|
Before I started working at this place we were buying the best salespeople some 3rd gen i7 laptops. I'm like hey let's get 4th gen i5 laptops from now on, you'll save $800 each laptop and have a better screen and the performance should be about identical, and the CFO was thrilled. Naturally I get them in today and the sales manager is like "Why can't we get 4th Gen i7? My people NEED them! We should get the best money can buy!" We run Office365, Webex, and Salesforce. That's it. He's flipping his poo poo right now and trying to track down the CFO.
|
#
?
Nov 5, 2014 17:34
|
|
|
|
| # ? Apr 25, 2024 01:28 |
|
|
Phone calls is the only way I would give or accept a reference. Is a 5-10 minute phone call really that big of a deal when you are trying to help a friend/former coworker out? Or when trying to hire a good person (hopefully they stay for more than 5 minutes).
|
|
#
?
Nov 5, 2014 17:35
|
|
|
Eh, It depends, I'd want to see the survey and if it's anything like the ones that most tech companies give out I'm going to blast through it and put 10/10 on every radio button. I find some of the questions incredibly nitpicky when I've been used a reference and the process shouldn't last more than 5-minutes for your standard System Administrator. Of course senior, director and c-levels are a different story. As a follow-up question, how do you know my references legitimate? A lot of my past supervisors and peers have gotten new positions or retired. How does this work?
|
|
#
?
Nov 5, 2014 17:48
|
|
|
Zero VGS posted:Before I started working at this place we were buying the best salespeople some 3rd gen i7 laptops. I'm like hey let's get 4th gen i5 laptops from now on, you'll save $800 each laptop and have a better screen and the performance should be about identical, and the CFO was thrilled.
|
|
#
?
Nov 5, 2014 17:58
|
|
|
I agree with what everyone is saying because that's my stance. However, in trying to be a team player, I'm trying to see the other side too. Points I've been asked to consider: The questionnaire is far less personal (in fact it's anonymous) than the phone call, so in some respects you might get a more honest answer. It's way easier for both me and for the reference, and will actually get done. (yes, I fail to call references on a regular basis, it's so time consuming!) I can always reach out and call the reference if I need to follow up. The big one, apparently, is that this new process generates a report that I can then use myself or pass on to my client. Graphs, metrics, you name it! Sigh, my manager and I were almost yelling at each other this morning over this.
|
|
#
?
Nov 5, 2014 18:06
|
|
|
Tab8715 posted:
It does look at IP addresses, just in case the candidate tries to fill out his own surveys. That's not infallible security of course, but it's something.
|
|
#
?
Nov 5, 2014 18:11
|
|
|
Zero VGS posted:Before I started working at this place we were buying the best salespeople some 3rd gen i7 laptops. I'm like hey let's get 4th gen i5 laptops from now on, you'll save $800 each laptop and have a better screen and the performance should be about identical, and the CFO was thrilled. The clincher is what they are running. I was stunned that Datawatch, a data visualization company, gives their sales people a measly US$1000 budget and they end up buying slow really large door stops For visualization it should be nothing less than the best "retina display" thing you can buy, surely you want everything to look wonderful and fast?
|
|
#
?
Nov 5, 2014 18:12
|
|
|
BigPaddy posted:The guy is a bit paranoid and is convinced that the C level guys will upload stuff that should never leave our own machines like say drafts of annual profit reports which did end up on Box in an open to all employees folder. This sounds a lot more like a training issue with the C-levels and their inability to maintain data security more than an issue with Box, it would exist with any file sharing service. Box does a pretty good job with their at-rest encryption of what you upload. The procedure to actually decrypt your files is well documented and structured. If your stuff gets out, it's because you did something wrong or took an explicit action that allowed it to happen.
|
|
#
?
Nov 5, 2014 18:14
|
|
|
Zero VGS posted:Before I started working at this place we were buying the best salespeople some 3rd gen i7 laptops. I'm like hey let's get 4th gen i5 laptops from now on, you'll save $800 each laptop and have a better screen and the performance should be about identical, and the CFO was thrilled. I wish I could magically transform every i7 in my company to an i5, and in exchange transform the 500 GB HD into a 100 GB SSD.
|
|
#
?
