Data thefts prompting IT security checks

Computerworld - Bank of America Corp.'s loss of credit card data on some 1.2 million customers, along with other recent security incidents, has renewed interest among some IT executives in encrypting data written to backup tapes. But others maintain that simply following existing data-protection rules can prevent such losses.

Drew West, vice president of engineering services at First National Bank of Arizona in Phoenix, said his bank is looking into encrypting the data it stores on tape, as well as other methods of increasing data security.

"We will be deploying additional encryption methodologies as well as harder authentication," West said. "There are quite a bit of resources being focused on it."

Rich Mogul, an analyst at Gartner Inc., said recent cases of data loss or identify theft through hacking have definitely accelerated plans at financial services firms to roll out greater data-protection schemes.

"There's a reasonably widespread use of encryption ... as well as content-monitoring and -filtering tools," he said. "I think it's the fear factor that's probably driving it more than anything else."

On the other hand, Scott Jefferies, an independent IT consultant who works at a large Wall Street firm, said that any outcry for using complex security techniques such as encrypting data on backup tapes has so far been muted because there is too much processing overhead involved in the technology.

Jefferies, who declined to identify his current client, maintained that adherence to existing security processes can oftentimes eliminate or mitigate security problems. For example, companies need to keep a tighter handle on password permissions and end-user access privileges to prevent theft by disgruntled workers or former employees.

"Things in the news that are huge right now are one-off issues. I don't think they're systemic or point to a pattern or a huge hole necessarily," he said.

Some firms had started encryption efforts before the recent data-theft incidents.

For six months, Boeing Employees Credit Union (BECU) has been encrypting all data written to backup tapes using an appliance from Decru Inc. in Redwood City, Calif., in order to protect against unauthorized access to information that is moved off-site. The Tukwila, Wash.-based credit union uses Iron Mountain Inc. to move 140 tapes every week to a long-term archival site from four main data centers.

Backup Plans

Daniel Chow, IT systems and security engineer at BECU, said Decru's DataFort T-Series storage security appliance adds no latency to his backup process. However, it has caused the Hewlett-Packard Co. disk arrays it is backing up to need rebooting from time to time because HP has yet to certify the DataFort appliance with its servers as EMC Corp. and other storage vendors have done.