Blog

Posts Tagged ‘Zserver Storage’

« Older Entries

12 Reasons You Should Be Using Zserver Suite

Monday, August 1st, 2011

Even the best network security is not impenetrable, and despite your best efforts attackers may one day infiltrate your organization. However, just because attackers make it past the perimeter defenses shouldn’t mean they have free access to sensitive information. That data should be properly protected even on the internal network.

Zserver Storage not only prevents leakage of confidential corporate data, but actually hides the data’s existence from unauthorized access and personnel. The information is available only when a network administrator grants a user or application proper access rights to the protected data. Zserver Storage functions transparently for both network administrators and end users with the encryption of data performed in real-time as a background process.

To learn more about Zserver Suite, and why you should be using it to protect your sensitive data, read 12 Reasons Why Zserver Suite Is the Ultimate Data Protection.

Tags: , , ,
Posted in Data Storage Security | No Comments »

Cord Blood Registry Learns Hard Lesson

Friday, March 4th, 2011

What happens when you leave a laptop and backup tapes holding unencrypted sensitive customer data in your car? Simple–someone breaks into aforementioned vehicle and steals them–leading to a data breach affecting 300,000 customers.

Cord Blood Registry, the world’s largest stem cell bank, learned this lesson the hard way. Hopefully, your data is already protected–especially on laptops and backup media. If not, hopefully you will learn from CBR’s mistake and won’t have to go through the painful process of learing the lesson the hard way as well.

The lax data protection is a combination of a false sense of security, combined with being oblivious to the risk, mixed with a healthy dose of feeling like the solution is too complex or costly. CBR should have had policies in place mandating that data on laptops and backup media be encrypted to prevent exposure or compromise. More importantly, it should have had tools in place that simplifiy and automate that process so that data protection isn’t reliant solely on an individual user’s ability to follow that policy.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Portable Data is Often an Easy Target

Thursday, February 10th, 2011

There are certainly benefits and advantages to being able to carry massive amounts of files and data in your pocket. However, the small size and gargantuan storage capacities also make portable media very easy to lose or misplace, and a prime target for criminals.

Whether it is a USB thumb drive, an external hard drive, a smartphone, a tablet, or some other device, it is not uncommon for people to have 32GB, 64GB, or even a terabyte of data on them. The data could be a music library or albums of personal photos, or it could be an entire patient or student database–complete with Social Security numbers, driver’s license numbers, home addresses, and other valuable information.

According to the Privacy Rights Clearinghouse, a non-profit organization dedicated to protecting consumer privacy and raising awareness of privacy concerns, there were 142 reported data breach incidents in 2010 involving portable storage devices. Those incidents led to the compromise or exposure of nearly 7 million records. That amounts to 7 million possible cases of identity theft or credit fraud, or 7 million violations of security and privacy mandates such as HIPAA or PCI DSS.

It is important that organizations limit the types of data that are allowed to be stored or transported on portable media, and that data that is stored on portable devices is properly protected so that–even if the device is lost or stolen–the data it contains will be safe.

Tags: , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

Admins Spending More on Data Protection in 2011

Wednesday, January 12th, 2011

The economy is far from fully recovered, but at least there are some positive signs that it is still heading in the right direction. A recent CommVault survey of IT storage spending plans for 2011 indicates that many budgets are increasing, and that spending specifically on data protection tools and technologies could be as much as double the norm for some companies.

An eWeek.com post regarding the survey reports, “In this survey, nearly 80 percent of storage administrators reported that their IT spending budgets would either be increased slightly or maintained at 2010 levels. About 80 percent of those polled reported that they will allocate as much as 20 percent of their budgets on data-protection hardware, software, services/support and media.”

The news is partially an indicator of renewed confidence in the economy, but it also demonstrates that data protection is a high priority. Many aspects of information security–fighting malware, blocking spam, etc.–have reached a level of equilibrium with the threats they protect against, and have become part of the mundane routine, enabling admins to focus more effort on protecting confidential and sensitive data from being leaked–whether intentionally or inadvertently.

Those 80 percent that plan to allocate significant budget to data protection tools should spend some time exploring what Zecurion has to offer with the Zserver Suite, Zlock, and Zgate.

Tags: , , ,
Posted in Data Storage Security | 2 Comments »

Zserver Provides the Protection Data Deserves

Monday, October 4th, 2010

Zserver Suite provides organizations with complete protection of their data residing on servers and backup media by transparently encrypting and safekeeping all business-critical and confidential customer information. In other words, it just works–ensuring that data is secure and protected from unauthorized access even on lost or stolen devices.

Check out 12 Reasons Why Zserver Suite is the Ultimate Data Protection to learn more.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Stolen Laptop Puts Patient Data at Risk

Tuesday, September 28th, 2010

A laptop belonging to an employee of St. Vincent Hospital in Indianapolis was stolen from the worker’s residence. That laptop contained medical history details and Social Security numbers of 1,200 hospital patients–and of course the data is not encrypted or protected in any way.

Rex McKinney, St. Vincent Hospital privacy officer stated, “We are committed to protecting the confidentiality and privacy of our patients and will continue to implement administrative, technical and physical safeguards against unauthorized disclosures of protected health information.”

That is all well and good, but in order to “continue” implementing safeguards you would have to have implemented some in the first place. The article also states that the hospital is taking “precautionary steps to avoid future incidents.”