Nov 5, 2014 18:22
|
|
|
Zero VGS posted:Before I started working at this place we were buying the best salespeople some 3rd gen i7 laptops. I'm like hey let's get 4th gen i5 laptops from now on, you'll save $800 each laptop and have a better screen and the performance should be about identical, and the CFO was thrilled. IT'S ONE MORE GEN!!!
|
|
#
?
Nov 5, 2014 18:37
|
|
|
AlternateAccount posted:This sounds a lot more like a training issue with the C-levels and their inability to maintain data security more than an issue with Box, it would exist with any file sharing service. Security conscious companies generally have a problem with any cloud based file sharing service, not just Box. They want to keep company data on company owned equipment and limiting the ability to automatically push that data out to a cloud sharing service is one easy restriction that helps meet that goal. Internally hosted Box/Dropbox alternatives are gaining popularity for that reason.
|
|
#
?
Nov 5, 2014 18:56
|
|
|
That's always one thing I've been curious about, if you're storing data on a cloud service how would you really know that nobody has ever peaked at what you have?
|
|
#
?
Nov 5, 2014 19:51
|
|
|
Rexxed posted:Yes if there's a developer that uses something in particular the company will buy it and the license will be owned by the company while their employee uses it. They may want to do the install, they may have licenses, they may have you have your manager request it for you and then it'll get purchased and IT will put it on your machine, but there will be a way to request specific software from IT (unless they say no). adorai posted:Generally speaking, they won't have any. I can tell you if you asked me for a copy I would just install it for you and let our annual Microsoft license true-up catch it. Thanks for this. I'll pass it up my chain and see what happens. I'm thinking they'll tell me to buzz off, since its not within my departments scope.
|
|
#
?
Nov 5, 2014 19:59
|
|
|
mewse posted:What type of PoE switches are you using? Only time I've seen "no ethernet" was on a burnt port on a switch. Means the phone is still receiving power but the link was disestablished. Check cabling before you get to worrying about the a bad port on a switch. I very seldom find bad ports I regularly find bad cabling (admittedly we mainly use Cisco switches) you can easily loose data connection without losing power and vice versa the two functions use different pairs of copper so if something happens to one pair it could take out either data or power without effecting the other function. Not that it's relevant to the discussion since it sounds like some sort of software problem on their phones and they're just using the POE's to force a reboot.
|
|
#
?
Nov 5, 2014 20:18
|
|
|
Dark Helmut posted:I agree with what everyone is saying because that's my stance. However, in trying to be a team player, I'm trying to see the other side too. I'd much, much rather references be done over the phone; this goes for anyone I list as a reference and anyone who lists me as a reference (though I'm young enough in my career that I haven't been in that position yet). I accept that it's probably easier for everyone, in terms of schedule/time spent, to use an email with a questionnaire, so I'll speak to your other points. "Less personal" and anonymity are not positives. The people I use for references know me, they have said they want me to use them as references, they're genuinely happy with what I've done for them, and they want to help me and see me do well in my career. A phone call is going to get so much more real information across; tone of voice, word choice, any gushing they do, none of it would come across in a survey. And frankly I don't want it to be anonymous. If my prospective employer has to call a courthouse and ask for "The Honorable <name>," and that person answers and says good things about me, that's going to carry so much more weight than an anonymous bunch of 10s. Reports and graphs, really? For references? Even if the people I use don't put down all 10s, what does that tell me exactly? If it's anonymous, it won't tell me which of my references is unexpectedly giving me a bad score, so I can't cut them out of my list. What other purpose would it serve? If you want a point to take back to your bosses to convince them to let you continue to make calls, try this. One of the things I hate most about recruiters is their tendency to ignore the fact that I'm an individual. They ignore things I tell them about my goals, they ignore parts of my resume, they ignore my wishes (telling them to not change my resume, telling them to not contact my current employers, telling them not to send me to this or that company). I'm just another interchangeable machine to them. Learning that a given recruiter operates or thinks of me this way is the very fastest way to completely sour the relationship and make me never work with them again. I know you've said you (and presumably your company) do not operate that way, and I would think your company would want to go out of its way to not even appear to be moving in that direction.
|
|
#
?
