As I write this the Government is mopping up after a network breach...
The timing is funny but what prompted this blog post isn't so funny.
Over the last few months I've been doing battle...kind of...by email on behalf of a customer who was honest on a Government assessment they were compelled to do as a supplier to the Government.
This assessment required further queries from the department in question to clarify the secure nature of the backups being performed by this business.
It was clear that the Government department was just emailing out words and default templates rather than understanding what it was they required of their suppliers.
Numerous queries to them could not clarify what they did want, just that what was currently being done was not satisfactory.
After quite some toing and froing it ended (so far) with me phoning the department in question to find out just what they did want.
They wanted backup data to be stored on servers in Australia. This requirement alone proves how daft they are (I'll explain that later*).
I pointed out to them that the data, while being stored on US servers, was encrypted at the source to military grade standards... so it doesn't matter where it is, just so long as it is somewhere.
This wasn't good enough. The data had to be stored in Australia on a subset of platforms that were of a scale much greater than required by this business. So I needed to find a third party backup service that used the resources prescribed by the department.
All alone they'd been talking to us over a huge gap - the third party backup provider.
I pressed the department further to supply the name of a compliant backup system in Australia. They could not supply this because "we know some people are doing it, we just don't know with what". <Sarcasm> fantastic. Thanks for your help </sarcasm>
So I started tracking down backup solutions that used Australian servers and, as you can imagine, there are quite a few doing a better job than the department requires - just not storing the data on Australian soil. (FFS).
Anyway, eventually I found one that did comply at a reasonable, albeit not cheap, price - https://www.ausdrive.net.au/
By the way, this is why you should opt-out of the new My Health record scheme. It sounds nice in theory but it is being run by politicians and public servants. As such it is doomed and destined for catastrophe. You don't want to be in it when it goes down.
* So why is the "Data on Australian soil" requirement proof of stupidity?
Because, it is common and good practice for global companies to backup their data across multiple sites across the world.
I have been told that the government is in fact aware that this Australia-soil requirement IS being subverted on a regular basis by hosts quite rightly backing up their data "off-site"...and when your "site" is a country, off-site is another country!
Their little heads have exploded and they don't know what to do.
Meanwhile, everyday, well meaning, hardworking honest people are spending money on ignorant IT policies for no good reason.
"Brought to you by the same people who gave us the NBN" <ahem>.
Try not to go postal ;-)