Do you know how secure your data really is?

May 2010
29

Do you know how secure your data really is?

 

Most companies have offsite requirements for their backup data as a part of their disaster recovery plan. For many, current practice is the same as it has been for the last 20 years or more. Writing backup data to tape and then sending tapes off site to be stored at a remote location. Some choose to use their own method of storing the data off site. Others use companies that specialize in the transport and storage of data (both printed and electronic).

The question is – Just how secure is your off site data?

The answer – It Isn’t!

Unfortunately, there is a very real possibility that data is stolen, lost, or damaged both during transport and in storage. In fact, more than 75% of companies that have tested their tape backups have found failures on their backup tapes!

Privacy Rights Clearinghouse (http://www.privacyrights.org/) is an organization that tracks data loss and security violations. They maintain an active list of all data breaches that have occurred since 2005. Below are just a few instances of data loss due to lost or stolen backup tapes.  

 

Jan. 17, 2008

GE Money / Iron Mountain
(Boston, MA)

Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people.

150,000

Mar. 26, 2008

Bank of New York Mellon
(Pittsburgh, PA)

The company lost a box of computer data tapes storing personal information including names, Social Security numbers and possibly bank account numbers.
UPDATE (5/07/08): On February 27, Bank of New York Mellon gave the unencrypted backup tape containing information on about 4.5 million consumers -- hundreds of thousands of them People’s United Bank customers and investors -- and nine other tapes to a storage firm, Archive Systems, Inc., for transportation to a storage facility. When the storage company vehicle arrived at the storage facility, the tape was missing. The other nine tapes reached the facility safely.
UPDATE (5/31/08): The Hartford Courant reports the following figures regarding the number of Connecticut shareholders affected by the lost computer tape:
403,894 People's United Bank
33,586 John Hancock Financial
18,361 Walt Disney Co.
10,000 the remaining shareholders
UPDATE (8/30/08): The estimated number of people affected by a data breach at Bank of New York Mellon Corp has been raised from 4.5 million to 12.5 million.

As many as 4.5 million customer records are thought to be compromised. Raised from 4.5 million to 12.5 million

April 11, 2009

Peninsula Orthopaedic Associates
(Salisbury, MD)

As many as 100,000 patients of Peninsula Orthopaedic Associates are being warned to protect themselves against identity theft after tapes containing patient information were stolen. Patients also were advised to keep an eye on benefits statements from their health insurance companies since they may also be at risk for medical identity theft. The records from Peninsula Orthopaedic were stolen March 25 while in transport to an off-site storage facility. Patients' personal information including their Social Security numbers, employers and health insurance plan numbers may have been among the information stolen.

100,000

 

Pretty Scary!

For a complete list see  - http://www.privacyrights.org/ar/ChronDataBreaches.htm

Additionally, there is a lot of false information out there regarding what can be retrieved from compromised backup tapes: 

Here are 6 of the most common misconceptions about compromised backup tapes: 

1. Data on a backup tape is too difficult to recover. 
2. Old backup data is useless. 
3. Backup data written with certain mainframe or midrange systems cannot be read without the appropriate expensive equipment. 
4. Tapes can be password protected. 
5. If the backup tape has been found, it means that your compromised data is no longer at risk. 
6. Companies need not worry about thieves stealing backup tapes because they don’t have the means to recover such information.

Unfortunately, none of the above statements are true. For the complete article that dispels these 6 myths, click here.

So what does all this mean to your organization? Will you meet ever more stringent compliance regulations? Traditional methods of off-site data storage are no longer sufficient. Newer, more secure and reliable methods need to be investigated, tested, and implemented in order to ensure the security of an organizations' and its customers' data.

Spice IT Email Post

Scary indeed! I think data

Scary indeed! I think data should be segregated in a way that they would be easy to gain access and recover.

Encryption should be the

Encryption should be the default standard on ALL backup processes, if files are encrypted with strong encryption at one does not have to worry if tapes /data go missing.

I completely agree with your

I completely agree with your comment that all backup processes should provide encryption either in the software or in the hardware. The latest generations of LTO media (LTO-4 and LTO-5)do provide for encryption of the data, but for many small businesses the cost of the taoe drive and media is still quite high so providing encryption in the software is a good alternative. Should be a standard practice for anyone that sends data offsite. However, it can be easy to ignore the risks until you experience a security breach and pay the consequences.

It is quiet true knowing how

It is quiet true knowing how safe your data is can be very tricky. With so many confusing posts telling you to download this and that. You wonder how do you keep your data safe and secure from all the malfunctions and corruptions.

Larry, Thanks for putting

Larry, Thanks for putting this all in one place. Great reference.

Print this page
Email this page