Nov 5, 2014 20:42
|
|
|
As an alternative, maybe you could first shoot off an email to the reference or leave a voicemail with your number and email address?
|
|
#
?
Nov 5, 2014 20:55
|
|
|
Dark Helmut posted:It does look at IP addresses, just in case the candidate tries to fill out his own surveys. That's not infallible security of course, but it's something. That's why you go to Starbucks and use the 'porn' mode in your browser.
|
|
#
?
Nov 5, 2014 21:21
|
|
|
Tab8715 posted:That's always one thing I've been curious about, if you're storing data on a cloud service how would you really know that nobody has ever peaked at what you have? Encrypt it before you upload it.
|
|
#
?
Nov 5, 2014 21:49
|
|
|
mewse posted:Giving or receiving a reference is one of those rare situations that I think a phone call would be way better than text, for example all the implications a heavy pause can carry.  If someone has warned me that they've given me as a reference i'm more down with a phone call than email.
|
|
#
?
Nov 5, 2014 22:14
|
|
|
mayodreams posted:That's why you go to Starbucks and use the 'porn' mode in your browser. Umm, That's not going to change your IP Address. Infact, IP Address verification is an awful way to verify anything.
|
|
#
?
Nov 5, 2014 22:18
|
|
|
Che Delilas posted:I'd much, much rather references be done over the phone; this goes for anyone I list as a reference and anyone who lists me as a reference (though I'm young enough in my career that I haven't been in that position yet). I accept that it's probably easier for everyone, in terms of schedule/time spent, to use an email with a questionnaire, so I'll speak to your other points. I appreciate all the feedback, and this in particular. And yes, I copied and pasted this all into an email and sent it to her...
|
|
#
?
Nov 5, 2014 22:20
|
|
|
Tab8715 posted:Umm, Going to Starbucks will change your IP address, or at least give you anonymity.
|
|
#
?
Nov 5, 2014 22:20
|
|
|
Inspector_666 posted:Going to Starbucks will change your IP address, or at least give you anonymity. Ah, the starbucks bit yes it will. I just read pornmode.
|
|
#
?
Nov 5, 2014 22:31
|
|
|
Dumb question but I don't know how to Google it and am curious if anyone knows off the top of their head: net use \\server /user:domain\username - does anyone know if the password prompt that follows counts as a failed password attempt? I only ask due to the wording: "Invalid password or user name for..." etc. I'm assuming not but I don't know. I can test if I need to! Edit: To be clear, I mean that command alone, not messing up the password when it prompts you (which I know would count as a failed password attempt). Japanese Dating Sim fucked around with this message at 23:32 on Nov 5, 2014 |
|
#
?
Nov 5, 2014 23:06
|
|
|
Japanese Dating Sim posted:Dumb question but I don't know how to Google it and am curious if anyone knows off the top of their head: I think so, I'm pretty sure I've locked myself out doing this incorrectly.
|
|
#
?
Nov 5, 2014 23:08
|
|
|
NippleFloss posted:Security conscious companies generally have a problem with any cloud based file sharing service, not just Box. They want to keep company data on company owned equipment and limiting the ability to automatically push that data out to a cloud sharing service is one easy restriction that helps meet that goal. Internally hosted Box/Dropbox alternatives are gaining popularity for that reason. I just don't think that's reasonable. First, what would an internally hosted platform even look like? loving Sharepoint? No thank you. Can you reach feature parity with something like Box without spending a shitload on internal development? (No.) And what about the ongoing management and administration costs? You're going to need people to run this. And bringing a service inside doesn't magically mitigate all sources of risk, it just internalizes them, and can your internal IT staff claim that they are as security conscious and capable as a company whose entire business model is based around exactly that? (Except Dropbox, because haha, Dropbox) Tab8715 posted:That's always one thing I've been curious about, if you're storing data on a cloud service how would you really know that nobody has ever peeked at what you have? Because they have processes and procedures in place that are separately audited by third parties. How do you know no one has peeked at it while it's stored on your company's servers? At least with most external hosts, you know it's always encrypted when it's sitting there, and that there are a lot more hoops to jump through to get to the raw data, since no one there should ever be accessing it in that form. Typically, keys to actually decrypt data are stored in an entirely separate and secure area that is accessible only by literally one hand's worth or less of highly trusted individuals, usually requiring more than one of them to access anything. Really, I've never seen an argument against externalizing some amount of file storage that wasn't firmly rooted in a completely misguided assumption that "internal ALWAYS means more secure!" AlternateAccount fucked around with this message at 23:49 on Nov 5, 2014 |
|
#
?
