[Info-vax] OpenVMS x64 Atom project

[Stephen Hoffman]

On 2021-06-05 19:36:35 +0000, Jeffrey H. Coffield said:

> At several (not all) sites the backups are automatically restored every 
> day to a test/backup system which is used for development.

Protecting against accidental and incidental corruption is often 
familiar ground.

Protecting against malevolent action can require shifting thinking 
about risks and vulnerabilities.

In the case I referenced, the data was all valid, but the fields for 
different record entries were shuffled.

That backup restoration and particularly that re-use of production data 
for testing is also impossible for an increasing number of apps and an 
increasing number of sites, as synthetic data is required by local 
policy, or by local privacy requirements, or by regulatory requirements.

For those of you that can re-use your production data for testing 
purposes, I'd ask whether you've considered whether and when you should 
do that, and under what circumstances, and what is done to protect that 
data.

Having multiple copies of sensitive data available for an attackers can 
be convenient for the attackers, of course. Why pop production, if you 
can export the data from a testing server. Particularly one with fewer 
restrictions than production.

As I mentioned up-thread, if you've not looked at your whole 
environment and its data security and recovery, maybe review what y'all 
are doing now, how, and why. And at whether that makes sense, and 
whether there are newer or different exposures now.


-- 
Pure Personal Opinion | HoffmanLabs LLC