Closed Bug 813780 Opened 12 years ago Closed 11 years ago

Use of IronMountain services for offsite tapes relocation

Categories

(Privacy Graveyard :: Vendor Review, task)

Product:
Privacy Graveyard
Component:
Vendor Review
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dumitru, Assigned: smartin)

Details

(Whiteboard: privacy review completed - resolved - project team to make final decision based on feedback) 

I've been asked by Liz to file a Privacy:Vendor review bug for the use described in the subject.
Iron Mountain is on the Safe Harbor list.

Let me know what other information is needed.
Thanks!
It looks like there is a meeting scheduled this afternoon to review?  I will be on the road, but can call in via cell if there is a dial-in available.
Whiteboard: under privacy review
I'll reschedule this for tomorrow then, if that's OK with everybody.
I sent the new invite - tomorrow at noon.
Stacy's notes from our meeting:

Plan to use Iron Mountain for offsite tapes relocation.  Tapes are backup tapes used for Zimbra.  applications, databases, bugzilla, pretty much anything we'd want to get back in case of a disaster. 

Two data centers - Phoenix, sitting in our space, in Santa Clara stored in MV server room.  This is the offsite location.  Don't have an office in Phoenix - so only use Iron Mountain there. 

Are the tapes encrypted?  No.  Only encrypt certificates (CRTs).

Denelle has read it and is not happy with their subpoena policy or legal risk of data accessible to someone else.  If we can encrypt them and keep the key somewhere that isn't next to the tapes, that would mitigate that concern.  Or if we could ask them to change their subpoena policy.  We are a small dollar value client.

Encrypting will increase the cost - pay for license per client.  Only one tape.  Have lots of old tapes that can't be encrypted.  Could copy them.

Plan to update process to backup to the alternate data center - sits in secure cages in each - but not until Q3.

Other options?  Safety deposit box?  What is the physical volume?  Tom could lift them - 100-150 tapes.  We recycle tapes once every six months.  20 new tapes every six months.  A shoebox or less.

Iron Mountain is not attack secure - someone could walk in and access our tapes.

In Phoenix, we have a locked space where we transfer the tapes.  So right now, it's automatic.  Our technicians unloaded the tapes (Mozilla employees) and moved them to the storage location in the same data center.  Iron Mountain - a Mozilla employee or contractor would walk in and pick up the box of stuff, drive it to Iron Mountain, and put it in their storage space?  No, Iron Mountain would pick up.  Are there other providers?  Yes.  We have a pretty hard blocker around Iron Mountain.  Liked Iron Mountain because of the security - Safe Harbor certified, banks use them.  Understand that the concerns are valid.  Encrypting for 9 months is not worth the effort (don't have the time for it), but if it slips beyond that, then may need to revisit in Q2.

Mozilla signed a contract with them 2 years ago, but never used it.  Now Iron Mountain has new terms.
IT will have an update after we'll review other options internally.
Thanks!
Stacy - There seem to be 2 bugs for this privacy review. See Bug 814034. Is the Privacy team's perspective that Iron Mountain is unacceptable?
I think Denelle will get back to us by the end of the week.  It does look like we have duplicate bugs on this.
Hi Denelle,
Got any updates, per https://bugzilla.mozilla.org/show_bug.cgi?id=814034#c12 ?
Thanks!
Flags: needinfo?(denelle)
Hi Dumitru 

The language in the Iron Mountain agreement is not what we would like to see, but they aren't willing to change it.  As I said (maybe in another bug, maybe in an email), I think the chances of the subpoena clause being implicated is pretty low given the data and given who we are.  I think it is a good issue for us to focus on as we search for vendors, but we shouldn't hold this one up.  So legal is not holding this up. 

denelle
Flags: needinfo?(denelle)
Thanks!
Let us know what's the next step, then.
Stacy - Given Denelle's OK re the subpoena policy, what is Privacy's recommendation?
Hi Liz - I chatted with Tom about this briefly and it sounds like data encryption is still the open issue.
I talked to Tom about this today and wanted to record our privacy feedback, prior to closing out our review as completed.  

From a privacy perspective, storing user data (backup tapes) in an unencrypted format in a remote storage location is not a best practice, even if the facility is secure.  This is because encryption is available, although more time consuming.  One of our key privacy initiatives this year is focused on data cleanup, and this practice is likely to fall in that area.

Although privacy is not a blocker and the final decision is yours, we would encourage you to take the privacy feedback into careful consideration. 

Here is a link to our newly documented privacy review process https://wiki.mozilla.org/Privacy/Reviews.  These concerns would fall under the feedback section.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: under privacy review → privacy review completed - resolved - project team to make final decision based on feedback
You need to log in before you can comment on or make changes to this bug.