Seems to me a hosted email service essentially IS a backdoor. I can already get into the e-mail accounts of any server I'm the admin of - hence the power of Admin. Heck, not only do they own the admin accounts, they own the physical servers.
You haven't handed them the keys, they made (and own) the locks!
It's true that keeping your data in-house doesn't guarantee it's security. However...I'd suggest that the more layers and people you put between you and your data the inherently less secure it becomes. The employee may not be 100% trustworthy but at least I know who they are. I have personally met each and every person with a key to our datacenter because I'm the one who handed them their keys.
Every additional contractor, sub-contractor, sub-sub-contractor means more hands and eyes with access to my data and increasingly they are hands and eyes that I don't know, have no direct control over, can't even monitor. That's not security.
That's true, though the government we have is a lot better than the government most people in the world have to endure. That's not to suggest that it couldn't be improved, just that flawed though it is, it's still better than most.
There's a reason why millions of people around the world still risk life and limb to try and come here and it's not because of American Idol.
Yes, I know why they have these clauses. My point is that these clauses specifically allow them to ship your data off to unnamed third-parties who may be located anywhere in the world.
And that is a potentially serious issue for people storing confidential and/or mission-critical data in the cloud. Especially when they thought they were storing it with a domestic provider, only to discover later perhaps that their data was actually shipped off to a 3rd party in another part of the world.
Actually my point was that rather than being worried about keeping it out of the U.S. he should probably be more focused on keeping it IN Canada.
ANY country other than your home country exposes your data to laws and risks that are likely unfamiliar to you. At least at home you know what you're dealing with.
And I'd suggest that the U.S., while far from blameless (hence the thread) is actually one of the better ones. At least the government here is at least sort of transparent. In some countries they don't tell you what they're doing and they shoot you if you ask.
Yes, certainly they should need a reason...but at assumes that the 4th Amendment applies at all. I believe that the 4th Amendment SHOULD apply to electronic communications, including in the cloud, but what I believe and what the U.S. Government does aren't always the same things.
But now that I have THREE(?) separate cloud providers to run a single application, where is my advantage over just hosting it in my own data center? How many different 3rd parties am I going to pay to touch my confidential data before all of the promised cost-benefits of the cloud disappear?
And if something goes wrong in my 3-headed cloud won't each provider just point at one (or both) of the other two and claim it's their problem?
The problem is that the abstracting ends when and where the government of the country wherein the server exists decides it does. Note the whole China/Google kerfluffle. In the utopian view of the Internet Google and their searches roam freely across the landscape, unencumbered by quaint political systems.
In reality the Chinese government actively restricts (or at least tries to) what passes into and out of their country by land, sea, air and cyberspace. Other countries have intervened on the Internet as well - jailing people for political postings, actively monitoring traffic, even trying to shut down the Internet (in their country) during times of crisis.
Whether we want to believe it or not, the Internet only rises as high as those political entities allow it to and that means that having the protection of the 4th Amendment is still important.
No, and that is exactly what I consider to be one of the biggest issues of the Cloud. The Terms of Service of many, if not most, Cloud Computing/SaaS providers explicitly allow them to outsource their storage (or either primary data or backups or both) to unnamed 3rd parties. Where are these mysterious 3rd parties located?
Like all businesses keeping costs down helps them keep profits up and since Cloud Computing IS largely sold as a low-cost solution (we can discuss price vs. cost later) we know that keeping costs low is imperative. As we know the Internet crosses International borders (most of them anyhow) effortlessly. Is there any reason to think that a Cloud/SaaS provider wouldn't gladly outsource their storage to a cut-rate data center in another country? Maybe even a country that isn't very friendly to the U.S.?
The 4th Amendment means nothing in Malaysia or China or Venezuela or...you get the idea.
Anybody else notice the irony of having a thread about how few people encrypt their mobile devices just a couple of stories below a story about the government seizing laptops?
That would probably be the percentage who mistakenly think that randomness is more important than length when it comes to passwords.
I see orgs all the time who think that "X7Y^i!6" is an awesome password. They force their users to create passwords they can never remember, despite the fact that they're only 6 or 7 characters long.
In fact they're far better off using pass PHRASES that the user can remember and are longer, and setting an intelligent account lockout policy. The phrases don't need to be written down on a post-it and they're more secure anyhow.
No backups of confidential data? You're kidding, right?
Since confidential data tends to be among the most mission-critical data (in most organizations) I'd argue that it's the data MOST in need of backing up. The backups can (and should) be encrypted and stored in a physically secure location. But backups are essential.
