Resources
See latest resources »
Is your data secure?  Don’t bank on it

Is your data secure? Don’t bank on it

Source: Robin Pilcher, CNT

Robin Pilcher, European Marketing Director at CNT, argues that storage and security need to be seen as two sides of the same coin to protect data for the length of its lifetime.

So there we were again. Another week, another security breach – makes you wonder if anyone ever learns from these things, doesn’t it? However, the recent news that the Bank of America had managed to ‘lose’ a number of data tapes in transit to its backup centre is somewhat different from the usual leaks and loopholes. And it highlights a worrying yet often overlooked security risk – how secure data is when it is moved off-site for backup, archive, or legislative retention purposes.

According to the Security Institute, 72 per cent of corporations admit to security breaches with significant financial impact… the most common being the compromise or loss of stored data.

Yet many organisations continue to see ‘storage’ as a separate or standalone IT function. This is a short-sighted view of this critical asset that is the cornerstone of business activity. It is also a risky way of approaching the lifecycle management of data over its lifetime and one which underlies many of the security breaches such as that outlined above.

Data security and data storage should not be considered in isolation. Just because data is offsite, sometimes even in a different country, does not release an organisation from its obligation to keep that data secure – and in many cases today, that obligation is backed by regulatory compliance laws that could see the company responsible facing significant fines and jail terms for senior executives.

Nor can a company delegate responsibility to the 3rd party that manages that offsite data for them – if your organisation collected the information, your organisation has to keep it secure regardless of where that data is kept, or on what medium.

While data is stored ‘onsite’ within the walls of the data centre, or at the company’s headquarters, it is usually relatively secure. Viruses, worms, hackers and illegal access can be thwarted by firewalls, access controls, authentication and restricted physical access. Most enterprises will have these controls in place as an integral part of their information security policies, but the data is only secure as long as it resides behind such security measures.

Just as gold bars, payrolls and large sums of cash are safe when on the Bank’s premises, they are vulnerable when transported, even by armoured vehicle, between locations.

What happens when, as with the Bank of America, your company’s back-up and archive tapes are sent off-site and are in transit to the remote vault? No firewall; no restricted access; no protective password system, just data on a tape - or should that be data on tap?

To be fair to the Bank of America, it had ensured the data on the tapes was ‘structured in a highly fragmented way’. So too, is a jigsaw puzzle when you tip the pieces out of the box, but it is still possible to complete the puzzle even without reference to the picture on the box. But how much more difficult is it to complete the jigsaw if all the pieces have previously been coded - or encrypted?

Today, threats against your company’s data are no longer confined to earthquake, fire and flood. Digital terrorism means that storing data on disk and tape media, and even replicating it across remote SANs, are three potential weak links in the security of the data infrastructure unless companies take action.

It is high time to recognise that data can not be forgotten about the moment it leaves the premises, either electronically, or on physical media. No security conscious enterprise would tolerate personal, private or sensitive customer data being emailed out to unknown individuals – information being sent off-site on tapes (or via remote electronic communications) must be treated with as much seriousness. That means sensitive data must be stored and transported in encrypted form at all times, if it is to be safeguarded against malicious use. Anything less is to leave yourself, your company and your customers open to significant risk.

The Bank of America case must be seen as a final warning – this tempting open door to those with criminal tendencies must be slammed shut – or many companies will face the consequences.

Comments: (0)

Comment resources
See all Comment resources »
The millennial mindset
/comment

The millennial mindset

Globalisation, demographic change, virtualisation, new technologies - the confluence of these drivers is forcing European banks to adapt rapidly to stay on their game and remain relevant in a world that, five years from now, will demand an entirely new way of doing business.

Thomson Reuters and multimedia
/comment

Thomson Reuters and multimedia

Learn how financial services firms are using multimedia.

Sepa - where do we stand?
/comment

Sepa - where do we stand?

The European Central Bank's Gertrude Tumpel-Gugerell, outlines the obstacles to the creation of a Single Euro Payments Area at an offsite meeting of the European Payments Council.