Re: Physically shred tape after one use? [ email retention ]
- Allen S. Rout wrote I've got some sentiment on the UF campus that anything which could be retrieved by a data-recovery house should be deemed not deleted. This is making me wince at the thought of turning 3592 volumes into single-use disposables. So how do you-all do it, and how did you decide? W wrote Are you talking about discoverable meaning the legal term discovery, or as in snoopable, meaning somebody gets access to your media because it falls off a truck or they walk out the door with it? I read the question as asking (probably incorrectly) as whether a scratch tape be recovered, or a currently in use tape have it's unused portion recovered. We have had this conversation with our email folks here. I have explained that, YES, the previous data is sitting there past the defined deletion period. YES, it is possible to access it on a very expensive fishing expedition. So far, that has been acceptable. If this changes, I suppose I'll be reading up on TSM and/or 3592 encryption (something I know nothing about). Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: Physically shred tape after one use? [ email retention ]
On Fri, 8 Feb 2008 07:49:11 -0500, Richard Rhodes [EMAIL PROTECTED] said: Are you talking about discoverable meaning the legal term discovery, or as in snoopable, meaning somebody gets access to your media because it falls off a truck or they walk out the door with it? The former. :P We have had this conversation with our email folks here. I have explained that, YES, the previous data is sitting there past the defined deletion period. YES, it is possible to access it on a very expensive fishing expedition. I think the problem here is that many people, coming to this question fresh, try to set policy without understanding what we (backup admins) mean when we say things like This is expensive, vs. This is difficult vs. This is extremely difficult, and what-not. When I talk about special equipment and gobs of staff time (I don't think a stock 3592 will seek beyond logical EOT, will it?) I seem to get feedback that tastes of Oh, so it's possible, right?. Yeah, if you want to pay mumblety-thousand dollars to a recovery unit, you can get your bitstream back off the end of the tape (singular). Put another mumblety-thousand dollars in staff time in, and you can probably pick out email-looking stuff. Is this part of our policy response to discovery? Probably not. But when someone says to me This data must not be recoverable, even through extraordinary measures, I shudder, and prepare to repel boarding by the NSA. - Allen S. Rout - Why bother, they already know.
Re: Physically shred tape after one use? [ email retention ]
On Fri, 8 Feb 2008 14:11:47 -0500, Wanda Prather [EMAIL PROTECTED] said: For the onsite stuff, tell the people who want the stuff physically erased that they have to buy you enough SATA disk to store all their email backups, and set up a TSM file pool with Disk Shredding (that's what it's for). You know, that's a fine fine idea. Heck, I could do that both locally and remotely. It's cheaper than buying a chipper. - Allen S. Rout
Re: Physically shred tape after one use? [ email retention ]
On Thu, 7 Feb 2008 17:25:10 -0500, Richard Sims [EMAIL PROTECTED] said: Applicable state and federal laws largely determine the disposability of media, as previously explored in threads such as http://www.mail-archive.com/adsm-l@vm.marist.edu/msg74957.html If media is kept in a secured facility, then the issue is moot, as no unauthorized persons will gain access to the media. Under such circumstances there is no issue as to rewriting or data recoverability at any point. My apologies for the imprecision. The exposure threat against which this measure is contemplated is that of legal discovery. It is thought that, once the tape is reclaimed and comes out of pending state, if it is re-used for some host which writes relatively slowly, then data beyond the new end-of-tape marker might be subject to discovery. I am hoping to discourage this interpretation, emphatically. - Allen S. Rout
Re: Physically shred tape after one use? [ email retention ]
Take a look at the FATS/FATAR product from www.fdr.com. It has the capability of reading pass EOF on 3592 tapes. -Original Message- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Allen S. Rout Sent: Friday, February 08, 2008 10:25 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: Physically shred tape after one use? [ email retention ] On Fri, 8 Feb 2008 07:49:11 -0500, Richard Rhodes [EMAIL PROTECTED] said: Are you talking about discoverable meaning the legal term discovery, or as in snoopable, meaning somebody gets access to your media because it falls off a truck or they walk out the door with it? The former. :P We have had this conversation with our email folks here. I have explained that, YES, the previous data is sitting there past the defined deletion period. YES, it is possible to access it on a very expensive fishing expedition. I think the problem here is that many people, coming to this question fresh, try to set policy without understanding what we (backup admins) mean when we say things like This is expensive, vs. This is difficult vs. This is extremely difficult, and what-not. When I talk about special equipment and gobs of staff time (I don't think a stock 3592 will seek beyond logical EOT, will it?) I seem to get feedback that tastes of Oh, so it's possible, right?. Yeah, if you want to pay mumblety-thousand dollars to a recovery unit, you can get your bitstream back off the end of the tape (singular). Put another mumblety-thousand dollars in staff time in, and you can probably pick out email-looking stuff. Is this part of our policy response to discovery? Probably not. But when someone says to me This data must not be recoverable, even through extraordinary measures, I shudder, and prepare to repel boarding by the NSA. - Allen S. Rout - Why bother, they already know.