Nov 5, 2014 23:46
|
|
|
Dr. Arbitrary posted:I think so, I'm pretty sure I've locked myself out doing this incorrectly. Me too. It would be a pretty giant security hole if it didn't, since you could then just sit and dictionary or brute force it all day.
|
|
#
?
Nov 5, 2014 23:50
|
|
|
Dark Helmut posted:I appreciate all the feedback, and this in particular. And yes, I copied and pasted this all into an email and sent it to her... Sweet! I hope it helps and that my passion isn't interpreted as crazed ranting. Also my question wasn't rhetorical: Can you tell me what is the intended purpose of the reports and graphs? Particularly for a candidate?
|
|
#
?
Nov 5, 2014 23:51
|
|
|
You can always install swift in your internal environment. API and most of the decent apps should allow you to point it locally. Of course you might as well just setup a ha files server at that point. I still stand by encrypting your data before you upload it. I've got personal poo poo on Dropbox but it's behind 128bit encryption so even if Dropbox gets hacked they still gotta get by my stuff and if you really want my tax returns and warranty information on my truck then have at it. You deserve it.
|
|
#
?
Nov 5, 2014 23:52
|
|
|
jaegerx posted:I still stand by encrypting your data before you upload it. I think this is grossly over-paranoid, but hey, that's pretty subjective. I think that if P&G and GE are willing to sign on for tens of thousands of licenses for a product, their security procedures are probably fine. Additionally, if you're concerned, you can have a clause in your contract that allows for uncapped damages should you actually suffer from any sort of data breach. Not something useful for an individual, but for a business, that should pretty much soothe most objections about "what happens if..."
|
|
#
?
Nov 5, 2014 23:56
|
|
|
AlternateAccount posted:I think this is grossly over-paranoid, but hey, that's pretty subjective. Eh. It's something automated I don't even notice. It's not data I need every day. The discussion was security of box and other cloud services. If you care that much about your data then that's your free solution to ensure the bad hackers don't get access to your cooking recipes or whatever people are wanting to store in the cloud. Personally I'm fine with storing stuff in the cloud but I can see a shared cloud account in a company and some idiot uploading salary information that now everyone in the company has access to(true story)
|
|
#
?
Nov 6, 2014 00:03
|
|
|
jaegerx posted:Personally I'm fine with storing stuff in the cloud but I can see a shared cloud account in a company and some idiot uploading salary information that now everyone in the company has access to(true story) When major, regulated, companies feel ok using SpiderOak Blue or Dropbox or whatever, it's probably safe to assume that their legal and IS teams have already vetted it and determined it worth the risk. Obviously using shared storage with sensitive data of any kind is a no-no even with local storage. AlternateAccount posted:Really, I've never seen an argument against externalizing some amount of file storage that wasn't firmly rooted in a completely misguided assumption that "internal ALWAYS means more secure!"
|
|
#
?
Nov 6, 2014 00:30
|
|
|
Quote is not edit.
|
|
#
?
Nov 6, 2014 00:31
|
|
|
Inspector_666 posted:Going to Starbucks will change your IP address, or at least give you anonymity. And using private browsing ensures there are no cookies to remember you by. IP filtering does suck, but it is beyond the scope of most people outside of IT.
|
|
#
?
