Storage Methods for Preventing Data Theft

3 Pages

Identity theft remains the number-one concern of consumers contacting the Federal Trade Commission (FTC), and with good reason. Recently, Bank of America, Ameritrade, and Time Warner have lost backup tapes containing personal data on customers and employees, spurring calls for a national data security law.

There have been attempts to limit identity theft since these mishaps. CitiFinancial recently announced it will begin to digitally encrypt customer data and Congress has moved to pass stricter laws on protecting personal data and private identities, particularly in the storage arena. However, it’s apparent such human error could have been avoided if physical tapes weren’t involved with companies’ storage strategies in the first place. This is where a tapeless, or virtual tape solution, would be advantageous.

Virtual tape backup technologies offer a two-pronged approach for securing data. With the elimination of physical tapes, there’s no opportunity for information to get lost or stolen en route to its offsite destination. In addition, all data is encrypted before and after it’s stored, preventing personal and financial information theft.

Data Security Crackdown

With the government monitoring data security practices, companies are under increased pressure to apply tougher disaster recovery policies. The FTC, state attorneys general offices, and other state and federal regulatory agencies are increasing their scrutiny of data security practices. Prominent businesses such as Tower Records, Barnesandnoble. com, Microsoft, and Victoria’s Secret have been slapped with regulatory fines for lax security practices.

California recently passed legislation requiring companies that store personal information about California residents to promptly disclose any unauthorized access to this information. With the surge in identity theft cases, constituents have prompted Congress to pursue new legislation to hold companies accountable when they compromise their customers’ private information. The national law would carry fines of up to $50,000 per day.

Businesses today seek realistic ways to protect personal data and private identities, particularly in their data storage procedures. For example, recent news stories of lost or stolen computer tapes have called into question the old method of storing computer tapes in an offsite location. This may still be a viable alternative for less sensitive information, but is it prudent to hand off intellectual property or other confidential records to a low-paid records delivery person? And what about all the potential opportunities for theft while the materials are in transit, or even once they’ve been moved to an offsite data center? The reality is, if someone is determined to access your company’s secrets, there’s plenty of opportunity to do so when you’re moving physical tapes around. After all, tapes are portable and easy to transport, making them particularly vulnerable to security breaches.

Data Storage Approaches

To alleviate fears of tape loss or theft, many companies now use a data vaulting approach in which data is transmitted to a disaster recovery site over TCP/IP, eliminating physical tape handling. This transmission can be performed over public or private networks. In both instances, data should be compressed to reduce transmission cost and encrypted to prevent unauthorized persons from reading the data if the transmission is compromised. With data vaulting, a mainframe appliance for storage acts as a hardware-level device that presents itself to the mainframe as physical tape drives. The mainframe isn’t aware that it’s writing to disk rather than tape.

Companies often prefer this method because the data is immediately available at the disaster recovery site. If you have to wait for a records management company to retrieve the physical tape, the data may already be stale when you receive it. Restoring from virtual tape is also faster than with physical tape.

3 Pages