Added to this a spate of legislation that highlights the need for a complete security policy means that companies of all sizes are now looking at what they need to do to reduce the problems caused when data is lost. The flurry of high profile losses of sensitive data stored on backup tapes reported by large corporations has highlighted the damage that the loss of even one high capacity tape cartridge can bring.
One of the most recent cases to come to light was when Bank of America lost a number of backup tapes whilst in transit between offices. Even though there was no belief that the data had fallen into the hands of unauthorised people, the loss of confidential personal data has made many of their customers reassessed where they place their business. The US Senate as a result is considering bringing in legislation to ensure any personal data recorded on a backup or archive tape must be encrypted in some form.
It is clear that there is a real threat to data security if tapes are not encrypted, no matter how high the level of physical security used when transporting tapes to a ‘secure’ area away from the primary business location for disaster recovery plans. It is during the movement of tapes is where most of the losses in recent times have occurred. Many occasions they have been under the control of specialist companies who say they have a safe and secure storage. It has been found however, that when operators were asked how many times they have had the tapes from another company delivered to them in error, the answer is all too often that this is not a rare occurrence!
It seems to be overlooked by many analysts, but that there is also a major repercussion for the integrity of data restored from an unencrypted backup tape. What could the possible implications be of a restore being run from a set of backup tapes that have been modified? Contrary to the views of some so called specialists, it is not that difficult to modify clear data on a backup tape, and even easier to read and re-write the data so it appears to be the same unaltered tape as before. It needs only a few digits changed to have a major impact on a financial record!
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.