Fighting The Good Fight
Most end users and solution providers have not yet taken the necessary steps to address the issue, which they see as more of a data management problem than a security problem—but that is changing, channel sources said.
“Because of news like that, customers are starting to look at how to make data security a part of overall data management,” said Mark Teter, CTO of Advanced Systems Group, a Denver-based solution provider. “Without the press, it would never have become an issue, even with government regulations. Because of the press, customers are starting to ask, ‘Where are our tapes? What data is out there?’ ”
The U.S. Congress and the Department of Veterans Affairs last week started investigating the theft of a hard-drive containing the names, Social Security numbers and birth dates of 26.5 million veterans and spouses from a VA employee’s residence earlier this month.
Late last week also saw the U.S. Attorney’s Office in eastern Missouri issue a notice to blood donors in Missouri and Illinois warning them that a donor recruiter had stolen donors’ personal information from an American Red Cross database and used that information to open at least three fraudulent credit card accounts.
This follows several recent high-profile losses of data, including insurance or human resources data stored on stolen laptop PCs, tapes lost in transit and online personal data stolen from financial firms whose networks were reportedly secure.
Dave Cerniglia, president of Consiliant Technologies, an Irvine, Calif.-based storage vendor, said regardless of what type of perimeter security is in place, data is still very vulnerable to compromise at its weakest point—the people who handle the data. “It’s your own people screwing up,” Cerniglia said. “It’s always going to be an issue.”
The first step to securing such data, Teter said, is a data-storage assessment. “Part of that assessment examines the data to look for things, like Social Security numbers, that need to be protected,” he said. “We can then get a blueprint of the data and look at how to manage the content.”
Storage vendors are responding to the problem with new encryption technology aimed at securing both data in transit and data at rest.
Sun Microsystems recently said it plans to start shipping a new version of its T10000 line of tape drives—a result of its StorageTek acquisition—with native encryption in order to protect data as it is being archived. SDLT tape format vendor Quantum also plans to add native encryption to its tape technology in the near future.
Software solutions also are becoming available. Symantec recently starting shipping Veritas NetBackup 6.0 PureDisk Remote Office Edition, which encrypts data as it is replicated locally. CA’s BrightStor Tape Encryption software offers similar functionality in mainframe environments.
But Cerniglia said customers are not yet flocking to new technology to prevent data loss. “In enterprises or in specific verticals like financial, it becomes an issue,” he said. “But customers have other pressing problems that need to be handled. Many projects need to be done. They need to prioritize their bandwidth.”
Even so, Cerniglia said his company is looking at the opportunities in data security. “We’re looking at what the vendors are doing, but we’re not actively targeting customers yet,” he said. “Before we jump on the bandwagon, it’s more important to listen to what customers need.”