Voir en

français

Computer Security: How to avoid being disturbed during your holidays

Aloha! Do you enjoy the sun? The beach? Mountains? A cocktail? Eating out? Theatre? Do you enjoy a relaxing time far away – physically as well as mentally – from work? Here are a few hints for how to achieve that and enjoy the perfect break.

In the past few weeks – during the summer holiday season! – we had to handle a series of requests for access to personal data. The requests were made by colleagues and supervisors desperately looking for analysis code, draft papers, documentation, software snippets, etc. Unfortunately, this data was buried deep in individuals’ personal folders or stored on personal devices switched off for their own holiday break. Since CERN values your privacy, getting access to that data is not that easy. And it might require action by you, sitting on Aloha beach, to grant access.

Access to personal data stored at CERN or on CERN-owned devices is governed by the CERN Computing Rules (OC5), and in particular by the subsidiary rule on third-party access to users’ accounts and data. Depending on the nature of the data, access to it might require the explicit authorisation of the Director-General. Only if the files can be clearly and unequivocally identified as being related to professional business (as indicated by their file names) can the Computer Security Officer use their discretion to advise the data-storage service managers to hand over the files. But before going down either of those routes – turning to the Director-General or triaging by file name – the procedure also involves you as the data owner. Can we reach you? Can we verify your identity? Can we obtain your approval? If so, good news for us.

But not such good news for you. Dragging you out of your vacation dreams. From sandy Aloha beach back to reality. From sunny weather back to the office. Out of the theatre onto the working stage. A small nuisance of a break during your well-deserved break. “Aloha? Sorry to disturb you.”

A much better solution is to store all your professional data in central locations: files and analyses should be stored in EOS (or AFS) project folders (i.e. “/eos/project-[A-Z]”, “/eos/experiment”, “/afs/cern.ch/project” and “/afs/cern.ch/exp/” ), or on shared spaces on CERNbox, all documentation should be stored in CDS, EDMS or Indico, and your professional software should reside in the CERN GitLab repository. The same holds true, by the way, for the professional data of any of your students and colleagues who are leaving the Organization to embark on new challenges. Make sure that all their professional data, documents, projects, software, analyses, ntuples, etc., are properly, consistently and completely handed over to you (if not already stored in the central locations mentioned above). While we offer a grace period of six months, after that the data in every personal folder is deleted irrevocably – and with it any professional data residing therein.

Furthermore, all professional devices, virtual machines, services, databases, webpages, e-groups and project folders should be administered by more people than just you so that they can take over while you’re on Aloha island. And you can avoid being disturbed during your holidays… Aloha!

_____

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.