<p dir="ltr"></p>
<p dir="ltr">On 6 Sep 2016 8:58 AM, "<a href="mailto:paul%2Bausnog@oxygennetworks.com.au">paul+ausnog@oxygennetworks.com.au</a>" <<a href="mailto:paul%2Bausnog@oxygennetworks.com.au">paul+ausnog@oxygennetworks.com.au</a>> wrote:<br>
><br>
> Are you serious Robert ?</p>
<p dir="ltr">Very much so.</p>
<p dir="ltr">> The lowest grant is $10k from what I could see, $10k will be a pretty decent populated NAS from the ones I have seen lately, jeeze you can buy an entry level HP San with a couple of 10G cards for servers and a couple of TB of storage as well for $20-$25k, I mean seriously, this is just data storage, it just needs a decent NAS with redundancy, you don’t even need encryption on the device.</p>
<p dir="ltr">You really think that?</p>
<p dir="ltr">This is sensitive data. This data requires that it is reliably stored in a resilient fashion and in a manner where the integrity of the data is protected - think "CIA" from an information security perspective.</p>
<p dir="ltr">At a minimum, I would expect multiple copies of the data in secure physically separate locations (to guarantee confidentiality and availability), stored in a WORM fashion (to ensure integrity).</p>
<p dir="ltr">To fail to provide this is to fail in the duty of care.<br>
><br>
> Good on the people who have been legitimate in their requests, they should be applauded for being honest in their requirements, and realistic.</p>
<p dir="ltr">I agree. I have concerns that the low-end figures aren't actually enough to do this to a base acceptable level.<br>
><br>
> We submitted our DRIP which was then approved and we said that we will control access to data with username and password and encrypt any backups of the data as well, they were happy with that.</p>
<p dir="ltr">There is detail to that implementation plan that determines whether it is appropriate - I am not saying yours is not, but given some of the security advice thay has come out of fed govt departments in recent times, I wonder how good the AGs Dept has been at judging this themselves.<br>
><br>
> <br>
><br>
> Personally I think people have taken this whole thing out of context because it was so grey in its delivery so everybody has just gone crazy with buying everything they need to upgrade their network or do everything they possibly can to retain that information to be 110% sure they are complying with something that nobody can really be sure about, not to mention how much people will probably spend on lawyers to cover their arses.</p>
<p dir="ltr">I am sure that is the case in many circumstances. But in some cases, it looks like the solution is very much being gold plated.<br>
><br>
> <br>
><br>
> We are relatively small but do quite a few different things, we have an approved drip with some pretty simple stuff in it, more or less it’s to store our radius logs, mail logs, CDR’s and a few other bits and pieces, they even rejected our storing of customer changes in our customer portal/CRM as they said that it wasn’t a relevant service/not needed, and it even says that you need to retain changes to credit cards, addresses, etc for accounts in the policy so I don’t know what that was about but I have an approved document which says I don’t need to do it and as far as I’m concerned that’s all that matters.<br>
><br>
> <br>
><br>
> I personally really can’t see how some people could possibly be legitimately spending or needing to spend the type of money they have been granted based on our approved DRIP.</p>
<p dir="ltr">I think we agree here. :)<br>
><br>
> One thing I can be sure of though, everybody will have invoices from somewhere to justify their costs.</p>
<p dir="ltr">The question is whether the people they have to justify it to are appropiate judges of this. Given the apparent disparity in grant fund approval, I have concerns here.<br>
><br>
> <br>
><br>
> Anybody need some DR Consulting work done ?? LOL</p>
<p dir="ltr">I am sure some people absolutely need this. :)<br>
><br>
> <br>
><br>
> Regards<br>
><br>
> Paul<br>
><br>
> <br>
><br>
> From: AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Robert Hudson<br>
><br>
> Sent: Tuesday, 6 September 2016 7:52 AM<br>
> To: Skeeve Stevens<br>
> Cc: <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>><br>
><br>
> Subject: Re: [AusNOG] Aus Industry Congratulations Email<br>
><br>
> <br>
><br>
> Just over $128m for 180 recipients, or an average or over $700k per recipient. A number of the lower-end figures wouldn't purchase a decent SME NAS with disks in it...<br>
><br>
> <br>
><br>
> On 5 September 2016 at 23:33, Skeeve Stevens <<a href="mailto:skeeve%2Bausnog@eintellegonetworks.com">skeeve+ausnog@eintellegonetworks.com</a>> wrote:<br>
><br>
> All,<br>
><br>
> <br>
><br>
> The list: <a href="https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DRIGP-recipients.pdf">https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DRIGP-recipients.pdf</a><br>
><br>
> <br>
><br>
> I am absolutely stunned by this list and how much people asked for - and got.<br>
><br>
> <br>
><br>
> Sure, there are people who needed the money to comply, but I think a lot of people are taking advantage of the system and should be ashamed of themselves for how much they asked for.<br>
><br>
> <br>
><br>
> Yes, the government did a shit job, but this is community money - needed for us to comply with a stupid law. Not a slush fund for people to build up their business.<br>
><br>
> <br>
><br>
> Universities - I don't understand. System Integrators - bullshit. VoIP providers, you are are already logging call details - why do most of you need anything?<br>
><br>
> If everyone IT integrator in the country claimed, we'd have over 2k-3k applicants and no one getting much at all.<br>
><br>
> <br>
><br>
> I think a lot of people are buying new networking equipment with these funds. I am not sure the fund was designed to build the networks of ISPs.<br>
><br>
> <br>
><br>
> Some of the massive requests are astounding and begs the question "WHAT are people buying with it?"<br>
><br>
> <br>
><br>
> I think the AG make all the applications public since they've made the result public. We need context to some of these extremely excessive allocations.<br>
><br>
> <br>
><br>
> There is no jealousy here. There is a dozen of my customers on the list, but all mostly realistic.<br>
><br>
> <br>
><br>
> Those that say we should just move on have no respect for the stewardship of these resources.<br>
><br>
> <br>
><br>
> Bring on the flames.<br></p>