This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
Storage and backup systems are rife with vulnerabilities. Take seven steps to secure them, or risk unflattering headlines and legal problems.
From the ChoicePoint fiasco to the CardSystems debacle, data security breaches make news all the time. Rarely does a week go by without a report of another incident of credit card accounts exposed, personal information stolen, or backup tapes disappearing. Universities, banks, government agencies and even security software companies all have been in the unfortunate spotlight after a breach. The Privacy Rights Clearinghouse tallied nearly 100 breaches between February and December last year.
Not only have storage networks created another attack point, but storage networks, networked backup and recovery systems are some of the most direct routes to your information. Why hack a server when you can go around it to get to the data? Storage systems aren't just a target-- they're a big, juicy target for a heist.
A big reason for the concern and why we're hearing about all these security problems is due to laws--such as SB 1386--that require the reporting of the loss of control over personal information. These stringent security reporting requirements, coupled with the lack of security behind most storage and backup systems, make the storage administration division of your IT department the most likely group to get your com-pany the kind of media attention it doesn't want.
But you can protect your data if you
This was first published in February 2006