Hacker News new | ask | show | jobs
by duxup 1367 days ago
I used to visit the data centers of some very large financial institutions.

The SoP at those places was that hard drives from the data center NEVER left the building except through a device that destroyed them…. Their security guards were really into checking for them and etc.

It was a pretty common rule across those banks and etc at that time, and that was quite a while ago.
3 comments
LinuxBender 1367 days ago
Same. We had a "keep your disk" policy with both HP and Dell. Newer managers and directors hated it because they saw the price-tag and did not understand the incredible value it brought to the sales team when discussing security and privacy. We gained significant confidence from large prospects and customers when they learned we physically shredded disks and logged each serial number. This was in addition to the customer data being encrypted at-rest.
link
hangonhn 1367 days ago
Same. When I used to work at a hedge the standard procedure was to zero them out first. Then retain the hard drives in a closet. Then someone could come periodically to physically destroy them.
link
toomuchtodo 1367 days ago
How was the process governed so that drives actually were wiped before going out the door? That’s really the challenge, the humans managing the kit are the weakest link. I do like the comment about drives only able to depart the premises through a shredder.
link
hangonhn 1367 days ago
I think it was just governed by some IT policy which was basically, "no bare hard drives leaves the IT room".

The people who literally shredded the hard drives would give us the literal bits back.

It's kind of nutty but information is the life blood of hedge funds.

link
cm2187 1367 days ago
At the same time I heard several stories of people copying the files onto their desktop hard drives and leaving the building with them when lehman went bust.
link
duxup 1367 days ago
I didn't see any indication that the hard drives from the data center policy had anything to do with drone's laptops coming and going.

To be clear in one building there were a few thousand people working. When I visited myself and maybe a dozen or two dozen other people in the building had access to the data center. Cameras everywhere, appointment verification, IDs, man traps and all.

I'd visit and go up to the doors and passers by would stop to watch "he's going inside..."

Whatever a random drone was doing with their laptop, that's a whole other issue / policy.

It was even more fun at military sites. NOTHING non essential ever left. You, your ID (they held it), your clothing, glasses... that was all that came out, your laptop and any spare parts were left behind every time. If you went to the very special sites... you also made sure nothing was in your car that you didn't want to lose.

link
landemva 1367 days ago
I personally rolled a few servers out of the Pentagon. We had a paper letter to take them to our office. Other than my personal concern about it, that was that.
link
duxup 1366 days ago
Oddly enough we didn't have anything at the Pentagon. Most of our equipment was owned by contractors who had them at military sites that were very much ... not someplace people could visit, not bases where families lived, etc.
link
cm2187 1367 days ago
In theory those desktop drives should also have been encrypted.
link