Hello and welcome to SproutIT’s Blog.
Please use the menu tabs, above, to navigate – you will find information posted here that is relevant and useful to the LegalIT market, as well as white papers that address Specific LegalIT challenges, along with Sprout company updates.
You hear people talking about the importance of making backups all the time. Chances are that data is the life blood of your company – if your data goes down the pan, it could be curtains for your business.
And that’s why you want to have backups of your data.
But if the worse happens, and you lose your data, a backup isn’t going to be any help at all if you find you can’t restore from it, or if the backup is corrupted.
This truth is underlined quite delightfully in this video about how Pixar’s fantastic movie “Toy Story 2″ was nearly flushed down the toilet due to not checking that the backups were working properly.
For those who are interested, it appears that the backup software being used by Pixar at the time was failing to deal elegantly with a “full disk” situation, and thus hiding messages that the backup was falling over.
Lesson – CHECK YOUR BACKUPS!
Too Busy? – YOUR IT DEPT SHOULD BE DOING THIS FOR YOU!
How Often? – YOU SHOULD BE CHECKING BACKUPS REGULARLY (AT LEAST MONTHLY), NOT JUST WHEN YOU NEED TO RECOVER SOMETHING.
What Else? – TEST YOUR DISASTER RECOVERY AT LEAST ANNUALLY (Lexcel requirement) AND BUSINESS CONTINUITY PROCESSES AT LEAST EACH QUARTER
Need Help? – 08456 800 139 – Email Matt Torrens
If you have moved data to the Cloud or are planning to, be very, very particular with whom you contract.
The US Patriot Act has struck fear into European users but don’t forget that our authorities have powers too.
The USA Patriot Act probably ranks alongside Sarbanes-Oxley in terms of recognition and fear of US legislation outside the US. It is widely known that this is the means by which FBI can get access to confidential data and the reason that some UK businesses may be holding back from cloud adoption, preferring an on-premise solution. But are they right to fear the Patriot Act?
The EU data protection regime prevents the transfer of data outside the European Economic Area to a country with inadequate data protection laws or unless the recipient will provide the adequate protection. The European Commission keeps a list of safe countries. Canada and Switzerland are on this list and so is the EU-US negotiated self-regulated Safe Harbor. Most of the large US cloud providers have signed up to the Safe Harbor principles which allow them to transfer data from the EU to the US. The EU Commission is proposing to extend data protection in its proposed new data protection regulation by stating that it applies to EU data held outside the EU.
The USA Patriot Act was passed shortly after the atrocities of 11 September and served to revise and consolidate counter-terrorism laws. This includes sweeping surveillance and search powers without the need for court order. The American Civil Liberties Union has challenged the issue of “National Security Letters” which allows the FBI to collect information and to prevent anyone receiving a letter from publicising it. While they have had some success, the Act remains in force.
Impact outside the US
Keeping data in the EU is not enough. In June 2011, the managing director of Microsoft UK admitted that it would comply with the Patriot Act as its headquarters are based in the US. While it would try to inform its customers before this happens, it would not guarantee this. This means that if you do business with a UK subsidiary of a US-based cloud operator and you specify that English law applies and you choose a UK-based data centre operating under EU data protection laws, the FBI can still get access to your data. While this had already been suspected, this was the first clear affirmation and is true for any US-based cloud provider.
So what can you do?
The UK Information Commissioner has warned of the effect of the Patriot Act but has not really provided substantive guidance as to how to overcome it. Legitimate use of the US Patriot Act for anti-terrorism surveillance is likely to fall within an exemption under the existing and revised EU data protection regimes.
You can keep your data away from US organisations. This means checking your entire supplier chain to make sure that there is no US company involved in the chain and not even a back-up or failover in the US.
UK, EU and Swiss owned and based cloud service providers have used this as an opportunity to promote their cloud services based in EU or Switzerland-based data centres with no US involvement and therefore immunity from the Patriot Act.
There have been some high profile examples of this recently. The Norwegian data protection regulator has warned the public sector about use of Google Apps over fears of the Patriot Act and the Dutch government looks set to exclude US IT providers from government contracts. Also, BAE Systems revealed in December 2011 that it was all set to adopt Microsoft Office 365 but had abandoned it after its lawyers warned about the effects of the Patriot Act.
