On 14 Feb 2019, at 19:31, Grant Taylor <gtay...@tnetconsulting.net> wrote: > > If VFE had backups stored off-site via something like Amazon Glacier with no > normal in-band connectivity between the main systems and the backups, and the > hacker went out of their way to delete the backups, I don't think I could > hold /that/ against VFE.
I believe that when you hold customer data you have an obligation to have backups that cannot be deterred by accessing your systems. There are many possible ways to do this, from a rsync process on another machine that your network has no write access to that is able to login and do a backup, all the way up to services like backblaze or Arq that will (or can) keep differential backups for you. If your keys and passwords are so poorly guarded that someone can get access to everything everywhere and destroy all the data then you did something wrong. -- How soon after the USPS issues the Calvin stamp will you send a letter with one on the envelope? Watterson: Immediately. I'm going to get in my horse and buggy and snail-mail a check for my newspaper subscription.
