Comments on: University of Miami: Good for the body, bad for the soul? http://emergentchaos.com/archives/2008/04/university-of-miami-good-for-the-body-bad-for-the-soul.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Chris http://emergentchaos.com/archives/2008/04/university-of-miami-good-for-the-body-bad-for-the-soul.html/comment-page-1#comment-4575 Chris Sun, 27 Apr 2008 14:11:14 +0000 http://emergentchaos.com/?p=2737#comment-4575 @bliv: Same here. A few points, though - You don't need to have a maintenance window to do backups. That might be an easy way to do things, but it isn't a hard and fast requirement. TSM is not a shell script with IBM's label stuck on it. It must have support for multiple tape silos, etc. operating simultaneously. If they are running out of time, they can very likely increase throughput by doing operations in parallel. Most importantly, this has to be a question of priorities. In my view, for data like this, shuttled on tape outside the organization's perimeter, encryption is as close to mandatory as you can get. If they have an aversion to encryption, there are ways of making that off-site copy that wouldn't require it. However, remote copying terabytes over leased lines is probably more expensive than adding tape capacity. There may be some organizations that handle confidential data on a small scale for which the need to encrypt would present a challenge. However, we require businesses of all sizes to do certain things, even if cutting some corners would be no big deal for some of them, and adhering to the rules is a true hardship in some cases. Health and safety regulations for restaurants come to mind. @bliv:
Same here.
A few points, though -
You don’t need to have a maintenance window to do backups. That might be an easy way to do things, but it isn’t a hard and fast requirement.
TSM is not a shell script with IBM’s label stuck on it. It must have support for multiple tape silos, etc. operating simultaneously. If they are running out of time, they can very likely increase throughput by doing operations in parallel.
Most importantly, this has to be a question of priorities. In my view, for data like this, shuttled on tape outside the organization’s perimeter, encryption is as close to mandatory as you can get. If they have an aversion to encryption, there are ways of making that off-site copy that wouldn’t require it. However, remote copying terabytes over leased lines is probably more expensive than adding tape capacity.
There may be some organizations that handle confidential data on a small scale for which the need to encrypt would present a challenge. However, we require businesses of all sizes to do certain things, even if cutting some corners would be no big deal for some of them, and adhering to the rules is a true hardship in some cases. Health and safety regulations for restaurants come to mind.

]]> By: Chris http://emergentchaos.com/archives/2008/04/university-of-miami-good-for-the-body-bad-for-the-soul.html/comment-page-1#comment-4574 Chris Sun, 27 Apr 2008 12:23:30 +0000 http://emergentchaos.com/?p=2737#comment-4574 @bliv: Same here. A few points, though - You don't need to have a maintenance window to do backups. That might be an easy way to do things, but it isn't a hard and fast requirement. TSM is not a shell script with IBM's label stuck on it. It must have support for multiple tape silos, etc. operating simultaneously. If they are running out of time, they can very likely increase throughput by doing operations in parallel. Most importantly, this has to be a question of priorities. In my view, for data like this, shuttled on tape outside the organization's perimeter, encryption is as close to mandatory as you can get. If they have an aversion to encryption, there are ways of making that off-site copy that wouldn't require it. However, remote copying terabytes over leased lines is probably more expensive than adding tape capacity. There may be some organizations that handle confidential data on a small scale for which the need to encrypt would present a challenge. However, we require businesses of all sizes to do certain things, even if cutting some corners would be no big deal for some of them, and adhering to the rules is a true hardship in some cases. Health and safety regulations for restaurants come to mind. @bliv:
Same here.
A few points, though -
You don’t need to have a maintenance window to do backups. That might be an easy way to do things, but it isn’t a hard and fast requirement.
TSM is not a shell script with IBM’s label stuck on it. It must have support for multiple tape silos, etc. operating simultaneously. If they are running out of time, they can very likely increase throughput by doing operations in parallel.
Most importantly, this has to be a question of priorities. In my view, for data like this, shuttled on tape outside the organization’s perimeter, encryption is as close to mandatory as you can get. If they have an aversion to encryption, there are ways of making that off-site copy that wouldn’t require it. However, remote copying terabytes over leased lines is probably more expensive than adding tape capacity.
There may be some organizations that handle confidential data on a small scale for which the need to encrypt would present a challenge. However, we require businesses of all sizes to do certain things, even if cutting some corners would be no big deal for some of them, and adhering to the rules is a true hardship in some cases. Health and safety regulations for restaurants come to mind.

]]> By: Blivious http://emergentchaos.com/archives/2008/04/university-of-miami-good-for-the-body-bad-for-the-soul.html/comment-page-1#comment-4573 Blivious Sat, 26 Apr 2008 21:11:01 +0000 http://emergentchaos.com/?p=2737#comment-4573 Can't speak to this incident, but I know of at least one real-world trial where enabling encryption on the nightly tape run extended the time required to write tape *well* beyond the maintenance window. Just sayin' Can’t speak to this incident, but I know of at least one real-world trial where enabling encryption on the nightly tape run extended the time required to write tape *well* beyond the maintenance window. Just sayin’

]]> By: Chris http://emergentchaos.com/archives/2008/04/university-of-miami-good-for-the-body-bad-for-the-soul.html/comment-page-1#comment-4572 Chris Sat, 26 Apr 2008 18:42:33 +0000 http://emergentchaos.com/?p=2737#comment-4572 On the TSM point, since these tapes were being sent off-site for DR purposes, how do we know that 'the database' wasn't in the backup set as well? We don't quite know the extent of the numbers game here, since 2 million "records" doesn't necessarily mean "2 million patients' data". It almost certainly means more than 47K, since 5000 unique patients per year for an entire University health system strikes me as on the low side. Indeed, according to the University's <a href="http://www.med.miami.edu/communications/facts_and_figures.asp" rel="nofollow">Facts and Figures</a>: <blockquote> The Anne Bates Leach Eye Hospital annually serves 160,000 outpatients of ophthalmology and other specialties, </blockquote> This is just for eye stuff. Somebody should simply ask the University how many patients' records were on the tapes. Just to be fair, they should also ask about how many of those patients are known by the University to have died. The number of patients who, as far as the University knows, are living is a reasonable number to try to notify. On the TSM point, since these tapes were being sent off-site for DR purposes, how do we know that ‘the database’ wasn’t in the backup set as well?
We don’t quite know the extent of the numbers game here, since 2 million “records” doesn’t necessarily mean “2 million patients’ data”. It almost certainly means more than 47K, since 5000 unique patients per year for an entire University health system strikes me as on the low side. Indeed, according to the University’s Facts and Figures:

The Anne Bates Leach Eye Hospital annually serves 160,000 outpatients of ophthalmology and other specialties,

This is just for eye stuff.
Somebody should simply ask the University how many patients’ records were on the tapes. Just to be fair, they should also ask about how many of those patients are known by the University to have died. The number of patients who, as far as the University knows, are living is a reasonable number to try to notify.

]]>