Shachar
You see - that as soon as we start talking about money, the risk assessment
discussion gets more serious.
1. Google Apps Premium is $50/user/year ( higher volume/more demanding
service levels).
Google Apps Standard is free - we use it for our community involvement
sites like www.jpbigband.org
The Google security and privacy policy is same in both cases.
2. Ask Gaby Askenazi about privacy in the MOD
You're a pro. Most of our clients don't have the foggiest idea what's
happening inside their network.
3. Use a 10kg hammer.
We have clients that insist on physical destruction of the data disk after a
network surveillance.
d
On Tue, Aug 18, 2009 at 4:21 PM, Shachar Shemesh <shac...@shemesh.biz>wrote:
> Danny Lieberman wrote:
>
> Shachar, Geoff
>
>
> b) the threat probability of one of our operations getting a US court
> injunction is so low that I don't even bother with security countermeasures.
> OTOH - the threat of dos/web defacing/site downtime/poor response time is
> high enough that we considered and eventually deployed outsourced services
> for messaging and hosting. We use slicehost, rackspace.com and Google
> Apps. Dev servers are inhouse.
>
> Your threat level rises significantly when you use free services. If you
> are going to be using Google's services for your business, my recommendation
> is that you find a route in which you pay them for it. The logic is that by
> paying them, you are creating accountability of them to you. Many of the
> privacy concerns diminish significantly as a result.
>
> I'll add that, specifically with Google, the amount of concentrated
> cross-referencable personal info is what bothers me the most.
>
> >>> Apropos - My personal estimate is that the probability of a privacy
> breach is higher in the Israeli Ministry of Defense than in GooglePlex.
>
> Not when my own servers are involved. At least not without my knowledge.
>
>
> d) We deploy security countermeasures to protect assets:
> 0) We don't use Google docs, Never.
>
> So you are, essentially, saying that you agree with me to a degree, but
> don't go quite as far.
>
> 3) we physically destroy hard disks (it's fun...)
>
> That I'm curios about. What do you specifically do to destroy the hard
> disk?
>
> The way I see it, either you believe that "recover seven generations" is
> not possible (like some do), in which case just do "dd if=/dev/urandom
> of=/dev/sdb" followed by "dd if=/dev/zero of=/dev/sdb" (or just settle for
> the later), or you believe that it is possible, in which case the only
> solution I know of is melting the drive's plates. Personally, I don't have
> any way to do the later, so I just do the former and hope that my attackers
> don't have the $100K+ it allegedly requires to recover the data.
>
> Shachar
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.http://www.lingnu.com
>
>
--
Danny Lieberman
-------------------------------------------------------------------------------------------------
Protect your data: http://www.software.co.il
Twitter: http://twitter.com/onlyjazz
Skype: dannyl50
Warsaw:+48-79-609-5964
Israel: +972 8 9701485
Mobile: +972 - 54 447 1114
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
