These days, I'm devoting some time to visiting a number of nonprofit agencies that advocate for immigrants, learning about their technology needs and checking out their current infrastructures.
In most cases, the agencies have an alert accidental techie rather than a full-time CTO in charge of the network server. These are dedicated and plucky folks. When we get to a discussion of back-up strategies, it often goes like this:
Accidental Techie: As you can see, we have a tape drive. We do an incremental back-up every weekday, and a full back-up once a week.
Cyber-Yenta: That's great. Where do you store the latest full back-up?
AT: Well, I think it's important to take it off-site, in case there's a disaster. So I take it home with me on Fridays and stick it in a drawer. On Mondays I bring the previous week's full back-up to the office.
CY: Uh oh.
Cyber-Yenta: That's great. Where do you store the latest full back-up?
AT: Well, I think it's important to take it off-site, in case there's a disaster. So I take it home with me on Fridays and stick it in a drawer. On Mondays I bring the previous week's full back-up to the office.
CY: Uh oh.
Is it just me, or is this a nightmare waiting to happen?
Here are a few worst case scenarios:
Thieves break into the Accidental Techie's house, and steal the tape. They use information from the case management files to engage in identity theft, or to harass vulnerable individuals about their HIV or immigration status. The agency suffers a major loss of reputation, the well-being of clients is jeopardized, and AT's home is not covered by the agency's insurance, thus making AT personally liable. An organizational nightmare ensues.
The nonprofit agency's management and the Accidental Techie have a falling out. Management decides to accuse AT of taking the agency's intellectual property off-site without proper authorization, as a pretext for termination. Litigiously-minded board members take sides. An organizational nightmare ensues.
On the way home one Friday afternoon, both the Accidental Techie and the back-up tape perish in a previously unthinkable accident. Panic sets in as the management realizes that AT was the only person who knew the password of the file server and that the most recent daily back-ups were unsuccessful. In addition to losing several days worth of irreplaceable data, the agency has also lost administrative access to its system and all institutional memory of how the system was configured. An organizational nightmare ensues.
Some of these scenarios are really, really unlikely. However, I would feel a lot better if the agency allocated some money to pay a bonded and insured company to make a weekly pick-up of the tape. Those tapes should be signed in and out, and then stored in a proper vault. In some cases, a highly professional remote back-up service can be a good alternative.The nonprofit agency's management and the Accidental Techie have a falling out. Management decides to accuse AT of taking the agency's intellectual property off-site without proper authorization, as a pretext for termination. Litigiously-minded board members take sides. An organizational nightmare ensues.
On the way home one Friday afternoon, both the Accidental Techie and the back-up tape perish in a previously unthinkable accident. Panic sets in as the management realizes that AT was the only person who knew the password of the file server and that the most recent daily back-ups were unsuccessful. In addition to losing several days worth of irreplaceable data, the agency has also lost administrative access to its system and all institutional memory of how the system was configured. An organizational nightmare ensues.
Perhaps it hasn't happened to your agency yet, and maybe it never will. But in my heart of hearts, I always assume that "yet" stands for "YOU'RE ELIGIBLE, TOO."
