Computerworld - Before the digitalization of data, encryption was enough to protect vital, private data from prying eyes and malicious intent.
However, as the recent rash of media coverage over the potential exposure of personal consumer data like Social Security numbers and credit card information demonstrated, storage security that depends only on encryption is far too risky. Hackers are able to eavesdrop, tamper and impersonate data increasingly invasively and effectively, and encryption alone is not enough.
To meet stringent compliance standards describing how long data must be kept and protected, companies must wage war against tampering and theft with a multilayered approach that starts with encryption and ends with the integration of digital signatures, digital certificates and hierarchical key management.
Backup and archive confront security challenges
The digitizing of critical information has eased transactions and made record keeping and other tasks more efficient, but it has also led to internal and external risks that threaten the privacy and authenticity of personal and other data. In recognition of these threats to the sanctity of critical data, regulations like the Gramm-Leach-Bliley Act and California's Database Security Breach Notification Act dictate the need to provide secure backup and nonrepudiated archiving.
The dangers that are driving these and other regulations are threefold:
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
