[LINK] No more human sysadmins??
Jan Whitaker
jwhit at melbpc.org.au
Mon Aug 12 14:17:52 AEST 2013
At 01:16 PM 12/08/2013, Johann Kruse wrote:
>Defence-in-depth means that an “adminâ€
>cannot get to a physical disk (they don’t have
>access to physical facilities), and the guys who
>rack & stack hardware could not get any useful
>information from the disk (data is
>encrypted). EOL hardware is physically
>destroyed onsite (e.g. disks shredded) and there
>are checks and logs to ensure that actually
>happens, so they couldn’t even get the disk
>out of the datacentre in the first place.
Great in theory and what I think 'normal' common
sense people would have assumed was already
happening in highly sensitive operations, like
national security agencies, no? So what went
wrong? If this is best practice, understood, and
already going on in major large organisations
now, why are data breaches at some of the most
sophisticated companies on the planet who sell
this stuff continuing to happen? Not just
Snowden, who did have top clearances (more a
governance accountability breach than a security
breach perhaps), but Apple, Sony, NHS (UK) etc etc?
http://www.gizmodo.com.au/2013/07/the-worlds-biggest-data-breaches-visualised/
Great map.
Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com
Our truest response to the irrationality of the
world is to paint or sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer
_ __________________ _
More information about the Link
mailing list