If you don't back it up then you don't deserve to have it.
What about bank account info? Account numbers and balances? Saved passwords to financial sites or corporate resources? What about customer data? Credit card numbers? We see data in customer sites every day that shouldn't be exposed outside the organization. Granted it's not always found on portable devices but sometimes it is.
Whole disk encryption is really not difficult to do and it's a heck of a lot easier than having to apologize to all of your customers because you lost an unencrypted laptop with their information on it.
Keep that in mind, by the way, when dealing with Cloud computing providers who want to store your confidential or mission-critical data offshore. Ask them WHERE they're outsourcing the data storage to. You could find yourself effectively doing business in China, and with your corporate data subject to Chinese law and the whims of the Chinese Government.
The Internet is a really cool thing (duh) but the total lack of virtual borders, while the geopolitical ones remain as strong as ever, means your data can be crossing into some dangerous territory without your knowledge.
Somehow I suspect you haven't actually used it. Either that or you're just a huge anti-MS bigot.
Windows 7, SP0, is actually pretty darned good - especially compared to that steaming pile of mediocrity (Vista) they put out last time. It's faster, the UI is cleaner and more useful (most of the time), it's very compatible with a wide variety of hardware. Even hardware that Windows 7 cautioned me probably wouldn't work...works.
This is probably the first usable 64-bit Windows version for the desktop.
We have several clients who have, or who are in the process of, rolling it on on their desktops and in every case they're quite pleased with it and their staff is finding it to be a productive work environment.
That doesn't make sense to me either, honestly, but since we use TrueCrypt (even on machines where Bitlocker is available) I've never really cared much. I think TrueCrypt is more widely compatible anyhow.
If you've ever tried to use Bitlocker you'll notice it has some sneaky requirements about your hardware that even machines with the right OS version don't always meet. TrueCrypt is far more accepting (and totally OS agnostic), not to mention free.
Every now and then I'll bounce the FireFox app (close it, tell it to save and quit so it comes back up with the same tabs, restart it) and it generally comes back up using about 75% less memory than it was using when I closed it.
Though I can't point to any actual crashes that have resulted from it, seems like it would just be best practice for FireFox to be at least somewhat respectful of system memory (I do run other apps too ya know?) and try to keep itself tight when possible. If it were only 10% then I probably wouldn't care, but when I can open the same handful of tabs in 75% less memory...
Same reason I add shortcuts to get into the program settings to the toolbars of all the apps I have to support. The average user might go in there once or twice a year (if ever). I have to go in there several times a week to test or demonstrate something.
We create shortcuts to the places we need to go often. The average user doesn't go the same places the devs or support guys do, most likely.
I think you're misinterpreting the data a bit - the key difference is not public school vs. homeschool. The key difference is the dedicated parents who value education. It's the same reason why most private schools out-perform most public schools. Because homeschooled kids and private school kids have dedicated parents who care about education.
Public schools have to accept hordes of kids whose indifferent parents dump them there for free daycare. And those kids drag down the whole system.
I think you're misunderstanding what VOIP is. It's just voice being carried in data packets.
His home VOIP fails in a power outage because the handset (and router) doesn't have power backup. If he uses uninterruptible power supplies on his home infrastructure then he'll still have VOIP when the power goes out (for as long as the backup power lasts).
The kind of infrastructure that backbone VOIP uses, and believe me many/most cell towers are ALREADY using VOIP for a backbone, has the kind of backup power support that would keep it up in the case of a power failure. If your phone company's POTS switch loses power it's going down too - and they know that so they have backup power solutions in place for that eventuality. Once the traffic is on the wire it's all pretty much the same stuff - wires, switches, routers. And an electrical infrastructure that includes redundancy.
You can even transmit power over Ethernet too, if you want to.
Our Devs have full admin rights....on the Virtual Machines they develop on. It's great, they create a base VM, store that drive file as a template, then do their development and testing. Anytime they want to, which turns out to be a couple of times a month usually, they delete that active VM and start over clean from the base. They can also run multiple identical VMs side-by-side if they need to.
Need to test against a different OS or a server? Create a VM for it and go. Doesn't matter if they trash it, it's just a VM.
Slashdot Mirror
Seems to me a hosted email service essentially IS a backdoor. I can already get into the e-mail accounts of any server I'm the admin of - hence the power of Admin. Heck, not only do they own the admin accounts, they own the physical servers.
You haven't handed them the keys, they made (and own) the locks!