Re: Physically shred tape after one use? [ email retention ]
Should either 1) solve the problem or 2) make them go away, which will 3) solve the problem! On 2/8/08, Allen S. Rout [EMAIL PROTECTED] wrote: On Fri, 8 Feb 2008 14:11:47 -0500, Wanda Prather [EMAIL PROTECTED] said: For the onsite stuff, tell the people who want the stuff physically erased that they have to buy you enough SATA disk to store all their email backups, and set up a TSM file pool with Disk Shredding (that's what it's for). You know, that's a fine fine idea. Heck, I could do that both locally and remotely. It's cheaper than buying a chipper. - Allen S. Rout
Re: Physically shred tape after one use? [ email retention ]
Ack. I feel your pain. (Those are the same people who will argue with you that AES256 encryption just isn't secure enough.) But the L word (litigation) trumps everything, as far as I've been able to determine. Isn't there an ERASE command that works on the 359x hardware? You can't access it via TSM, but perhaps you could invoke it from AIX, creating a very tedious task for operators to use when tapes come back from the vault. (But that will only work if you PROMISE not to mention to them that the dead stuff still exists on tapes in between good stuff that hasn't expired, and you can retrieve that if you restore your TSM DB back 3 or 4 months whenever they need it) For the onsite stuff, tell the people who want the stuff physically erased that they have to buy you enough SATA disk to store all their email backups, and set up a TSM file pool with Disk Shredding (that's what it's for). W On 2/8/08, Allen S. Rout [EMAIL PROTECTED] wrote: On Fri, 8 Feb 2008 07:49:11 -0500, Richard Rhodes [EMAIL PROTECTED] said: Are you talking about discoverable meaning the legal term discovery, or as in snoopable, meaning somebody gets access to your media because it falls off a truck or they walk out the door with it? The former. :P We have had this conversation with our email folks here. I have explained that, YES, the previous data is sitting there past the defined deletion period. YES, it is possible to access it on a very expensive fishing expedition. I think the problem here is that many people, coming to this question fresh, try to set policy without understanding what we (backup admins) mean when we say things like This is expensive, vs. This is difficult vs. This is extremely difficult, and what-not. When I talk about special equipment and gobs of staff time (I don't think a stock 3592 will seek beyond logical EOT, will it?) I seem to get feedback that tastes of Oh, so it's possible, right?. Yeah, if you want to pay mumblety-thousand dollars to a recovery unit, you can get your bitstream back off the end of the tape (singular). Put another mumblety-thousand dollars in staff time in, and you can probably pick out email-looking stuff. Is this part of our policy response to discovery? Probably not. But when someone says to me This data must not be recoverable, even through extraordinary measures, I shudder, and prepare to repel boarding by the NSA. - Allen S. Rout - Why bother, they already know.
Physically shred tape after one use? [ email retention ]
When do you-all deem a file / message / whatever unrecoverable ? What legal standards do you bring to the process of deciding what's discoverable and what's not? I've got some sentiment on the UF campus that anything which could be retrieved by a data-recovery house should be deemed not deleted. This is making me wince at the thought of turning 3592 volumes into single-use disposables. So how do you-all do it, and how did you decide? - Allen S. Rout
Re: Physically shred tape after one use? [ email retention ]
Applicable state and federal laws largely determine the disposability of media, as previously explored in threads such as http://www.mail-archive.com/adsm-l@vm.marist.edu/msg74957.html If media is kept in a secured facility, then the issue is moot, as no unauthorized persons will gain access to the media. Under such circumstances there is no issue as to rewriting or data recoverability at any point. Richard Sims
Re: Physically shred tape after one use? [ email retention ]
I think just about every one of my customers is using somewhat different criteria to decide, depending on - what particular circumstance they are concerned about, - what laws apply to their industry, if any - who is involved in the discussion (tecchies or lawyers or compliance officers or people who don't understand the technology) - whether they are talking about provisions that will simply keep their names off CNN if a tape goes missing on the way to Iron Mountain, or - they want to cover absolutely any possible hypothetical data exposure, no matter how unlikely ( e.g. sombody makes an Ocean's 11 style raid on the secure tape room to grab the backup tapes even though it would be much easier to break in somewhere else and steal the live data off someone's unsecured laptop) Are you talking about discoverable meaning the legal term discovery, or as in snoopable, meaning somebody gets access to your media because it falls off a truck or they walk out the door with it? The latter case is handled easily (well, maybe not exactly easily, but at least straightforward-ly) by turning on encryption on your 3592's, for in-house as well as peripatetic tapes. W On 2/7/08, Richard Sims [EMAIL PROTECTED] wrote: Applicable state and federal laws largely determine the disposability of media, as previously explored in threads such as http://www.mail-archive.com/adsm-l@vm.marist.edu/msg74957.html If media is kept in a secured facility, then the issue is moot, as no unauthorized persons will gain access to the media. Under such circumstances there is no issue as to rewriting or data recoverability at any point. Richard Sims