Blog

Posts Tagged ‘Zserver Backup’

Maybe the Backup Drive Should Be Encrypted?

Monday, March 14th, 2011

I know. It’s crazy talk.

A backup drive forĀ one of Western Michigan University’s departments went missing. The school is not sure if the drive was stolen, or is just misplaced indefinitely, but it is notifying those whose personal data might be compromised should the data be accessed.

Here is the thing, though. If WMU had encrypted the data on its backup drives there would be no issue and no concern. Lost drive? No problem. Replace the drive and go on with life, comfortable and secure in the knowledge that the drive’s new owner can not possibly access the data it contains.

If it was some horrifically complex, costly, or cumbersome process, I could more easily understand why so many schools, hospitals, and other organizations fail at this one, simple thing. But, it’s not. It is simple, automatic, easy, and cost effective–significantly less than the cost of dealing with a data breach incident–to just put the right tools in place proactively and encrypt data on backup media.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Cord Blood Registry Learns Hard Lesson

Friday, March 4th, 2011

What happens when you leave a laptop and backup tapes holding unencrypted sensitive customer data in your car? Simple–someone breaks into aforementioned vehicle and steals them–leading to a data breach affecting 300,000 customers.

Cord Blood Registry, the world’s largest stem cell bank, learned this lesson the hard way. Hopefully, your data is already protected–especially on laptops and backup media. If not, hopefully you will learn from CBR’s mistake and won’t have to go through the painful process of learing the lesson the hard way as well.

The lax data protection is a combination of a false sense of security, combined with being oblivious to the risk, mixed with a healthy dose of feeling like the solution is too complex or costly. CBR should have had policies in place mandating that data on laptops and backup media be encrypted to prevent exposure or compromise. More importantly, it should have had tools in place that simplifiy and automate that process so that data protection isn’t reliant solely on an individual user’s ability to follow that policy.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Admins Spending More on Data Protection in 2011

Wednesday, January 12th, 2011

The economy is far from fully recovered, but at least there are some positive signs that it is still heading in the right direction. A recent CommVault survey of IT storage spending plans for 2011 indicates that many budgets are increasing, and that spending specifically on data protection tools and technologies could be as much as double the norm for some companies.

An eWeek.com post regarding the survey reports, “In this survey, nearly 80 percent of storage administrators reported that their IT spending budgets would either be increased slightly or maintained at 2010 levels. About 80 percent of those polled reported that they will allocate as much as 20 percent of their budgets on data-protection hardware, software, services/support and media.”

The news is partially an indicator of renewed confidence in the economy, but it also demonstrates that data protection is a high priority. Many aspects of information security–fighting malware, blocking spam, etc.–have reached a level of equilibrium with the threats they protect against, and have become part of the mundane routine, enabling admins to focus more effort on protecting confidential and sensitive data from being leaked–whether intentionally or inadvertently.

Those 80 percent that plan to allocate significant budget to data protection tools should spend some time exploring what Zecurion has to offer with the Zserver Suite, Zlock, and Zgate.

Tags: , , ,
Posted in Data Storage Security | 2 Comments »

Zserver Provides the Protection Data Deserves

Monday, October 4th, 2010

Zserver Suite provides organizations with complete protection of their data residing on servers and backup media by transparently encrypting and safekeeping all business-critical and confidential customer information. In other words, it just works–ensuring that data is secure and protected from unauthorized access even on lost or stolen devices.

Check out 12 Reasons Why Zserver Suite is the Ultimate Data Protection to learn more.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

State Laws Encourage Backup Encryption

Sunday, January 24th, 2010

I heard a rumor recently that Iron Mountain, a leading provider of offsite storage for backup data, was implementing a new policy that all customer data must be encrypted.

It makes sense. Unencrypted backup media seems to be an increasingly common source of data breaches. Chase Bank lost data on an unencrypted backup tape. Information Vaulting Services lost a backup tape from the state of Arkansas containing unencrypted personal information on over 800,000 individuals. A third-party storage vendor lost an unencrypted backup tape from Bank of New York Mellon with sensitive information from 4.5 million customers. The list goes on, and on, and on…..and on.

While the organization entrusted with the data–Chase Bank, the state of Arkansas, or Bank of New York Mellon in the cases cited above–ultimately must pay the price for the data breach, both in terms of the broken trust with customers and damaged reputation, as well as any fines, penalties, and the cost of notifying and protecting customers, the fact is that these losses also reflect poorly on the third-party organizations responsible for securely storing the backup media.

Organizations like Iron Mountain that provide offsite storage have no way of knowing what data is contained on the media it stores for its customers, nor whether or not that data is encrypted or protected in any way. A tape is a tape is a tape and they are all handled and treated the same. Granted, a company that exists to provide secure offsite storage for backup data should not lose its customer’s backup media, but it shouldn’t bear any additional responsibility for personal or sensitive information being compromised as a result.

It turns out that the rumor I heard was incorrect. I spoke with Iron Mountain and I was told that it does not require customers to encrypt backup data–although it does believe its a good idea and highly recommends that customers consider doing so.

Apparently, the rumor stems, at least in part, from laws enacted in Nevada and Massachusetts. Those state laws require that personal information that could lead to identity theft be protected–even on backup media. Iron Mountain may not require it, but Nevada and Massachusetts do require that organizations in those states, or that conduct business in those states and/or result in personal information from citizens of those states being retained, encrypt information on backup media.

Suffice it to say, its just a good idea. Data at rest should be encrypted whether it is stored on servers on your internal network, or backup media stored offsite with a third-party.

Tags: , , , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

A Safe Isn’t Safe When it Comes to Protecting Data

Tuesday, January 19th, 2010

It sounds like a good idea to provide some extra security for your backup data by storing the media in a locked safe. It is certainly better than storing the media in an unlocked drawer or on a shelf somewhere. But, if a thief simply takes the whole safe, as happened to Goodwill of Greater Grand Rapids in Michigan, the data is not really protected any more.

While it seems fair to assume that the thief expected to find money inside, the safe actually contained names, addresses, dates of birth, and Social Security numbers from thousands of Goodwill workers. Since the thief took the whole safe, it also seems fair to assume he or she had a plan for how to open it and extract its contents.

After that, it gets a little more difficult to speculate. According to Jill Wallace, VP of Community Relations for Goodwill, the official stance seems to be based on an assumption that the thief is simply too dumb to know what a backup tape is or how to find out what is stored on it. “Basically it would be impossible for an individual to even know what to do with that data or even how to open it up.”

I’ve worked with backup tapes. While they may not be your standard audio cassette tape, it is obvious that it is a tape. Contrary to Wallace’s sentiment that the data must be safe because the thief would be too clueless to use it, I think its reasonable to believe that the thief *would* know that its a data tape, and–especially after the disappointment of realizing there is no money in the safe–the thief would do everything possible to determine what *is* on the tapes and try to make lemonade from lemons by capitalizing on the data they contain.

According to the article from the Grand Rapids News Channel 3 Web site, “Goodwill of Greater Grand Rapids thought that personal data would be more secure if those tapes were not in a corporate office, but inside one of its stores. The organization has decided not to do that anymore.”

I think Goodwill missed the point and learned the wrong lesson. The location of the safe is not the problem–thieves are just as likely to break into the Goodwill corporate office and take the safe. The issue is that the data stored on the backup tapes–or any other media you might store your backup data on–should be encrypted so that the data is protected even if the storage container is breached.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 2 Comments »