Do we really care about storage security?
Computerworld -
How many stories about lost backup media will it take before we all finally get serious about storage security? Like clockwork, you can count on a new story appearing every couple of weeks.
In the past month, we've learned of yet another bank sending unencrypted tapes with sensitive data via UPS as well as a health care company using an employee's garage for off-site media storage. In the latter case, the employee's car, which contained backup disks and tapes, was stolen. Interestingly, the tapes actually were encrypted; unfortunately, the disks were not. Too bad the car didn't have LoJack!
Whenever this happens, companies suffer considerable public embarrassment and bear substantial costs in contacting potential victims. While surveys have shown rising interest in data encryption, it still ranks relatively low on IT project lists.
It seems that many companies either remain unaware of the risk (which is hard to believe) or have somehow come to the collective conclusion that the risk and its potential consequences are simply not worth the cost of prevention. Is this true?
While there is no evidence yet that data has been misused, that is little reassurance. What about the cost and effort?
A few years ago, the options for protecting off-site data were costly and few. However, technologies and services now exist that can provide more affordable levels of protection. In-line appliances can encrypt backup data prior to being written to tape with little effect on performance. Several tape drive and library manufacturers have introduced data encryption into their products. Other companies offer remote backup services that store data in an encrypted manner and never require handling of removable media.
To be fair, the maturity of these offerings varies significantly, so one must carefully evaluate and compare the various options. One area requiring particularly scrutiny is encryption key management. For stored data, well-defined key management policies and procedures are critical, and a product that can assist in this complex task is essential.
As more companies adopt encryption policies, the option for others to continue doing nothing becomes less viable. The good news is that this is a problem that has a solution. Now if I could get The Boston Globe to stop recycling reports containing my credit card number to wrap its newspapers?
Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at jimd@glasshouse.com.
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Data Protection is not an insurance policy -you cannot buy-back lost data
Find out why you need to maintain access to critical information to run your business and remain competitive.
Essential Archive Requirements for E-Discovery
Register Now!
Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!
CIO Strategies for the Retention and Deletion of Email
Register Now!
Rethinking Business Continuity and High Availability in Storage - HP and Forrester Pre-Recorded Webcast
Download it.
CIO Viewpoints: Exchange 2007 Risks and Mitigation Strategies
Download This Whitepaper Today!
5 Architecture Issues that Impact BES performance
Register to attend this LIVE Webinar to learn 5 Architecture Issues that Impact BES performance!
The Power/Density Paradox: The Result of High Density without Power Efficiency
Download this brief to explore what the power/density paradox is and how IT professionals can mitigate the risk.
Four Principles for Reducing Storage TCO
View cost reduction strategies in this video! Provided by Hitachi Data Systems.