It's true that keeping your data in-house doesn't guarantee it's security. However...I'd suggest that the more layers and people you put between you and your data the inherently less secure it becomes. The employee may not be 100% trustworthy but at least I know who they are. I have personally met each and every person with a key to our datacenter because I'm the one who handed them their keys.
Every additional contractor, sub-contractor, sub-sub-contractor means more hands and eyes with access to my data and increasingly they are hands and eyes that I don't know, have no direct control over, can't even monitor. That's not security.
That's true, though the government we have is a lot better than the government most people in the world have to endure. That's not to suggest that it couldn't be improved, just that flawed though it is, it's still better than most.
There's a reason why millions of people around the world still risk life and limb to try and come here and it's not because of American Idol.
Yes, I know why they have these clauses. My point is that these clauses specifically allow them to ship your data off to unnamed third-parties who may be located anywhere in the world.
And that is a potentially serious issue for people storing confidential and/or mission-critical data in the cloud. Especially when they thought they were storing it with a domestic provider, only to discover later perhaps that their data was actually shipped off to a 3rd party in another part of the world.
Actually my point was that rather than being worried about keeping it out of the U.S. he should probably be more focused on keeping it IN Canada.
ANY country other than your home country exposes your data to laws and risks that are likely unfamiliar to you. At least at home you know what you're dealing with.
And I'd suggest that the U.S., while far from blameless (hence the thread) is actually one of the better ones. At least the government here is at least sort of transparent. In some countries they don't tell you what they're doing and they shoot you if you ask.
Yes, certainly they should need a reason...but at assumes that the 4th Amendment applies at all. I believe that the 4th Amendment SHOULD apply to electronic communications, including in the cloud, but what I believe and what the U.S. Government does aren't always the same things.
But now that I have THREE(?) separate cloud providers to run a single application, where is my advantage over just hosting it in my own data center? How many different 3rd parties am I going to pay to touch my confidential data before all of the promised cost-benefits of the cloud disappear?
And if something goes wrong in my 3-headed cloud won't each provider just point at one (or both) of the other two and claim it's their problem?
The problem is that the abstracting ends when and where the government of the country wherein the server exists decides it does. Note the whole China/Google kerfluffle. In the utopian view of the Internet Google and their searches roam freely across the landscape, unencumbered by quaint political systems.
In reality the Chinese government actively restricts (or at least tries to) what passes into and out of their country by land, sea, air and cyberspace. Other countries have intervened on the Internet as well - jailing people for political postings, actively monitoring traffic, even trying to shut down the Internet (in their country) during times of crisis.
Whether we want to believe it or not, the Internet only rises as high as those political entities allow it to and that means that having the protection of the 4th Amendment is still important.
So you'd be happier if your data was stored in China, where there's a decent chance it's being actively monitored?
No, and that is exactly what I consider to be one of the biggest issues of the Cloud. The Terms of Service of many, if not most, Cloud Computing/SaaS providers explicitly allow them to outsource their storage (or either primary data or backups or both) to unnamed 3rd parties. Where are these mysterious 3rd parties located?
...you get the idea.
Like all businesses keeping costs down helps them keep profits up and since Cloud Computing IS largely sold as a low-cost solution (we can discuss price vs. cost later) we know that keeping costs low is imperative. As we know the Internet crosses International borders (most of them anyhow) effortlessly. Is there any reason to think that a Cloud/SaaS provider wouldn't gladly outsource their storage to a cut-rate data center in another country? Maybe even a country that isn't very friendly to the U.S.?
The 4th Amendment means nothing in Malaysia or China or Venezuela or
How do you install TrueCrypt on a Cloud server? Do you suppose the company that owns that server might object
Anybody else notice the irony of having a thread about how few people encrypt their mobile devices just a couple of stories below a story about the government seizing laptops?
That would probably be the percentage who mistakenly think that randomness is more important than length when it comes to passwords.
I see orgs all the time who think that "X7Y^i!6" is an awesome password. They force their users to create passwords they can never remember, despite the fact that they're only 6 or 7 characters long.
In fact they're far better off using pass PHRASES that the user can remember and are longer, and setting an intelligent account lockout policy. The phrases don't need to be written down on a post-it and they're more secure anyhow.
No backups of confidential data? You're kidding, right?
Since confidential data tends to be among the most mission-critical data (in most organizations) I'd argue that it's the data MOST in need of backing up. The backups can (and should) be encrypted and stored in a physically secure location. But backups are essential.
