undefined | Better HN

0 pointsajross7y ago0 comments

> If you're not sure what it is, you offline it

I've literally never worked at nor heard of an employer that tried this. You have a case study example? You seriously think IT departments are in the business of finding an archiving the contents of every random PC on the network?

0 comments

2 comments · 1 top-level

Canada7y ago· 1 in thread

No, of course I don't believe IT departments do that. It's management's responsibility to make sure someone is responsible for the data on every random PC on the network. Management is responsible for putting systems in place to manage risk effectively. Random PC users need to be compelled to comply by policy and enforcement because otherwise they usually don't have the knowledge or incentive to do what must be done.

People working in development or operations on the other hand, should instinctively know and do what must be done with their own data. And reddit didn't do that. Management failed and even worse the technical leadership inside the company was directly responsible.

Remember this next time you're working at a place with a poor management of data and a culture of indifference. Do something about it, sound the alarm instead of sitting on your hands waiting for the inevitable leak.

ajrossOP7y ago

So... who exactly does this again? You seem to be "solving" this problem by turning it into a simplified academic exercise. Real security happens in real companies with real people.

j / k navigate · click thread line to collapse