User Tag List

First 12345 Last

Results 21 to 30 of 54

  1. #21
    meh Salomé's Avatar
    Join Date
    Sep 2008
    MBTI
    INTP
    Enneagram
    5w4 sx/sp
    Posts
    10,540

    Default

    Quote Originally Posted by Grayscale View Post
    this isn't a bad thing whatsoever... it was inevitable.

    virtualization is the natural progression of technology, that's undeniable, and this is the logical next step for Microsoft in order to keep up with virtual application powerhouses like Google.

    think about it... 15 years ago, the user experience was about 90% local and 10% internet, we have gone far past the point of 50/50 and now the majority of a user's time is spent virtually. considering microsoft built themselves on the local user experience, this is a no brainer.

    i really do not think anyone who is not a professional in this field should comment, because if you knew anything you would know this is far more secure. there are not people who manually sift through customer data, that would be too cumbersome, and there are security policies that prevent any one person from accessing and exploiting sensitive data like people have suggested.

    microsoft has the money and the expert knowledge to store information safely, unlike a typical PC user, even at the last level of security (physical access). also, considering the current state of the virtual user experience as well as the trend that will continue to carry is further in that direction, it is much safer from a wide-area network standpoint to have customer data stay within a contained private network, separate from the internet by firewalls, with only the information needed to run the client app being sent over the internet (encrypted as it might be)
    :
    You are a fool.

    There is no security policy that can stop people fucking with your data.

    That is all.

  2. #22
    Senior Member Grayscale's Avatar
    Join Date
    Dec 2007
    MBTI
    istp
    Posts
    1,962

    Default

    Quote Originally Posted by bluemonday View Post
    You are a fool.

    There is no security policy that can stop people fucking with your data.

    That is all.
    nothing is entirely secure, yes, but what you're saying is nothing new... when was the last time you saw sensitive being exploited internally? there is just too many eyes on it for someone to get away with. and frankly, with your information mixed in with a sea of other customer data, what makes you think anyone gives enough of a shit to steal your information? a lot of your most sensitive data is already in a database, ie financial and identity related information. you think they havent already considered this possibility? a need-to-know requirement is a basic element of every IT security policy i have seen, and there is very rarely a need for any employee to directly access customer data.

    if microsoft didnt do this they would be left in the dust... they are already way behind google in the virtual market.

    Quote Originally Posted by bluemonday View Post
    We have pretty good legislation, but in practice every other week some idiotic civil servant sends unencrypted personal/confidential data through the mail on a dvd - then has a fit when it somehow goes missing.
    this is confidential company data, the stuff employees interact with on a day-to-day basis, not customer data. taking customer data out in such a insecure fashion would be a huge no-no, either their policy or their enforcement of it is worthless. the government would have puppies if something like that happened, just look at how strict the guidelines are for companies that hold common sensitive customer data like credit cards (https://www.pcisecuritystandards.org/)

    think about it, when you have thousands to millions of customers, you are never going to directly work with their data, just the infrastructure that does. that's the network, servers, and application code. in fact, the only people who ever really look at something customer-specific is CS, and even then it's usually things like account and payment records, why would they need to look at your files?

  3. #23
    meh Salomé's Avatar
    Join Date
    Sep 2008
    MBTI
    INTP
    Enneagram
    5w4 sx/sp
    Posts
    10,540

    Default

    Quote Originally Posted by Grayscale View Post
    nothing is entirely secure, yes, but what you're saying is nothing new... when was the last time you saw sensitive being exploited internally?
    about six months ago, as it happens
    Quote Originally Posted by Grayscale View Post
    there is just too many eyes on it for someone to get away with. and frankly, with your information mixed in with a sea of other customer data, what makes you think anyone gives enough of a shit to steal your information? a lot of your most sensitive data is already in a database, ie financial and identity related information. you think they havent already considered this possibility? a need-to-know requirement is a basic element of every IT security policy i have seen, and there is very rarely a need for any employee to directly access customer data.
    I'm talking about databases, what the hell are you talking about?
    And that is bullshit. Have you heard of identity theft? Have you heard about the backlash against offshoring to India because of the massive security holes/corruption?
    Quote Originally Posted by Grayscale View Post
    if microsoft didnt do this they would be left in the dust... they are already way behind google in the virtual market.
    And I care about Microsoft's market position why, exactly?
    Quote Originally Posted by Grayscale View Post
    this is confidential company data, the stuff employees interact with on a day-to-day basis, not customer data. taking customer data out in such a insecure fashion would be a huge no-no, either their policy or their enforcement of it is worthless.
    Worthless, yes, frequently. It happens.
    Of course employees access customer data, why they hell would you gather/store data if you weren't going to access it for operational purposes?!?
    Quote Originally Posted by Grayscale View Post
    think about it, when you have thousands to millions of customers, you are never going to directly work with their data, just the infrastructure that does. that's the network, servers, and application code. in fact, the only people who ever really look at something customer-specific is CS, and even then it's usually things like account and payment records.
    You don't know what you are talking about, so stop talking.

