Sherman’s March to the C:\
27 August 2019 |
The more storage space a person is given, the less disciplined that person will be in deciding what should and shouldn’t be stored there. This is especially true in enterprise networks, where data storage is cheap, people can be cavalier, and detritus can accumulate until even the largest SANs are choked off with non-work-related content.
When’s the last time you took a comprehensive stroll through your enterprise storage? It’s been a while, hasn’t it? Amazing the sort of obsolete and questionable content you find in there, right? Drafts of old documents, vendor slicks from obsolete equipment and services that were never purchased, articles whose relevance has long since faded, digital songs that no one likes anymore, pirated digital movies, pornography, and … er … wait, what was that last one again? And why exactly was it stored on the finance department’s network share?
Let’s back up: there was a time not so long ago when storage regularly had to be pruned, like a tree on a small lot. Businesses had limited space; they needed to regularly police their shares for ‘unnecessary’ content in order to have enough free space to take care of daily operations. Users were often restricted to tiny little individual or team-level shares, like monastic cubicles. IT allocated users just enough storage space to accomplish required task and not a byte more.
Over time, storage got larger and cheaper until it was possible to relax … a bit. Storage for groups and individuals became increasingly less restrictive until storage was effectively unlimited. True, there was a hard limit somewhere … hard drives have finite capacity. With sufficiently large arrays of cheap drives, though, it became a challenge to fill up a modern array with user data alone. Note that I’m not talking about system data (like log files) or business data (like the fancy ‘machine learning’ voodoo that salespeople won’t stop calling me about). No, I’m taking strictly about the files, folders, and foolishness that humans deliberately save to their network shares.
In a way, it makes sense to give users as much space as they feel they need. Everything stored on a network share can be reliably backed up, scanned for malware, replicated off-site for disaster recovery purposes, and locked down in the event of a ‘legal hold’ order. It makes good business sense to shift users’ data off of their fragile, unreliable, and easily-stolen laptops and over to a robust, centralized, managed storage solution. It’s better for everyone, especially the organisation.
Sure, we like to believe that we’re a ‘family’ instead of a temporary assembly of co-workers. The painful reality is that this ‘family’ has to make money, and happiness is one of the first optional extras thrown overboard when the going gets tough.
We did that back when I was an IT director. We made it policy that content stored on company PCs was considered expendable; save at your own risk. All official company content was required to reside on one of three standard shares that were automatically mapped to all users at login:
- The P:\ share for purely-personal content (like performance reviews, leave-and-earnings statements, medical records, draft work products, etc.
- The O:\ share for organizational content; things that needed to be kept within a specific department or site, like purchase requests, duty schedules, event calendars, etc.
- The W:\ share for business content that could be shared with anyone in the ‘world’ (really, within the organisation). This included training content, marketing slicks, etc.
Our system worked; everyone understood the ‘POW!’ model and applied it (more or less) consistently. There were goofs, sure; users would lose track of which share they had pulled up in a Save As dialog box. Or they’d copy a file from their desktop to the wrong Windows Explorer window. These things happen. For the most part, though, people learned the model and applied it consistently. PCs became more like terminals than stand-alone workstations.
Sure, we’d all love to have a dedicated Mac Pro workstation with a 30-inch display. In our private office. With a secretary standing guard outside to let us enjoy our company-funded full-service bar. Might as well ask for a pony and unlimited paid holidays while we’re fantasizing.
The required centralisation also helped reduce the amount of inappropriate content circulating through the network because people didn’t want to get caught. Well … mostly reduced it. Remember: people are people. When there’s all that space out there, ripe for the taking, someone’s inevitably bound to get bad ideas. Some users would upload personal content to their P:\ shares that was … inappropriate for a workplace. Sometimes this was done out of ignorance, other times out of malice, but most often out of a cavalier disregard for policy. That’s why the IT staff had to regularly take a long march through the shares searching for materials that didn’t belong.
To be clear, our users had no Reasonable Expectation of Privacy on company systems. Whatever users created, saved, stored, transmitted, or shared on the company network was subject to monitoring and analysis. That said, IT tried to offer users a modicum of privacy when it came to their personal shares. That is, IT retained the right to look through anything they had, but would avoid taking an active interest until something compelled them to take a look. IT didn’t need a warrant, but didn’t go snooping in users’ personal directories for kicks either.
