Voir en


Computer Security: Negative legacy when moving on?


CERN’s academic environment is highly volatile. Thousands of people join CERN every year. Thousands more leave during the same time span. Lots of comings and goings. Changes in contract. Affiliation. Home institute. Function. Great successes and accomplishments while at CERN lead to thrilling new challenges outside. The very idea of people moving on even forms part of CERN’s educational mandate. But please, before you embark on your future journey, take care of your digital legacy at CERN.

As a staff member or user working for CERN or at CERN, you are eligible for a multitude of computing resources: a mailbox, disk space, registered devices, databases, websites, virtual machines and more. Usually, these resources are categorised as “professional” or “personal”. “Professional” resources are usually deployed for the operations of the Organization, for its research programmes, to serve our community, for science, for controlling accelerators and experiments, for data-taking, for physics analysis. While one individual always has full responsibility for each resource, they are often used by many, such as computing clusters pledged to separate collaborations, disk space assigned to dedicated experiments, or software repositories managed by individual projects. On the other hand, “personal” resources are usually directly registered under your name, and may hold private or personal information like your personal laptop or smartphone registered with CERN; your mailbox; private documents you store in your home folder on AFS, DFS, EOS or CERNbox; or your personal website hosting your CV, papers and other achievements. The CERN Computing Rules (OC5) explicitly tolerate personal use (OC5, Annex on “Rules for personal use”) as long as its duration is limited, the resources used are negligible, and the activity is not illegal or inappropriate – among other requirements*. That split between “professional” and “personal” is particularly important once your affiliation with CERN ends and you leave the Organization: Unless you request otherwise, “professional” resources are automatically reassigned to your supervisor, while “personal” resources are purged and lost forever after a short grace period of six months (some “test” resources are purged after a much shorter, but still defined time span).

This is where “negative legacy” might kick in: unfortunately it is a common occurrence for professional stuff to be stored under the “private” label – and purged after the aforementioned grace period. Software written by a summer student, stored in a local home folder, irretrievably lost. Personal virtual machines running an important control system, terminally purged. Project databases permanently deleted. Experiment websites gone forever… What about your legacy? And what about the legacy of your supervisees? If you are a resource owner, take a moment to review the usage of the computing resources registered under your name. If you are a supervisor, it is your responsibility and in your interest to guarantee a smooth handover when your supervisees or students leave! Check for example the CERN Resource Portal, the network database, or the OpenStack cloud service. Are there resources, e.g. webpages or virtual machines, which are labelled “personal”, but are technically “professional”? Is there software and code (snippets) which should be committed to your project’s central software repository like CERN Gitlab? Are all essential papers and presentations archived on the CERN Document Server? What about technical documentation which should go to EDMS? Better to have this sorted out now than to be surprised (and sorry!) once those resources are gone… Plan ahead for a positive legacy**!


*Where that fails, see our Bulletin articles on “Computing power for professionals… only!”, “Rules: what’s allowed and what isn’t” and “Virtual Misconduct – Real Consequence”.

** If you encounter orphaned resources that might become the victim of a “negative legacy”, please contact Computer.Security@cern.ch, who will be able to recover these resources in accordance with CERN’s policy on “Third party access to users’ accounts and data”.


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.