21 Jul 2014

How to save millions with desktop software!

[The South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen laptops. Even at this price, they may not get them back. Intact. With all the data. I have a better plan.]


Read this article on how the South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen laptops. Done? 

Now, friends hiring friends aside - they must have come to that figure somehow. It is assumed that especially now that this has hit the press, the management of SITA must value the information on the three laptops at more than R10 million. Let us say R12 million. The hardware costs do not even come into it, they are so small to be insignificant. So each laptop has about R3 million worth of information. (More likely is that they all had the full information set on them.) 

So either, the information is so secret that they don't want it to leak, or so irreplaceable that it would take R10 million worth of work to get the information back. Or better - R10 million to try and get the information back. 

So, how could SITA have done this better and cheaper? They could have gone to Incredible Connection. They would have found multiple software packages. One I chose at random (and have no idea how good it is or have any affiliation) is Norton 360. It retails for R350. It is SOHO software and not enterprise software but it should still do the job. They would have to buy three copies and I'm not sure if  the I.C. staff would maybe give them a bulk discount. So, call it R1000. Plus R1000 for someone to install it. Lets bump that up to R40k for someone to install it (this being the government and used to paying big money for things to happen.) 

According to the website - "Automatic backup takes care of your photos, music, and other important files and backs them up to a disc, USB device, or online to one of our secure data centers. Protects files you back up online with government-grade encryption."

Oh, we need a USB or a disk. Lets assume that R10million of data is a lot of information, maybe more than 16 Gigs but if it is on a laptop then probably less than 2Gigs. So.. Western Digital 2Tb Portable hard drive to backup stuff onto with Symantec's "Government grade encryption". Another R2200 times 3 is R6000. I am assuming that the place where they keep these R3million laptops has some type of secure storage, otherwise Makro has a safe for R1500. Plus, say, R40000 for someone to install the safe. 

So, if the laptops go, there is still a backup in a safe. Even if they forgot to backup that day or the day before... no organisation comes up with R10million worth of information in one day. If they could do that then the next day they would just come up with it again and laugh about the lost laptops. So, first issue sorted. 

I assume that the laptops are running Windows 7 so that full disk encryption is built in and just needs to be turned on. Alternatively, scrap the Symantec and use Kaspersky which has all the backup software and also full disk encryption, both government grade and pretty impenetrable. 

So, anyone who gets hold of the laptops will have to format them because they are not getting the information out.  Second issue gone. 

Lets work out the cost -

Software - R1500 
Hardware - R6000
Safe - R1500
Installation - R80000 (but R4000) would probably be more realistic

So, round it up to about R100000 (this is government!) but it could be done for under R20000.

The advantage of my solution is that it is guaranteed! You will have your information and noone else will. The R10 million solution has no guarantee at all. 

So, SITA, give me R10million minus R100000 and we'll call it quits. Heck, give me R5million. 

The sad thing is that SITA is an IT organisation . They should know this. They should actually be preaching the above. They should be guiding the rest of the government on how to manage information. The word "information" is in their title. Of course, so is the word "State" and that is why they would rather spend R10million on hopefully retrieving 3 lost laptops rather than R20000 protecting the information on them in the first place. 

[The South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen laptops. Even at this price, they may not get them back. Intact. With all the data. I have a better plan.]


Read this article on how the South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen laptops. Done? 

Now, friends hiring friends aside - they must have come to that figure somehow. It is assumed that especially now that this has hit the press, the management of SITA must value the information on the three laptops at more than R10 million. Let us say R12 million. The hardware costs do not even come into it, they are so small to be insignificant. So each laptop has about R3 million worth of information. (More likely is that they all had the full information set on them.) 

So either, the information is so secret that they don't want it to leak, or so irreplaceable that it would take R10 million worth of work to get the information back. Or better - R10 million to try and get the information back. 

So, how could SITA have done this better and cheaper? They could have gone to Incredible Connection. They would have found multiple software packages. One I chose at random (and have no idea how good it is or have any affiliation) is Norton 360. It retails for R350. It is SOHO software and not enterprise software but it should still do the job. They would have to buy three copies and I'm not sure if  the I.C. staff would maybe give them a bulk discount. So, call it R1000. Plus R1000 for someone to install it. Lets bump that up to R40k for someone to install it (this being the government and used to paying big money for things to happen.) 

According to the website - "Automatic backup takes care of your photos, music, and other important files and backs them up to a disc, USB device, or online to one of our secure data centers. Protects files you back up online with government-grade encryption."

Oh, we need a USB or a disk. Lets assume that R10million of data is a lot of information, maybe more than 16 Gigs but if it is on a laptop then probably less than 2Gigs. So.. Western Digital 2Tb Portable hard drive to backup stuff onto with Symantec's "Government grade encryption". Another R2200 times 3 is R6000. I am assuming that the place where they keep these R3million laptops has some type of secure storage, otherwise Makro has a safe for R1500. Plus, say, R40000 for someone to install the safe. 

So, if the laptops go, there is still a backup in a safe. Even if they forgot to backup that day or the day before... no organisation comes up with R10million worth of information in one day. If they could do that then the next day they would just come up with it again and laugh about the lost laptops. So, first issue sorted. 

I assume that the laptops are running Windows 7 so that full disk encryption is built in and just needs to be turned on. Alternatively, scrap the Symantec and use Kaspersky which has all the backup software and also full disk encryption, both government grade and pretty impenetrable. 

So, anyone who gets hold of the laptops will have to format them because they are not getting the information out.  Second issue gone. 

Lets work out the cost -

Software - R1500 
Hardware - R6000
Safe - R1500
Installation - R80000 (but R4000) would probably be more realistic

So, round it up to about R100000 (this is government!) but it could be done for under R20000.

The advantage of my solution is that it is guaranteed! You will have your information and noone else will. The R10 million solution has no guarantee at all. 

So, SITA, give me R10million minus R100000 and we'll call it quits. Heck, give me R5million. 

The sad thing is that SITA is an IT organisation . They should know this. They should actually be preaching the above. They should be guiding the rest of the government on how to manage information. The word "information" is in their title. Of course, so is the word "State" and that is why they would rather spend R10million on hopefully retrieving 3 lost laptops rather than R20000 protecting the information on them in the first place.