This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
Encrypt backup systems
Finally, let's talk about backups. Backup systems' most obvious security flaw is the plaintext backup tape. There are many encryption options for protecting this media, including host-based file system and application encryption, encryption in the backup software, and a number of appliances that sit in the hardware data path and encrypt the data as it's written to tape.
These hardware appliances are expensive, but they are much easier to implement and maintain than the other options. In addition to encrypting at line speed and providing superior key management, they also support compression. Since encrypted data can't be compressed, some have a compression chip that compresses the data before it's encrypted. This gives these appliances a major advantage over the other solutions--application encryption and backup encryption--since their en-crypted data will not be compressed by the tape drive.
Boost backup authentication and authorization
Another security issue with backup systems is that they have typically used hostname-based authentication to check the backup server and client against each other. A hacker with a spoofed IP address could do two things to exploit this vulnerability: First, the attacker could create a rogue backup client and ask the server to restore data for the real client, thus stealing the information. A rogue client could also populate the backup server with
Finally, backup systems have taken an "all or nothing" approach to administrative authorization. For example, by giving a new administrator the ability to eject tapes from the library, you also give them the ability to delete or change every backup policy, delete all backup history and overwrite every tape you own with garbage. This presents the possibility of a novice administrator pushing the wrong button and accidentally erasing all the tapes in your tape library. (A healthcare company actually had this happen a few years ago.) Some backup software products have begun resolving this problem by introducing role-based administration, so you can give each person only the capabilities needed to do their job.
The introduction of role-based administration in backup software, along with other functionalities to secure stored data, shows that storage vendors are waking up to the importance of security. If your products don't support this kind of secure functionality, you need to pressure your vendors to see that they do--it's critical for protecting your most precious data from thieves.
This was first published in February 2006