Data Thefts Reveal Storage Flaws

[DevilDog#1]

By Dennis Fisher and Brian Fonseca
March 7, 2005

Recent high-profile thefts of sensitive data have enterprise IT executives looking hard at the relationships among storage, backup and security, even as vendors prepare new ways to lock down stored information.

Proposed solutions run the gamut from EVault Inc.'s improved online backup to Decru Inc.'s sophisticated encryption methods; all aim to mitigate risk at a time of heightened concern for data security.

The stakes in handling sensitive data, especially on storage tapes, came into stark relief last week when Bank of America Corp., based in Charlotte, N.C., said it lost unencrypted tapes that included personal information on 1.2 million federal employees.

Such catastrophic security and privacy breaches are leading customers to re-evaluate how often they access their stored tape data, who is granted access, what type of security is in place and whether online disk-to-disk backup is more favorable than traditional tape backup operations.

Kenan Luptak, IS manager at First National Bank, in Sydney, Neb., two months ago abandoned physical tape backup for EVault InfoStage, a self-managed online disk-array protection system. Luptak said his organization could not afford to take for granted tape's nonverification and lack of integrity checks.

"You don't have quality control of the individual taking tapes off-site," said Luptak. "Did they leave them in a car? Did they freeze or have heat exposure? The integrity of tapes is always a question, and this way we don't have to worry about how the tapes are handled."

Next month, EVault will unveil a new iSeries agent that will enable administrators to perform hot backups online without disrupting service and an iSeries database trigger method to more quickly capture changes during backups, said officials of EVault, based in Walnut Creek, Calif.

Click >here< to read on.