The thing is that implementing controls in response to an incident after data has already been compromised is not “precautionary”–it’s reactionary. HIPAA (Health Insurance Portability and Accountability Act) compliance requirements already mandate that the data should have been protected to begin with. Putting basic protection in after the fact is hardly heroic or praiseworthy–it’s just public relations damage control.

When will organizations–particularly medical and educational institutions–learn that implementing solutions like Zecurion’s Zserver Storage is a simple, cost-effective solution that can prevent incidents like these and save the organization from facing the legal, financial, and reputation consequences of compromising sensitive data?

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

RAID Provides Data Integrity and Availability, But Not Security

Wednesday, August 4th, 2010

In the storage realm RAID architecture continues to be very popular and is widely used by different vendors because it allows for the combination of different hard drives into one fast, reliable and
spacious storage device that satisfies nearly all enterprise data storage needs. However, along with all the well known benefits of RAID architecture a common misconception continues to exist; many IT
professionals still believe that the data stored on RAID devices is secure.

This false belief stems from the basic concept of RAID – distributing the data among many hard drives which disrupts files formats and makes the stealing of one particular hard drive from the RAID system useless for an attacker. This white paper highlights the threats to data in a RAID architecture and outlines why additional data protection procedures should be employed to ensure complete protection and compliance with the ever-increasing regulatory mandates for securing sensitive data.

Tags: , , ,
Posted in Data Storage Security | 1 Comment »

Zserver Protects Data in the Cloud

Friday, June 18th, 2010

A ComputerWorld article title Cloud Security in the Real World: 4 Examples cites Zecurion’s Zserver as a cloud-based storage encryption solution. 

Examining the issue of data encryption in the cloud, the article states “Several providers of cloud-based backup storage install appliances at the customer site to accommodate encryption, but Flushing was not interested in that setup.”

It also explains “At Flushing Bank in New York, CIO Allen Brewer turned to the cloud for data backup after getting fed up with on-site tape backup. Using Zserver from Zecurion, Flushing is now sending files over the Internet to be stored for backup.”

 Read the white paper Protecting Data in the Cloud to learn more about encrypting and protecting data in the cloud with Zecurion’s Zserver.

Tags: , , , , ,
Posted in Data Storage Security | 1 Comment »

Tufts University Alumni Data Exposed by Malware

Monday, June 14th, 2010

What is it about networks and data at universities and medical establishments? It seems like almost every breach of sensitive or personal data is related to these two types of institutions. Are they targeted more often than other types of networks, or do they just have weaker security and poorer data protection mechanisms in place?

Following on the heels of the recent botnet compromise at Penn State University, Tufts University has discovered that “several computers were recently exposed to an unknown virus or malicious software program.” As a result, roughly 7000 alumnus may have had their student ID numbers exposed–and like Penn State University the breached data is legacy data from a time when the university used the student’s Social Security number as their student ID number.

Universities, including both Penn State University and Tufts University, have abandoned that practice, but apparently have not found the time to go back through archive data and old databases to purge legacy information from the servers. While that is still a good idea, and a project that these universities should be pursuing, having sufficient data protection controls in place, such as encrypting the stored data, would ensure that it would not be exposed even in the event of a malware compromise or breach of the server itself.

A small investment in proactive security measures goes a long way and saves the organization from the lost reputation, time, and money involved in responding to a data breach incident.

Tags: , , ,
Posted in Security Breaches & Data Loss Incidents | 2 Comments »

State Laws Encourage Backup Encryption

Sunday, January 24th, 2010

I heard a rumor recently that Iron Mountain, a leading provider of offsite storage for backup data, was implementing a new policy that all customer data must be encrypted.

It makes sense. Unencrypted backup media seems to be an increasingly common source of data breaches. Chase Bank lost data on an unencrypted backup tape. Information Vaulting Services lost a backup tape from the state of Arkansas containing unencrypted personal information on over 800,000 individuals. A third-party storage vendor lost an unencrypted backup tape from Bank of New York Mellon with sensitive information from 4.5 million customers. The list goes on, and on, and on…..and on.

While the organization entrusted with the data–Chase Bank, the state of Arkansas, or Bank of New York Mellon in the cases cited above–ultimately must pay the price for the data breach, both in terms of the broken trust with customers and damaged reputation, as well as any fines, penalties, and the cost of notifying and protecting customers, the fact is that these losses also reflect poorly on the third-party organizations responsible for securely storing the backup media.

Organizations like Iron Mountain that provide offsite storage have no way of knowing what data is contained on the media it stores for its customers, nor whether or not that data is encrypted or protected in any way. A tape is a tape is a tape and they are all handled and treated the same. Granted, a company that exists to provide secure offsite storage for backup data should not lose its customer’s backup media, but it shouldn’t bear any additional responsibility for personal or sensitive information being compromised as a result.

It turns out that the rumor I heard was incorrect. I spoke with Iron Mountain and I was told that it does not require customers to encrypt backup data–although it does believe its a good idea and highly recommends that customers consider doing so.

Apparently, the rumor stems, at least in part, from laws enacted in Nevada and Massachusetts. Those state laws require that personal information that could lead to identity theft be protected–even on backup media. Iron Mountain may not require it, but Nevada and Massachusetts do require that organizations in those states, or that conduct business in those states and/or result in personal information from citizens of those states being retained, encrypt information on backup media.

Suffice it to say, its just a good idea. Data at rest should be encrypted whether it is stored on servers on your internal network, or backup media stored offsite with a third-party.

Tags: , , , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

« Older Entries