VARs Up To Challenge Of Preventing Data Theft, Loss

securing securing data on a storage device or a PC

But so far, it looks like many end users and their channel partners haven’t taken the steps needed to address the problem.

On Monday, Reuters reported that earlier this month, data on an unspecified computing device was stolen from the residence of an employee of the Department of Veterans Affairs. The employee wasn’t authorized to have that data outside the office, according to the report.

A major problem in such scenarios is that the security of the data--no matter what type of perimeter safeguards are in place--remains vulnerable at its weakest point: the people who handle the data, said Dave Cerniglia, president of Consiliant Technologies, an Irvine, Calif.-based storage vendor.

"In the VA case, it's your own people screwing up," Cerniglia said. "It's always going to be an issue. This is probably a dedicated guy who did a good job all his life who now screws up and will probably lose his job."

That has been the case with several high-profile losses of data in the past year, including insurance or human-resources data stored on laptops that were stolen or tapes were lost after being sent for archiving.

In other headline-grabbing cases, online personal data was stolen from financial firms and other companies whose networks were reportedly secure.

Last year, security breaches at ChoicePoint, LexisNexis, MCI and the Bank of America resulted in stolen account information or social security numbers for about 580,000 customers, according to research firm IDC. Also during the year, missing backup tapes from Bank of America, Ameritrade, Time Warner and Citigroup had the potential of exposing account or social security data of 5.9 million people, IDC said.

Nevertheless, businesses are not flocking to new technology designed to prevent such data loss, Cerniglia said.

"In enterprises, or in specific verticals like financial [services], it becomes an issue," he said. "But customers have other pressing problems that need to be handled. Many projects need to be done. They need to prioritize their bandwidth."

For that reason, Consiliant is eyeing opportunities in this space, according to Cerniglia.

"We're looking at what the vendors are doing, but we're not actively targeting customers yet. Before we jump on the bandwagon, it's more important to listen to what customers need," he said. Storage vendors are aiming new technology at securing data in transit--typically data moved in backup tapes and over IP networks--and data at rest on hard drives. Much of the technology focuses on encrypting data so that if it’s lost or stolen, it can’t be used.

Sun Microsystems, for instance, recently said it plans to start shipping a new version of its T10000 tape drive line that has native encryption for protecting data as it’s archived. Sun obtained the technology via its acquisition of StorageTek.

The T10000 encrypts data as it’s written to tape. The encryption keys are stored on a token so they can be used to read data off a tape if the drive is replaced later on. The drives can be assigned to a storage pool, which also can have its encryption keys stored on a token. The keys can be sent to a remote site in case of a failure at the primary site.

SDLT tape format vendor Quantum also soon plans to add native encryption to its tape technology. Other hardware devices, such as the Decru DataFort, encrypt data as it’s sent to tape or across a network at wire speed, regardless of the final target device. Network Appliance acquired Decru nearly a year ago.

Software solutions are becoming available as well. Symantec recently starting shipping software to encrypt data as it’s replicated locally, to a central data center or to an off-site disaster-recovery center. The software, Veritas NetBackup 6.0 PureDisk Remote Office Edition, is based on technology Symantec attained when it acquired Belgium-based Data Center Technologies last year.

Although such storage offerings are getting customers to talk about storage security, the technology often raises as many questions as it answers, said Carl Wolfston, director of Headlands Associates, a Pleasanton, Calif.-based solution provider.

"What happens to the data if the tape drive [with encryption technology] breaks?" Wolfston said. "What happens if you lose the encryption keys?"

Still, storage solution providers must start moving in this direction, said Pat Edwards, vice president of sales at Alliance Technology Group, a Hanover, Md., solution provider. Alliance is looking at assembling a stack of technology, including the Sun encrypted tape drives, the NetApp Decru data encryption appliance, and software that automatically back ups desktop and notebook PCs.

"We're taking the initiative," Edwards said. "Customers are not asking for it. Nobody here is really pushing it."