April 28, 2016 at 8:26 am
Iwas Bornready (4/28/2016)
I can't imagine having all backups online to be tampered with, even put under ransomware. If backups are kept current, why is ransomware even a problem?
EXACTLY!
April 28, 2016 at 8:37 am
Hi Steve. Interesting concept. However, I really don't think it would be possible to remove ALL traces of the data unless you were to do something equally sci-fi like buy an em pulse generator and wipe all traces that way. Of course, this would wipe out all data. With many organizations I've worked at the phrase "data is everywhere" is quite apropos. Data gets copied, transformed and placed in all sorts of places. And with the cloud, removing the data would be even more difficult.
Thanks for all you do.
April 28, 2016 at 8:59 am
If all the organization's databases and backups are encrypted, then a far more realistic scenario (although still improbable) is that an insider figures out a way to somehow copy and then delete the certificates. So the data still exists everywhere in it's original intact form, but now the ransomer has essentially denied everyone else access to the data without having touched the data directly himself.
It would be kind of like a theif changing the combination remotely on an unpenetrable bank vault, and then holding the contents for ransom, rather than showing up at the bank in person to steal the contents. Maybe the ransomer works in the IT department at the company that manufactors the bank vaults. Or more to the point, maybe the ransomer works in the IT department at a cloud data provider and is in control of the keys.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 28, 2016 at 9:31 am
The key bit for me: "If the information was of any age, it would be stored in multiple locations on different media, some of which would be offline. " Exactly how backups at my place of employment work. They are tape-based. Removing a specific file or record from a back-up tape is effectively impossible, because back-up systems are not designed to do that and organisations do not possess applications which can, even though it would be possible to write one.
However, we-re-use the media according to a schedule, so back-ups are eventually over-written with later ones, and the date that this will happen for a particular back-up is predictable.
April 28, 2016 at 10:02 am
I think the right to be forgotten is about the right not to have the information republished. No one is suggesting the source of the data is being removed in the articles I've read about what Google is being asked to do. Similar to the difference between storing an mp3 and distributing it.
The interesting thing about the web is that some sites use archive.org as their backup. It isn't an awful solution, but it is interesting to note that you would also have to find shared data and somehow control it.
It is an unenviable task.
412-977-3526 call/text
April 28, 2016 at 8:05 pm
So, what was the book that you were reading?
April 29, 2016 at 2:53 am
I suppose that a company would be compliant if the restore process included a step to remove data that was decreed necessary.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 29, 2016 at 5:56 am
Hehe no, such deletions are not possible in the companies I've worked.
Backups are still done to tapes, I believe it's one of the more reliable methods still.
Then they are stored, often in secure warehouses in different locations, often in old sold out military installations in mountains.
There are usually many errors in novels, movies etc when it comes to tech.
What however can bother me more is when a writer or director does not even know the difference of theory and hypothesis. "It's only a theory" - gravity is a theory.
April 29, 2016 at 7:40 am
IceDread (4/29/2016)
...What however can bother me more is when a writer or directory does not even know the difference...
They might be bothered if people don't know the difference between a director and a directory :hehe:
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 29, 2016 at 8:30 am
Gary Varga (4/29/2016)
IceDread (4/29/2016)
...What however can bother me more is when a writer or directory does not even know the difference...They might be bothered if people don't know the difference between a director and a directory :hehe:
Indeed ^^, pardon my Swenglish auto spelling corrector 🙂
April 29, 2016 at 10:15 am
IceDread (4/29/2016)
Gary Varga (4/29/2016)
IceDread (4/29/2016)
...What however can bother me more is when a writer or directory does not even know the difference...They might be bothered if people don't know the difference between a director and a directory :hehe:
Indeed ^^, pardon my Swenglish auto spelling corrector 🙂
You are right, of course. It was just too good an opportunity to miss. 😀
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 29, 2016 at 10:41 am
Iwas Bornready (4/28/2016)
David.Poole (4/28/2016)
The ability to remove an individual's records is a legal requirement in the UK. It is intended for data that is inaccurate or false.We also have the European Court of Human Rights ruling on the right to be forgotten.
Wow, how is this even possible? One would think you would have to restore the backup, remove the data, and then back it up again, hoping nothing else happened to the data during that time.
That was my thought. Separate systems, restore each backup tape, delete data, make a new backup, destroy old one. Crazy.
April 29, 2016 at 10:44 am
ian.miller 9263 (4/28/2016)
Hi Steve. Interesting concept. However, I really don't think it would be possible to remove ALL traces of the data unless you were to do something equally sci-fi like buy an em pulse generator and wipe all traces that way. Of course, this would wipe out all data. With many organizations I've worked at the phrase "data is everywhere" is quite apropos. Data gets copied, transformed and placed in all sorts of places. And with the cloud, removing the data would be even more difficult.Thanks for all you do.
Except I know some people that work with all data online, including backups, which are versioned copies on a live disk. Not disconnected on tape.
I think in those cases, it is possible. I can't imagine this working across years, but some people have had these systems in place. I wonder if they've ever tried a restore from > 6 months ago.
April 29, 2016 at 10:46 am
Steve Jones - SSC Editor (4/29/2016)
Iwas Bornready (4/28/2016)
David.Poole (4/28/2016)
The ability to remove an individual's records is a legal requirement in the UK. It is intended for data that is inaccurate or false.We also have the European Court of Human Rights ruling on the right to be forgotten.
Wow, how is this even possible? One would think you would have to restore the backup, remove the data, and then back it up again, hoping nothing else happened to the data during that time.
That was my thought. Separate systems, restore each backup tape, delete data, make a new backup, destroy old one. Crazy.
That is why I reckon the following:
Gary Varga (4/29/2016)
I suppose that a company would be compliant if the restore process included a step to remove data that was decreed necessary.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 29, 2016 at 10:47 am
Marcia J (4/28/2016)
So, what was the book that you were reading?
Survivor: http://www.amazon.com/gp/product/B00UDCI7RI/ref=dp-kindle-redirect?ie=UTF8&btkr=1
Viewing 15 posts - 16 through 30 (of 32 total)
You must be logged in to reply to this topic. Login to reply