At least once a year, the storage team would run searches for specific file types: .mov movie files, .mp3 music files, .jpg photographs, etc. Sure, there were legitimate reasons to have all three types as part of routine company business. IT would take a list of discovered files, see how many were in a given share and check their file names, sample a percentage of suspicious items, and ignore anything that seemed legit. A filed called ‘drill_press_safety.mov’ would get a second look, whereas a file titled ‘hottest_exotic_dancers_of_detroit.mov’ triggered a review. 
Most the content that IT found was quasi-legal, like the fellow who uploaded his entire personal .mp3 collection to his P:\ share so that he could listen to his music no matter which PC he logged into. Other people collected risqué jokes to share with their office mates. A few people stored work records from an outside employer or personal business activity. All of these things weren’t allowed on the company network, but weren’t illegal as such.
Most of it was the digital version of the physical accumulation one finds in any office that’s been occupied continuously for more than a year. Everything from personal letters to receipts to the kids’ Christmas wish list. Stuff that should have been dealt with at home, but couldn’t be thanks to the demands of One’s Employer.
IT found the other sort of content, too. Let’s not swell on those types, since they were aberrations compared to the mountains of legal-but-not-allowed detritus that just needed removing.
No matter what, organisational policy was clear: users couldn’t store non-work stuff on the company network, full stop. IT had every right to delete it. Instead, they chose a more humane path (for the legal stuff, at least): they moved all unauthorized content to offline storage, sent the owning user a warning, and gave them 30 days to come by the department with a flash drive or external; hard drive to collect their content. They’d get to take their files home with no more than a light slap on the wrist and a mild talking-to. 
That’s how it was intended, anyway. Some users – upon being caught red-foldered – complained that IT’s sweeps felt like being steamrolled by an invading army. Some griped that they should have been given fair warning … even though they’d all signed user agreements that clearly spelled out what they were and weren’t allowed to put on the network. Others complained that they deserved more latitude to store non-work content on the massive storage arrays since they weren’t actively hurting anyone. In the end … IT listened, commiserated, and politely declined.
Whether they took the gentle approach or the more militaristic slog, the end result was the same: after finishing the search-and-remove sweeps, IT would net about 30% freed-up shared storage. No matter the disgruntled users said, the executives supported the purge operations out of practicality (if not on principle alone). Why? Because the head honchos didn’t want to pay the hundreds of thousands of dollars that were required to add more drives to the arrays. They felt (justifiably) like they’d already paid a ton for the storage infrastructure. They didn’t want to pour more money onto the project so that Joe from the Mail Room could store his .mp3s at work.
I’m amazed that this still happens now that 99.9% of workers carry a multi-gigabyte jukebox and movie theatre everywhere they go. WHY PUT YOUR *#&$ SONGS ON THE NETWORK, BOB?!?
In time, this became a standard annual practice industry-wide. Every company that I’ve worked at over the last twenty years has done something similar Each organisation’s rules were slightly different concerning what could and couldn’t be stored on the company network, but the need to purge unauthorized files was universal. Multiple times a year, either IT or security would sweep through online storage and search for disallowed content. Some companies were so draconian that their sweeps made it all the way down to individual company laptop drives. Yes, all the way to the seemingly sacrosanct C:\ partition. Supposedly the most ‘personal’ archive of a user’s content. I can’t take umbrage with this. Unauthorized use was unauthorized.
I understand that storage is cheap enough nowadays that some industry pundits argue that these periodic sweeps aren’t worth the effort. Too much work for too little gain, given that one additional multi-terabyte hard drive can cost less than a single hour of a sysadmin’s time. That’s true. On the other hand, I’ve come to appreciate the long-term value in a thorough sweep. What matters is that an organisation had both a right to inspect and a duty to eliminate content that (a) serves no business purpose and (b) could cause the organization some embarrassment if revealed to the public. Every piece of disallowed content discovered had to go.
Moreover, a period sweep gets all the users’ attention. People tended to be more circumspect about what they e-mailed, browsed, downloaded, and shared once they realized that the organisation was paying close attention. It didn’t’ matter why IT was looking; only that they were.
 Yes, we knew this left us vulnerable to some clever git who understood how to camouflage their NSFW content with innocuous file names. There were only so many hours in the day.
 The folks with harassment gifs and pornography stashes had their content stored as evidence and went through the normal disciplinary process.
Cultural Allusion: Sherman's March to the Sea, 15th November to 21st December 1864. A ‘scorched earth’ military campaign that helped end the American Civil War. Notable for (among other things) how differently the two sides later portrayed the operation.