Backups - Offsite solutions -Security Regulations

Fri Mar 30 23:57:10 MST 2007

  Bryan,

   There are companies that specialize in the service.  I don't have any
particular references for you, but if you are dealing with financial data,
there are some legal considerations with regard to privacy.  If your clients
security is breached you've got some major legal problems( whose problem it
is depends entirely on whatever agreements you have made ).  Secondly, if
you use a brand name, you can highlight your service provider as part of
their overall quality( unless you specialize in this service yourself, which
presumably you do not ).

   An important aspect to this area is that the real liabilities of
financial( and medical ) data storage( most importantly: credit cards ) has
been _drastically de-emphasized_ in recent years.  This is, in my
estimation, due entirely to the expansion of overseas service provider
market.  Managing these liabilities gets *very expensive* for operations
outside of the US[1], and major industry groups want to eliminate the
liabilities of the class of actors who rightly should be responsible.

  NASSCOM did make an ostensible effort to tighten data security in
India[2].  My interpretation of this is that it is primarily a PR move, and
that there is no way that India is taking the costly precautions necessary
in an already tight and possibly languishing services market, for doing so
would require a combination of both internal corporate security and national
legislation.  My prediction is that as soon as litigation in this sector is
seen as profitable by the general law community, things will get far more
expensive for everyone involved.

  This is just the first company that came up on google ads:
http://www.rsync.net/index.html

  Good luck in your project.

  Sincerely,

   Joshua Zeidner

[1] consider the amount of critical data that gets sent overseas to places
like India where there are virtually no privacy protection laws.  Who is
liable in this case?  Who is liable for trade secrets?  Critical company or
customer information?  It is a huge problem that overseas providers are
conveniently overlooking.

[2]
http://news.com.com/India+to+tighten+offshoring+data+security/2100-1011_3-6070186.html

On 3/30/07, Bryan O'Neal <BONeal at cornerstonehome.com> wrote:
>
>  I have a financial broker that needs offsite backups, but as a financial
> institution they have more sensitive information then I am used to dealing
> with out side the confines of the government and I am not sure what needs to
> be done (legal speaking) to protect the data.  I would like to slap some
> cheep server in a cheep colo with an encrypted drive and just pump automated
> backups over an ssh tunnel using rsync (Like I do for my companies backups)
> but I do not know if there are any specific security (Physical and
> encryption) rules that I need to meet.  Rite now my companies back up server
> rotates through the homes of the key players, but I don't think that is a
> good idea for a machine that holds non-public information.
>
>
>
> I know there are a few of you who work (or worked) for other, larger,
> financial institutions.  How did you handle offsite backups?
>
>
>
> It's late and been a long day so if this message does not make sense let
> me know ;)
>
>
>
> *Bryan O'Neal**
> Cornerstone Homes & Development, Inc.*
> 4220 E. McDowell Rd Ste. #108
> Mesa, AZ 85215
> (480) 505-1900
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
.0000. communication.
.0001. development.
.0010. strategy.
.0100. appeal.

JOSHUA M. ZEIDNER
IT Consultant

$wisdom{'mcluhan'} = "Publication is a self-invasion of privacy.";
( 602 ) 490 8006
jjzeidner at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070330/8710084a/attachment.htm 