SEC isn't going to tell you about physical secure/data access protection. Since you are working financials, you probably fall somewhere under Sarbanes Oxley, only a Auditor will be able to ascertain where you might be in or out of compliance, but I would definitely say the physical security plan for you data is lacking, and when you don't have physical control of your servers anymore, then they aren't your servers, and if they aren't your servers then the data on them isn't yours anymore and if you are managing investments, for high Net, Worth individuals, I think those individuals probably, if they knew wouldn't be too happy that there personal information or even systems that its being transacted on by a 3rd party company is not being held in a secure responsible manner definitely could lead you into some hot water. I would definitely, start to CYA on this front, before it might bite you in the butt.
Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Sharie Breaux [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 8:09 AM To: NT System Admin Issues Subject: RE: Need opinion on Blade Servers I agree with your totally, but they have never in the 15 years I have work at this company had a locked room for the servers. They are in my cubicle now, but before that they were in the common work area where the copier, printer etc. We are independent advisors that manage investments for high net work individuals along with some corporate plans. The assets, though, are held at a custodian like Schwab or Fidelity. We just went through an SEC audit, but luckily nothing was said about the fact that the servers were in my cubicle. ________________________________ From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 7:58 AM To: NT System Admin Issues Subject: RE: Need opinion on Blade Servers Right now, from what you describe, I don't see any value benefit with the Blade Technology, since you aren't going to load the Blade to capacity or at least ½ capacity, you aren't really getting a return on investment ( Blades can be quiet expensive also) If your server system is adequate for 20 people, then, spending more money with the blade and the time to migrate probably isn't going to be the best move. I would definitely have you re-think your plan about putting the servers in your cubicle. What happens if someone wants to lift your server from your unsecured cubicle and now your data and server are in the hands of an unauthorized party and you are SOL. Your server should be in a temperature controlled locked room with adequate physical controls, and limited access. I hope you all aren't under Sarbanes or PCI compliance at your company, I fear you might be heading down a bad road with this if you get audited. Just my 2 cents, Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Sharie Breaux [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 7:45 AM To: NT System Admin Issues Subject: Need opinion on Blade Servers Our company is in the process of dividing the business into two. Two principals are staying at the current location and the other two are moving to a new location. It is my job to purchase the server for the two that are moving (of which I am going with them as well). We have four servers now: Primary (which is the one I am replacing now), SQL (of which I will replace in early 2009), Exchange & a Backup server. One of the principals is pushing blade servers. He feels there is a smaller footprint, more room for growth for the future, you only need one UPS and there is less power consumption. There is only going to be 8 people at the new company with room to expand to 4 more. The current Primary server is more than adequate for the 20 people that are at the company now. There is no temperature controlled server room. There is an "IT closet" where the wiring will be (Phone & Data) which is basically only 8' wide x 30" deep with louvered doors in the common supply room. He suggested putting the servers in the closet sideways of which I am against and said no. I will be putting them in my cubicle with me as it makes it easier to manage them. Since I do not know that much about blade servers, I need all of your opinions. Sharie Breaux Systems Administrator [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
