And has IM logging forced to disabled. This REALLY sucks when you want to go back to refer to something. And is so transparently a CYA move.
How about instead of deleting everything people just are not a-holes? And if they can't help themselves maybe they should be exposed. Instead they make us all work in circles as we forget our past.
Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company.
Never Write what you can Phone;
Never Phone what you can Say;
Never Say what you can Whisper;
Never Whisper what you can Nod;
Never Nod what you can Wink.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Research data usually needs to be kept for 7-10 years after the conclusion of the grant, then usually stored much later after since the people involved have left and nobody knows what to do with it. In our research of a 2PB file server, over 1/2 of the data hadn't been touched in over a year. The desire there is to move the data to cheaper tape backup and free up spinning disk. The problem with that is it's cheaper to buy more spinning disk than it is to buy a brand new tape array that will last for 10-15 years and be able to store a few PB of data. Think of it as initial vs. incremental cost.
But the part about employees leaving and not knowing what to do with their data is a big one. I'm sure there's leftover data from when I parted ways with my previous employer - I was there for 11 years and did a lot of work for them during that time, with data scattered all over the place. But since I'm gone there's no way they can ask me to come back and help, so all they have is what's left and if they delete any of that they have no idea what they're going to lose.
Sony have had problems in 2008 via SQL injection attacks. 2011, same thing, but this one resulted in the PSN going down for a month. 2014, oops, another SQL injection attack, but this one was covered up, Sony have managed to get the marge media outlets to remove items mentioning.
I keep all my e-mails in an offline folder. 13 GB and counting.
Saved my arse more times I am willing to count. After the first 15 or so occurrences, people generally leave me alone when I tell them "I could dig into my old e-mails for that information".
Deleting old stuff is definitely worse than keeping it secure, preferably encrypted using a separate tool and password.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)