  4. #24
    Senior Member NoahFence's Avatar
    Join Date
    Jun 2007
    MBTI
    INTP
    Posts
    288

    Default

    I am the network admin here. I control those security policies you speak of, I implement them. I never look at my company's data. But could I, if they pissed me off to the point of going postal?



    Seriously. Any network security officer worth his/her salt could turn your business into the virtual version of a smoking hole in the ground if they turned coat and betrayed you. The question of who watches the watchers is paramount to me.

    We currently have five distinct layers of security, various manufacturers and services. No way am I ever recommending we put our eggs in one basket like this, particularly when we have no idea whose hands are actually holding that basket.
    "I do not feel obliged to believe that the same God who has endowed us with sense, reason, and intellect has intended us to forgo their use." - Galileo

  5. #25
    meh Salomé's Avatar
    Join Date
    Sep 2008
    MBTI
    INTP
    Enneagram
    5w4 sx/sp
    Posts
    10,540

    Default

    Quote Originally Posted by NoahFence View Post
    I am the network admin here. I control those security policies you speak of, I implement them. I never look at my company's data. But could I, if they pissed me off to the point of going postal?



    Seriously. Any network security officer worth his/her salt could turn your business into the virtual version of a smoking hole in the ground if they turned coat and betrayed you. The question of who watches the watchers is paramount to me.

    We currently have five distinct layers of security, various manufacturers and services. No way am I ever recommending we put our eggs in one basket like this, particularly when we have no idea whose hands are actually holding that basket.
    Precisely.
    Thank you.
    Even with DR sites, it's too big a target.

  6. #26
    Senior Membrane spirilis's Avatar
    Join Date
    Jul 2007
    MBTI
    InTP
    Enneagram
    9w1 sp
    Socionics
    INTj Ni
    Posts
    2,652

    Default

    lol@ Noah
    The visual made it 10x better
    intp | type 9w1 sp/sx/so

  7. #27
    Senior Membrane spirilis's Avatar
    Join Date
    Jul 2007
    MBTI
    InTP
    Enneagram
    9w1 sp
    Socionics
    INTj Ni
    Posts
    2,652

    Default

    Yeah cloud computing is a tad sketchy at best when talking about business operations. I can see a lot of companies falling for it, though. Especially when these cloud computing services tout legal mandates behind their security compliance; CIOs fall for that shit plenty.

    What makes far more sense, IMO, is clustered computing in-house. Cue the $$$$$ though...
    intp | type 9w1 sp/sx/so

  8. #28
    Senior Member Grayscale's Avatar
    Join Date
    Dec 2007
    MBTI
    istp
    Posts
    1,962

    Default

    this?

    TJX consumer data theft largest in history

    information was stolen in transit, ie when transitioning between customer client and the secure portion of the company's network.

    Quote Originally Posted by bluemonday View Post
    Of course employees access customer data, why they hell would you gather/store data if you weren't going to access it for operational purposes?!?

    You don't know what you are talking about, so stop talking.
    servers and applications access customer data, it would be logistically impossible for any decent sized enterprise to process customer data by hand.

    i currently work as an enterprise network architect, i work with things like this on a daily basis... you are?

    Quote Originally Posted by NoahFence View Post
    I am the network admin here. I control those security policies you speak of, I implement them. I never look at my company's data. But could I, if they pissed me off to the point of going postal?

    Seriously. Any network security officer worth his/her salt could turn your business into the virtual version of a smoking hole in the ground if they turned coat and betrayed you. The question of who watches the watchers is paramount to me.

    We currently have five distinct layers of security, various manufacturers and services. No way am I ever recommending we put our eggs in one basket like this, particularly when we have no idea whose hands are actually holding that basket.
    how big of a company? please explain how GPO management for IT, your own employees and how they access your network and resources is at all the same as accessing sensitive customer databases. for any decent sized companies, you handle this data through queries, not by hand, and most certainly not by IT network admins.

    edit: by security policy (singular), i dont mean GPOs, I mean the rules and regulations in place to dictate technology and the employees who work with it in regards to security. it is something that is managed by the CIO and a board, with input from an array of experts.

    the closest ive ever heard of when it comes to employees looking at actual customer data is a friend of mine who is a database programmer at a company who parsed provided records for legal litigation. they would run custom queries on a case-by-case basis, but even then they were working with way too much information to care to look at specific files.

    the closest analogy i can think of what is being suggested here is if an automobile factory worker got up on the assembly line and started to grab parts off of cars... yeah, someone could probably try and do it, but perhaps you can understand why i raise my eyebrow when people start screaming about employees stealing their data.