If you don't back it up then you don't deserve to have it.
Our company has a really cool product that we sell to our customers for recovering data in the case of a drive failure. It's called a "backup".
;-)
It's been in the papers, you should check it out.
What about bank account info? Account numbers and balances? Saved passwords to financial sites or corporate resources? What about customer data? Credit card numbers? We see data in customer sites every day that shouldn't be exposed outside the organization. Granted it's not always found on portable devices but sometimes it is.
Whole disk encryption is really not difficult to do and it's a heck of a lot easier than having to apologize to all of your customers because you lost an unencrypted laptop with their information on it.
Keep that in mind, by the way, when dealing with Cloud computing providers who want to store your confidential or mission-critical data offshore. Ask them WHERE they're outsourcing the data storage to. You could find yourself effectively doing business in China, and with your corporate data subject to Chinese law and the whims of the Chinese Government.
The Internet is a really cool thing (duh) but the total lack of virtual borders, while the geopolitical ones remain as strong as ever, means your data can be crossing into some dangerous territory without your knowledge.
Somehow I suspect you haven't actually used it. Either that or you're just a huge anti-MS bigot.
Windows 7, SP0, is actually pretty darned good - especially compared to that steaming pile of mediocrity (Vista) they put out last time. It's faster, the UI is cleaner and more useful (most of the time), it's very compatible with a wide variety of hardware. Even hardware that Windows 7 cautioned me probably wouldn't work...works.
This is probably the first usable 64-bit Windows version for the desktop.
We have several clients who have, or who are in the process of, rolling it on on their desktops and in every case they're quite pleased with it and their staff is finding it to be a productive work environment.
That doesn't make sense to me either, honestly, but since we use TrueCrypt (even on machines where Bitlocker is available) I've never really cared much. I think TrueCrypt is more widely compatible anyhow.
If you've ever tried to use Bitlocker you'll notice it has some sneaky requirements about your hardware that even machines with the right OS version don't always meet. TrueCrypt is far more accepting (and totally OS agnostic), not to mention free.
Every now and then I'll bounce the FireFox app (close it, tell it to save and quit so it comes back up with the same tabs, restart it) and it generally comes back up using about 75% less memory than it was using when I closed it.
Though I can't point to any actual crashes that have resulted from it, seems like it would just be best practice for FireFox to be at least somewhat respectful of system memory (I do run other apps too ya know?) and try to keep itself tight when possible. If it were only 10% then I probably wouldn't care, but when I can open the same handful of tabs in 75% less memory...
Same reason I add shortcuts to get into the program settings to the toolbars of all the apps I have to support. The average user might go in there once or twice a year (if ever). I have to go in there several times a week to test or demonstrate something.
We create shortcuts to the places we need to go often. The average user doesn't go the same places the devs or support guys do, most likely.
I think you're misinterpreting the data a bit - the key difference is not public school vs. homeschool. The key difference is the dedicated parents who value education. It's the same reason why most private schools out-perform most public schools. Because homeschooled kids and private school kids have dedicated parents who care about education.
Public schools have to accept hordes of kids whose indifferent parents dump them there for free daycare. And those kids drag down the whole system.
I have no idea how this nonsense got modded as "funny." It's nothing but flamebait at best.
It is, at least, on-topic flamebait - seeing as how it nicely demonstrates an utter failure of our education system.
I think you're misunderstanding what VOIP is. It's just voice being carried in data packets.
His home VOIP fails in a power outage because the handset (and router) doesn't have power backup. If he uses uninterruptible power supplies on his home infrastructure then he'll still have VOIP when the power goes out (for as long as the backup power lasts).
The kind of infrastructure that backbone VOIP uses, and believe me many/most cell towers are ALREADY using VOIP for a backbone, has the kind of backup power support that would keep it up in the case of a power failure. If your phone company's POTS switch loses power it's going down too - and they know that so they have backup power solutions in place for that eventuality. Once the traffic is on the wire it's all pretty much the same stuff - wires, switches, routers. And an electrical infrastructure that includes redundancy.
You can even transmit power over Ethernet too, if you want to.
Our Devs have full admin rights....on the Virtual Machines they develop on. It's great, they create a base VM, store that drive file as a template, then do their development and testing. Anytime they want to, which turns out to be a couple of times a month usually, they delete that active VM and start over clean from the base. They can also run multiple identical VMs side-by-side if they need to.
Need to test against a different OS or a server? Create a VM for it and go. Doesn't matter if they trash it, it's just a VM.