12 February 2010

The Weakest Link

bdunbar | You only think your data is secure
rt @lmacvittie @cswolf The nature of "Cloud" suggests asset location is irrelevant. Except for control, management, integration, costs...

@bdunbar How secure is it, really?
Not less secure than an a racked server sitting in your server room.

I've been doing this IT thing for a few years. The number of actually secure data centers I have seen I could count on the fingers of one hand.

More common are servers racked in closets that might have a key lock. And which probably had the door propped open to keep the space cool. Spaces where you could pop a ceiling tile in the adjacent un-secure space and crawl into the same room with the machine. One place where a bored tech on the 3rd shift tunneled under the raised floor and right into another companies server room next door. [1]

If the data lives on equipment in the same building you might have a good guess as to how secure things are. Across the street .. not so much. If it's across town or across the country you have no idea, really.

Might as well shove it into the cloud if it will save some money.
Truer words, man. Truer words.

My OS professor told a story about a sysadmin who spent all sorts of time and money locking down his company's network. The works: strong passwords and the latest encryption algorithms and multi-modal, multi-layer, multi-everything whatnots.

But he would get up and leave his office to get a cup of coffee and leave the terminal on his desk running and his door wide open.

There was some punch-line I don't even remember about pulling a prank on this guy, but the moral of the story is that there's no point to bazillion-bit encryption if there's a terminal with root access just sitting there.

So... yeah that's a bit of an anti-climactic post, but I'm trying to get out of town and Dunbar's point deserves to be repeated often so...

1 comment:

  1. But he would get up and leave his office to get a cup of coffee and leave the terminal on his desk running and his door wide open.

    I'll bet it never occurred to him to use a machine that was rated for TEMPEST: that is with shielded video and keyboard cables, a CPU case that did not radiate ...

    ReplyDelete