Backups - Offsite solutions -Security Regulations

Bryan O'Neal BONeal at cornerstonehome.com
Sat Mar 31 01:57:59 MST 2007 

As always Hans, you're a life saver!~  I will contact him tomorrow and see what we can work out... 

And by cheep server, I mean slower, older, less expensive since it takes one periodic encrypted stream instead of 50+ people all trying to attach to one or more of 20 or more different apps. Cheep colo to means some who offers a low bandwidth option, not necessarily an insecure, shoddy, or suspiciously low priced establishment...  Part of my whole emphasize what maters and do not over engineer philosophy....  My backup server cost about $2K while the servers it serves cost closer to $20K...

I remember my static's professors favorite pop quiz was "given the following structure (usually a bridge of some design) find and remove all non essential members and calculate the cost savings based on the following formula..."  Man, I loved engineering...  Up until deformable solids and numerical methods that is... But that is way off topic, I should probably go to sleep soon...

-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of der.hans
Sent: Saturday, March 31, 2007 1:35 AM
To: Main PLUG discussion list
Subject: Re: Backups - Offsite solutions -Security Regulations

Am 30. Mar, 2007 schwätzte Bryan O'Neal so:

moin moin Bryan,

> I have a financial broker that needs offsite backups, but as a 
> financial institution they have more sensitive information then I am 
> used to dealing with out side the confines of the government and I am 
> not sure what needs to be done (legal speaking) to protect the data.  
> I would

Contact George Toft, www.GeorgeToft.com. He does some consulting in this area. He also recently gave a presentation on compliance at LOPSA's Sysadmin Days.

> like to slap some cheep server in a cheep colo with an encrypted drive

Cheap server and cheap colo don't make me think secure.

> and just pump automated backups over an ssh tunnel using rsync (Like I 
> do for my companies backups) but I do not know if there are any 
> specific security (Physical and encryption) rules that I need to meet.  
> Rite now my companies back up server rotates through the homes of the 
> key players, but I don't think that is a good idea for a machine that 
> holds non-public information.

If you're storing credit card info the credit card corps have requirements as well as what the government requires. Also, in December some new requirements went into effect for .az.us. George covered that in his LOPSA presentation.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  "Science is like sex: sometimes something useful comes out, but #  that is not the reason we are doing it." -- Richard Feynman

More information about the PLUG-discuss mailing list