  9. #29
    meh Salomé's Avatar
    Join Date
    Sep 2008
    MBTI
    INTP
    Enneagram
    5w4 sx/sp
    Posts
    10,540

    Default

    Quote Originally Posted by spirilis View Post
    Yeah cloud computing is a tad sketchy at best when talking about business operations. I can see a lot of companies falling for it, though. Especially when these cloud computing services tout legal mandates behind their security compliance; CIOs fall for that shit plenty.

    What makes far more sense, IMO, is clustered computing in-house. Cue the $$$$$ though...
    Not necessarily. Clusters are the way to go. Scaleabillty. Linux platforms are affordable.
    Quote Originally Posted by Grayscale View Post
    information was stolen in transit, ie when transitioning between customer client and the secure portion of the company's network.
    Yes. That happens too.

    Quote Originally Posted by Grayscale View Post
    servers and applications access customer data, it would be logistically impossible for any decent sized enterprise to process customer data by hand.
    Who's talking about by hand?

    Quote Originally Posted by Grayscale View Post
    i currently work as an enterprise network architect, i work with things like this on a daily basis... you are?
    I run my own company. I employ people like you. (Well, not exactly like you).

    Quote Originally Posted by Grayscale View Post
    how big of a company? please explain how GPO management for IT, your own employees and how they access your network and resources is at all the same as accessing sensitive customer databases. for any decent sized companies, you handle this data through queries, not by hand, and most certainly not by IT network admins.
    we're talking about security in a public forum and you really expect me to do this?

    Quote Originally Posted by Grayscale View Post
    the closest ive ever heard of when it comes to employees looking at actual customer data is a friend of mine who is a database programmer at a company who parsed provided records for legal litigation. they would run custom queries on a case-by-case basis, but even then they were working with way too much information to care to look at specific files.
    See Business Intelligence. (Or any intelligence....)

    Quote Originally Posted by Grayscale View Post
    the closest analogy i can think of what is being suggested here is if an automobile factory worker got up on the assembly line and started to grab parts off of cars... yeah, someone could probably try and do it, but perhaps you can understand why i raise my eyebrow when people start screaming about employees stealing their data.
    Yeah. Because you don't know what you are talking about.

  10. #30
    Senior Member Grayscale's Avatar
    Join Date
    Dec 2007
    MBTI
    istp
    Posts
    1,962

    Default

    i am somewhat in disbelief that an INTP's argument is coming down to "youre wrong!"

    if you had a technical understanding of how any of this works, you'd be able to tell me how one would go about exploiting this. who, and how, specifically. as someone who does, i can tell you that the shift from local to virtualized processes would reduce security threat from a technical standpoint, and would not pose any additional security threat from employees or any of the like.


    please tell me how the sensitive data that will need to be stored virtually is different than any other sensitive data that is already stored by companies. please tell me how moving the process from the user's local machine to an online server cluster would create an additional gap in security. please tell me how the current user experience could ever compare (from a security standpoint) from a single, controlled, encrypted virtual session. hell, give me any reasoning for what youre saying, because myself and many commensurate in large enterprises, as well as vendor experts, see this as a good idea.

Similar Threads

  1. [NT] Defining Moments in the making of an NT.
    By ladypinkington in forum The NT Rationale (ENTP, INTP, ENTJ, INTJ)
    Replies: 136
    Last Post: 07-15-2012, 06:42 PM
  2. UFO's in the sky!!
    By Prototype in forum Politics, History, and Current Events
    Replies: 9
    Last Post: 10-14-2010, 03:51 PM
  3. Am I in the right place?
    By cosmicdancer in forum Welcomes and Introductions
    Replies: 21
    Last Post: 05-14-2009, 02:36 AM
  4. [NF] Defining Moments in the life of an NF
    By SolitaryWalker in forum The NF Idyllic (ENFP, INFP, ENFJ, INFJ)
    Replies: 20
    Last Post: 05-01-2009, 10:27 PM
  5. Laughing at television more when others are in the room
    By digesthisickness in forum The Bonfire
    Replies: 30
    Last Post: 07-21-2007, 10:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO