acoustix writes: We see advertising everywhere for secure, encrypted storage in the cloud. How do we really know that these providers are really encrypting the data? How can it be proven that I'm the only person who can decode and view the data? With all of the stories about the NSA and random website security breaches I would like to know if it is possible to prove that a hosting provider is truly secure with only having access using their clients and web interfaces.
acoustix writes: I've been tasked by my company to find a way to protect company data from rogue users. We keep firewall and web usage logs and we have the capability to archive emails. However, there is one feature that HR is requesting that seems like it would be difficult to implement. The company wants to be able to basically freeze or take a snapshot of all data that a user has access to at any given time. This seems like a huge task to me because some of our users have access to hundreds of gigabytes of data including databases and office files on windows shares.
We do have a virtual environment where taking a snapshot of data is possible, but applying the snapshot to review the data would be destructive to the data that has been created/modified since the snapshot. Is there software available that would track user access and changes?
acoustix writes: I am a member of a loosely organized group of IT professionals in my city and I’m a full-time network administrator by trade. Recently I have been active in doing volunteer consulting for a community organization. This organization wants to move their website from the current hosting/maintenance provider to a new hosting company and use my group of IT pros as the web developers. I’m fine with this aspect as we plan to redesign the website and use Drupal. During these discussions the scope increased to include a unified website for the community organizations as well as the city website. I know that the work can be done, however there will need to be contracts signed by the IT group. This contact will include service level agreements and other basic clauses. The contract will obviously protect the community organizations, but what about my IT group? The organization is planning on donating money to the IT group to be used for training. How can we protect ourselves? One thought is to make my volunteer status conditional on the basis that I continue to have a full time job that allows me to do this volunteer work. Obviously if I were to lose my job I couldn’t afford to do volunteer work. Another thought is that this website is not used to make a profit at my expense, and if it does then I will need to be reimbursed for my contributions. I will also want an exit strategy from this project after the objectives have been met. What should we do to make sure that we’re not taken advantage of? What would you do?
acoustix writes: "Friday, July 25th, 2008, is the 9th annual System Administrator Appreciation Day. On this special international day, give your System Administrator something that shows that you truly appreciate their hard work and dedication." May all of your projects come in under budget and finish early.