September 2, 2015 at 4:42 am
I have a rather odd problem that is not strictly about the technicalities of SQL Server. However, there are a lot of people here with admin-type experience - I hope someone can suggest a course of action.
I am the developer/DBA for the paleontological department of a museum. I have written a database system using SQL Server as the engine and Access as the front end, with various reports and such served by auxiliary programming in Excel, Word, VBScript, PowerShell, scheduled tasks and the like. It all works reasonably well, and users are understanding about the occasional glitch, since I am always at hand, and can usually not only fix problems quickly, but can develop new things for them as needed, often immediately.
My problem is that they are completely dependent on me, and I have unlimited access to everything. And I do mean literally everything. I am a one-man show, and I have developed not only the database, but all backup procedures. Regular backup copies of the database are made and distributed over various NAS and SAN units around the network, some in the building, some in other buildings, and I even occasionally make manual copies that I park on various Internet servers, like DropBox. However, if I got the wind up, I could destroy EVERY copy of the database, dumping years of work by the department into the sewer. It's not so much a problem of my account being hacked and someone thereby gaining access to things – they are scattered in enough different places and under enough different access methods that even someone hacking me is unlikely to find them all. It's more that nobody else knows where to find things if something happens to me. And it's not good in any case for an organization to be so dependent on one person.
How do I convince the department head that, although their trust in me is flattering, it's not a good way to have things arranged? And secondly, are there decent methods that I, personally can set up that will allow creation and reading of backups, but make them tamper-proof and destruction-proof?
September 2, 2015 at 4:49 am
I think the important thing is that backups are made to a specified location, and then backed up to tape as soon as possible. Your network admins would then have responsibility for the physical well-being of the backups and hence not everything would depend on you. I don't think there's anything you can set up yourself that you yourself would not be able to destroy - that's why you need to involve the network admins. And finally, in case anything does happen to you, make sure all processes are documented.
John
September 2, 2015 at 7:53 am
John Mitchell-245523 (9/2/2015)
I think the important thing is that backups are made to a specified location, and then backed up to tape as soon as possible. Your network admins would then have responsibility for the physical well-being of the backups and hence not everything would depend on you. I don't think there's anything you can set up yourself that you yourself would not be able to destroy - that's why you need to involve the network admins. And finally, in case anything does happen to you, make sure all processes are documented.John
The institution's tape backups are unfortunately a mostly theoretical concept. There is a tape machine, but there is no regular use of it in place, and IT is always kind of vague about what they plan to do with it. Actually one of the principal reasons for my position - the hopelessness of dealing with the museum's IT department.
I've considered trying to enlist the services of an online backup company, with two-factor authentication required for access to backup copies, but reception for the idea has been lukewarm at best. Since -I- am trying to put forward the idea that they shouldn't completely trust -ME-, it's a pretty hard sell. Best I've been able to do so far is the multiple copies on various physically separated disks and otherwise just hope for the best.
September 2, 2015 at 8:12 am
Goodness! If the IT department isn't fulfilling one of its most important roles by taking backups, then that needs escalating to the very top, doesn't it?
John
September 2, 2015 at 8:38 am
John Mitchell-245523 (9/2/2015)
Goodness! If the IT department isn't fulfilling one of its most important roles by taking backups, then that needs escalating to the very top, doesn't it?John
Backups are only one of the many roles IT is not fulfilling. However, I have zero influence in the matter, and those who do have influence have no interest. I'm simply trying to do the best I can for the department that provides my beer money, in an overall situation that is pathetic at best, and criminally negligent at worst.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply