By Jodi Mardesich
In June 2005, backup tapes containing personal information for about 3.9 million CitiFinancial customers went missing. In June of this year, personal details about 61,000 hedge fund investors were stolen when a Bisys Group employee's truck carrying backup tapes from one company facility to another was stolen. These are just two of the hundreds of data breaches involving more than 91 million records that have occurred since February 2005, when the Privacy Rights Clearinghouse began keeping a chronology of such events.
Some of those data breaches involved backup tapes, which are made routinely to prevent data loss in the event of a natural disaster, computer failure, or simply to comply with laws. Loss of backup data tapes (either through misplacement or theft) has become a top concern at organizations of all kinds, from banks to insurance companies to government agencies, especially now that companies are required to publicly report data breaches. Under a series of state laws, more than 30 states now require companies that experience security breaches to notify customers whose data has been compromised.
Tens of millions of Americans will receive data loss notification letters this year, says Rich Mogull of Gartner Inc. "Data loss and information leaks are not random acts of nature too costly to prevent," Mogull says.
With the escalation of identity theft, new strategies are needed at the upper levels of organizations to address the continuing problem of what to do with the backup data they keep -- especially when it contains sensitive personal information about customers and employees. According to Gartner research, there are three appropriate methods for protecting sensitive data on tapes, whether it's in storage or being moved from place to place: 1) secure electronic transmission, 2) encryption of tapes, and 3) secure transportation of tapes.
"No other methods are acceptable," Mogull says.
- Secure electronic transmission Backup data often needs to be moved. In the case of financial institutions, they need to transport tapes between credit card agencies, regulatory agencies, and their backup data centers. Some of the most high-profile data losses have occurred during physical transportation of tapes. For example, not only have backup tapes been stolen out of cars, but even the cars transporting them have been stolen. Secure electronic transmission can eliminate the need for tapes and the transportation of tapes. Data can be shared between departments or sites or with partners using wide-area networks, the Internet, or virtual private networks using link encryption, Mogull says. "Link encryption is essential; otherwise, you expose the data by transmitting it in the clear, "he says. "If exchanged data is still transferred to tape at the remote site, the tapes should still be encrypted, because link encryption won't protect the data once it's at rest."
- Securely transporting tapes In some instances, especially when there is a great deal of data to be transported, physical transportation of tapes makes sense, because other methods may be too expensive. Mogull advises against using conventional delivery services, however. "Use an armored car or other specialized service that will treat your tapes as if they were cash," he says. Such tapes should be destroyed once the task is done and the tapes are no longer needed. CIOs who must resort to physical transportation of tapes can turn to some new solutions involving radio frequency identification (RFID) and global positioning satellite (GPS) to track the physical tapes in transport, as well as to set off an alert if the tapes are tampered with. Using RFID tags can also help to physically locate tapes if they are lost or stolen.
- Encrypting backup tapes Encryption is a necessary safeguard that protects data from getting into the wrong hands if tapes are physically or electronically intercepted. However, not many organizations consistently encrypt their backup data. A survey of storage professionals done by the Enterprise Strategy Group found that just 7% of respondents said they always encrypt data when it's backed up to tape, and 60% never encrypt their data. Even large companies are lacking when it comes to the encryption of tapes. More than half of organizations with over $1 billion in revenue never encrypt their backup data, says Jon Oltsik, senior analyst at Enterprise Strategy Group. "From an industry perspective, nearly two-thirds of financial services companies and more that three-quarters of governmental departments never encrypt their backup data," Oltsik says.
Companies tend to avoid encryption due to the cost and its impact on performance. But that may be changing. A recent Forrester survey of technology decision makers found that 59% plan to spend more this year on data encryption -- including database, tape, and storage.
There are four options for tape encryption, Mogull says: 1) network encryption appliances, 2) agent-based network encryption appliances, 3) local encryption software with or without acceleration software, and 4) backup or encryption software with encryption capabilities built in. For high-performance environments where tape creation infrastructure is centralized, encryption appliances are the best bet. In a distributed backup environment where multiple appliances would be cost prohibitive, agent-based encryption appliances are more suitable. Software-based encryption usually degrades performance too much, Mogull says.
These methods for securing backup tapes go hand-in-hand with a strong security strategy that makes data protection a high priority at all levels of the organization. Securing backup tapes using encryption, and safely transmitting data on tapes or the physical tapes themselves, make it more difficult for sensitive personal data to be improperly accessed or used for identity theft or fraud.
Jodi Mardesich writes about business and technology. Her writing has appeared in The New York Times, Fortune, San Jose Mercury News, Salon, Slate, and Yoga Journal.