Do we really care about storage security?
Computerworld -
How many stories about lost backup media will it take before we all finally get serious about storage security? Like clockwork, you can count on a new story appearing every couple of weeks.
In the past month, we've learned of yet another bank sending unencrypted tapes with sensitive data via UPS as well as a health care company using an employee's garage for off-site media storage. In the latter case, the employee's car, which contained backup disks and tapes, was stolen. Interestingly, the tapes actually were encrypted; unfortunately, the disks were not. Too bad the car didn't have LoJack!
Whenever this happens, companies suffer considerable public embarrassment and bear substantial costs in contacting potential victims. While surveys have shown rising interest in data encryption, it still ranks relatively low on IT project lists.
It seems that many companies either remain unaware of the risk (which is hard to believe) or have somehow come to the collective conclusion that the risk and its potential consequences are simply not worth the cost of prevention. Is this true?
While there is no evidence yet that data has been misused, that is little reassurance. What about the cost and effort?
A few years ago, the options for protecting off-site data were costly and few. However, technologies and services now exist that can provide more affordable levels of protection. In-line appliances can encrypt backup data prior to being written to tape with little effect on performance. Several tape drive and library manufacturers have introduced data encryption into their products. Other companies offer remote backup services that store data in an encrypted manner and never require handling of removable media.
To be fair, the maturity of these offerings varies significantly, so one must carefully evaluate and compare the various options. One area requiring particularly scrutiny is encryption key management. For stored data, well-defined key management policies and procedures are critical, and a product that can assist in this complex task is essential.
As more companies adopt encryption policies, the option for others to continue doing nothing becomes less viable. The good news is that this is a problem that has a solution. Now if I could get The Boston Globe to stop recycling reports containing my credit card number to wrap its newspapers?
Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at jimd@glasshouse.com.
Security
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
