The year 2005 was proof that loss of information can be detrimental to any organization. Almost every week another organization was involved in a security breach involving valuable corporate data or customer information, several of which involved stolen or lost backup tapes. As a result, high-profile organizations are scrambling to ensure more effective storage security and data protection, while concerns surrounding identity theft continue to mount among consumers. Adding to storage professionalsí anxiety is the amount of data that can be compromised on a single backup tape. Because of the concentrated pool of data they contain, a single tape can compromise more personal information than many of this yearís online break-ins.
Any good strategy for data storage protection includes a strategic balance between information availability and information security. IT managers today are tasked with maintaining this balance at a reasonable cost. Itís easy to make information completely secureóby locking it up in a safe, for exampleóbut the trick is to also ensure that it is available when needed. However, by providing information access, there are always risks, which generally fall into four main categories:
Malicious attacks: Organized crime has moved online and will continue to do so in 2006 with a variety of tricks, including the latest flavors of worms, viruses, bot networks, and phishing attacks. During 2005, there has been a noted shift from pesky virus writers looking for attention, to more organized, malicious attackers seeking financial gain. Human error: To err is human, and unfortunately it happens all too often. Employees leave laptops in airplanes, trip over wires, or cause system crashes. Or, as in one high-profile case from 2005, storage tapes are simply lost in transport. Infrastructure failures: IT infrastructures are not foolproof and all it takes is a power loss, or a server failure to lose business-critical information. Natural disasters: 2005 also reminded us how quickly natural disasters can strike and bring any business to its knees. According to Gartner, 50 percent of enterprises that lack a recovery plan go out of business within one year of a significant disaster.
A good strategy for effective storage security should take all of these risks into consideration. Data and information on its own is not valuable to any organization. Applications, servers and operating systems must be up and running to make use of information and to maintain the highest degree of information availability and integrity.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.