Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Home Office Data Loss

Blogg

LE
Well now. That's......difficult...


especially as it now seems number is closer to 400,000.

Oddly enough:

 

crow_bag

War Hero
Well now. That's......difficult...


especially as it now seems number is closer to 400,000.

Oddly enough:

Renewing the contract with AWS doesn't mean anything, they just provide the platform/infrastructure the home office is responsible for managing their systems and data etc.
 

Blogg

LE
Renewing the contract with AWS doesn't mean anything, they just provide the platform/infrastructure the home office is responsible for managing their systems and data etc.
True.

This is the key bit. Allegedly

"Meanwhile, the Police ICT Company, is helping police forces across the UK transform their IT infrastructure from on-premise data centres to cloud-based ones running on AWS."

Not starting from a good place foes not help either

 
"Meanwhile, the Police ICT Company, is helping police forces across the UK transform their IT infrastructure from on-premise data centres to cloud-based ones running on AWS."
In a similar sort of thing, but in reverse, we moved our Office back to on-premises. O365 is a pain in the dick, I can only imagine the biblical cake-and-arse party that's possible with CJ stuff in the cloud.
 

Blogg

LE
In a similar sort of thing, but in reverse, we moved our Office back to on-premises. O365 is a pain in the dick, I can only imagine the biblical cake-and-arse party that's possible with CJ stuff in the cloud.

On-prem. v Cloud. It's not difficult.

But how many times do bean counters and "management" types have to be told: highly sensitive data you need to be secure and fully available? On Prem. with robust data protection and solid backup. Costs but that is how you manage the very high risks associated.

Bulk data you don't really need to worry about that much? Cloud. Cheaper and easier. There is a reason for that.
 
There does seem to be some managers who think shift everything to the cloud, also shifts all the responsibilities of data protection with it

I wonder if they didn't take backups because they thought it's in the cloud, we don't need to
 
On-prem. v Cloud. It's not difficult.

But how many times do bean counters and "management" types have to be told: highly sensitive data you need to be secure and fully available? On Prem. with robust data protection and solid backup. Costs but that is how you manage the very high risks associated.

Bulk data you don't really need to worry about that much? Cloud. Cheaper and easier. There is a reason for that.

To be fair to our bean-counters, when I told them my thoughts on the potential issues, they basically said "OK, you know best, and since it's you that would have to deal with the clusterf**k in the event of problems, do what you gotta do."

Users were instantly impressed when printing a document (or simply opening MS Word) no longer took forever.

I didn't even have to work out how to bring us back on-premises (sometimes called "re-shoring"): Microsoft have an excellent white paper on the process.
 

theoriginalphantom

MIA
Book Reviewer
Maybe my DBS will.come back clear from now..

Err. I mean, we host some of our clients data, and manage their back-ups for them.
Those who host on their own servers have to do their own.
We do backups once daily, so there is the potential to lose 24 Hours worth.
Every once in a while we get a self hosted customer who hasn't been backing up data, and somehow that's our fault
 
Is all this data GDPR compliant?
<select all, delete>
Yes, we’re compliant.
See also: PCIDSS Compliance Declarations. NO BUGGER understands it at first. Doesn't affect my job, but my mate owns a chain of Motor Factors. He had to get his solicitors to decipher the things he was being asked.

Ultimately, it's not that complicated, but the way in which the questions were posed was just wibble. Small retailers are supposed to be able to answer this stuff. This was about 3 years ago, and maybe it's better now, but what a headache.
 

crow_bag

War Hero
True.

This is the key bit. Allegedly

"Meanwhile, the Police ICT Company, is helping police forces across the UK transform their IT infrastructure from on-premise data centres to cloud-based ones running on AWS."

Not starting from a good place foes not help either

I only skim read it, but that article makes it sound as though the problems are inadequately secured devices and administrative errors etc.

Those are the sort of things that can happen regardless of where your data is stored.

I wonder whether the sharp increase could also be down to people working remotely as well.
 
See also: PCIDSS Compliance Declarations. NO BUGGER understands it at first. Doesn't affect my job, but my mate owns a chain of Motor Factors. He had to get his solicitors to decipher the things he was being asked.

Ultimately, it's not that complicated, but the way in which the questions were posed was just wibble. Small retailers are supposed to be able to answer this stuff. This was about 3 years ago, and maybe it's better now, but what a headache.
If he asked his solicitors about PCIDSS something has gone seriously wrong... unless they are moonlighting as QSAs.
 
I’d loved to have been in the room when some poor sod of a Civil Servant walked into Priti’s office and said “Er, may I have a word?”
 
Is all this data GDPR compliant?
<select all, delete>
Yes, we’re compliant.

But how are going to be able to prove what data you deleted to show compliance with GDPR?
 
Renewing the contract with AWS doesn't mean anything, they just provide the platform/infrastructure the home office is responsible for managing their systems and data etc.

Is it still Atos managing services for HO? If so then I guess they are responsible and HO accountable. Either way Service Management will have suffered extreme stress levels since the event and along with Change Management and Release Management anxiously checking that procedure and process was followed.

In my experience with HO, (and other Government functions) IT spend had been pared to the bone. Kit was well past it's sell-by date (some even out of vendor support) and assets sweated well past due refresh dates, but HO Management signed off on associated risks so there you go, perhaps they had their fingers crossed behind their backs when they did so.

It was another reason for jumping ship from this world, and being Resilience Management lead I was last in the queue for resource but first in the queue for inquisition had anything gone wrong, and it would have gone wrong in the event as all senior management were ever interested in were tests that ticked the objective boxes and looking for audit/compliance/governance rather than being interested in ensuring a good response for an actual event.

There were honourable exceptions of course but to few and too far between.
 
Do we know if this is PND or PNC? I've seen both mentioned in different reports (by the same company FFS), and very few journalists seem to realise they're two very separate things (at least for now until NLEDs arrives.. how's that going BTW.. what's that, should have been in service two years ago?)
 

Latest Threads

Top