Of course, it is worth remembering that the US is not the only country with anti-terrorism legislation. For example, the UK has its Anti-terrorism, Crime and Security Act and the Regulation of Investigatory Powers Act. The Telegraph reported on the use of RIPA by councils to tackle dog fouling, the unauthorised sale of pizzas, the abuse of the blue badge scheme for disabled drivers and even to take sound recordings of noisy children.
Although this led to some tightening of these powers, the UK government still has broad powers to intercept communications and gain access to data including where it is protected by encryption or passwords. And don’t forget, the UK government shares intelligence with the US government.
Ultimately, the best way to keep data completely secure is to keep it on-premise solution. But you do have to ask yourself: is it really likely that the US or UK government will want to access your data for anti-terrorism reasons? In the case of some Solicitors and Chambers, the answer may well, of course, be YES.
________________________
First posted on cloupro.co.uk
Thanks to everyone who has sponsored Matt, so far. Just a bit further to go to hit that target!
Training is going well. Well, training is on-going, put it that way……..
If you haven’t donated yet, but want to, all the details are below – thank you very much in advance!
Apple’s had a rough time lately on the security front. Last month it was caught out having delayed the release of a security update for Java, resulting in more than 600,000 Macs being recruited into a botnet. Now a quality assurance mistake can cause OS X users’ FileVault encryption passwords to be exposed.
On Friday, David Emery posted to an encryption mailing list disclosing this flaw in the latest OS X Lion security update, 10.7.3, which was released in February.
It appears that a debug option was accidentally left enabled in FileVault, resulting in the user’s password being saved in plain text in a log file accessible outside of the encrypted area.
Congratulations to Matt Reeder (Senior Systems Analyst) who has completed his exam track to qualify as MCITP and Solutions Associate in Microsoft Windows Server 2008. This qualification required a good amount of dedication and an in-depth understanding of Windows infrastructure.
This qualification demonstrates Sprout’s commitment to the provision of outstanding technical resources to our clients.
Well done Matt – that’s a fantastic achievement!
We’re very pleased to welcome several new staff to the Sprout Family, as we continue on the path of sustainable growth. We have been careful to recruit in key areas that will allow us to continue to provide very high service levels, easily outstripping industry standards.
The demand for Sprout’s services continues to grow and so does our desire to remain ahead of the game. We’re dedicated to working as hard as possible for all of our clients, all of the time, and that’s the reason we’ve expanded the team.
If you have any comments or questions, please feel free to leave them on this blog, or to email Matt Torrens.
Good news! Richard Harris is back in the UK and rejoining the Sprout family on the 8th May.
For those of you who may not know, Richard first joined Sprout in 2009 before returning home to Australia in 2011 once his visa had expired. It didn’t take him long to realise how much he missed his Sprout life back in the UK (and how much better the cricket is over here) and so the protracted exercise of visa applications began.
You may recall there was uproar when the “Cookies Directive” was introduced last year. The Information Commissioner’s Office (ICO), however, took a relaxed view and allowed businesses one year’s grace to implement changes. The bad news is the grace period ends on 25 May 2012.
Continue reading
British legal history was made this week with the first televised sentencing in a criminal trial – in Scotland. While cameras are forbidden in most court proceedings in England and Wales under the 1925 Criminal Justice Act and the 1981 Contempt of Court Act, it the Queen’s Speech is expected to include proposed legislation for the wider recording and broadcasting of cases, starting with Court of Appeal hearings and extending to Crown Court trials.
While there are obvious concerns about necessary safeguards to protect witnesses and victims, as noted by Victim Support and the Director of Public Prosecutions, both Government and the judiciary are broadly in favour of more transparency and public awareness of proceedings.
As with Supreme Court hearings which have been broadcast since its inception in October 2009, it is unlikely that judges will become TV celebrities or that any prime time spots will be taken by the broadcasts but this still is an interesting development in open access and demystifying the legal process.
Source: TomiLaw