Nov 6, 2014 00:32
|
|
|
So I'm not sure if I should put this in here or the Ticket thread, but whatever. I handled my first CryptoWall 2.0 infection today (we actually got two today, but one was on another AM's team) and while everybody says it deletes all of the VSS versions, it doesn't. The guy who got infected had mapped network drives, so we had to restore them, and I was able to just grab the VSS image from the previous day of each folder. All of the files had nothing, but all of the directories were fine. That made life pretty easy, and maybe something to keep in mind if anybody else runs into it and doesn't want to have to go to their off-site backups. Also today I whipped up my first PowerShell thing to accomplish a specific goal, and even though that goal was just "Make a txt file will all of the infected directories" I was able to make it happen in one try 
|
|
#
?
Nov 6, 2014 00:36
|
|
|
AlternateAccount posted:I think that if P&G and GE are willing to sign on for tens of thousands of licenses for a product, their security procedures are probably fine. "I think that if Chase and Wells Fargo are willing to sign on for tranching and securitizing subprime loans, they are probably fine." I don't doubt that the majority of cloud based file services are safe and secure. The problem is that not all of them are, and when they aren't, it's bad loving news. In the past two months, there have been two large cloud storage breaches: Dropbox and iCloud. Dropbox was always shady, but to be honest iCloud was very trusted. I am going to be honest, if one of my regulators asked me if I was sure that no one in my company had sensitive data stored in iCloud, I'm not sure I could not honestly say yes. And the followup question would be to ask me how I am sure our sensitive customer information has not fallen into the wrong hands. That same question asked of me without any file sharing services being used at all, and I can honestly say that I have no indication that our servers have been compromised, whereas I have proof that iCloud and Dropbox were. I'm not going to argue with you about whether the services are actually safe. You think they are, I think they probably are in general, but am not going to risk my career on it. Every cloud based service we have increases the surface area for attack against my company. Some of those increases are small, others are large, and I will evaluate each as they come in. My executive management backs my stance on cloud based services and that's really all I need in order to tell my end users no. jaegerx posted:Encrypt it before you upload it. it's a good plan but not really great for end users of average computing knowledge. They either just wouldn't do it, or there would be endless tickets generated when they tried to access it from other locations if it were scripted.
|
|
#
?
Nov 6, 2014 00:53
|
|
|
AlternateAccount posted:I just don't think that's reasonable. First, what would an internally hosted platform even look like? loving Sharepoint? No thank you. Can you reach feature parity with something like Box without spending a shitload on internal development? (No.) And what about the ongoing management and administration costs? You're going to need people to run this. These features are generally integrated into an existing mobile management platform like Good (Good Share) or Airwatch (Secure Content Locker) and can leverage many different repository types like file shares, sharepoint, public folders, etc. You don't roll your own and the same team that manages your mobile devices and security manages it. Whether you think it's reasonable or not it happens. Cloud services were blocked at the last DOD site where I worked. Anywhere with strict legal requirements to maintain data confidentiality will probably do it just to cut off one avenue for accidental leakage. That means military, financial, and health care. And there will always be places that follow the lead that those sectors set on security.
|
|
#
?
Nov 6, 2014 00:53
|
|
|
NippleFloss posted:Anywhere with strict legal requirements to maintain data confidentiality will probably do it just to cut off one avenue for accidental leakage. That means military, financial, and health care.
|
|
#
?
Nov 6, 2014 00:56
|
|
|
adorai posted:I don't doubt that the majority of cloud based file services are safe and secure. The problem is that not all of them are, and when they aren't, it's bad loving news. In the past two months, there have been two large cloud storage breaches: Dropbox and iCloud. Dropbox was always shady, but to be honest iCloud was very trusted. Dropbox had one breach 2 years ago and rolled out 2FA after it happened. Also what the hell makes Dropbox "shady" compared to iCloud? Inspector_666 fucked around with this message at 01:01 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 00:56
|
|
|
|
| # ? Apr 25, 2024 01:28 |
|
|
Hopefully when they turn off access to cloud services they also disable external storage so someone doesn't download a client list full of PII onto a flash drive then lose it in a public place. (Also happened.)
|
|
#
?
Nov 6, 2014 00:58
|
|
