A report by CitiFinancial earlier this week, that personal data on 3.9 million customers had been lost by a UPS...
courier, made a splash on newswires -- but users said implementing the correct security solution isn't easy.
CitiFinancial was the latest in a growing list of companies that have found their data security compromised in recent months, including Bank of America Corp. and Polo Ralph Lauren Corp. So far, storage users elsewhere seemed to be unanimous that data protection is a growing concern.
However, they remained divided on the best methods to prevent their companies from falling into the public relations and logistical nightmare of data theft. Some came down firmly on the side of e-vaulting and disk-to-disk backup, while others insisted that encrypted tape was the only way to go. Still, others pointed out the wisdom of combined solutions.
Karl R. Rautenstrauch, storage administrator for a healthcare insurance firm in Florida, said his company is using a mix of vendors disk platforms, as well as a tape infrastructure for backup, but that the CitiFinancial story "is a frightening one for us because we use SunGard for off-site disaster recovery (DR) and we will ship tapes up there in the event of a disaster."
He said the recent data losses "have accelerated discussions that we've been having, to do disaster recovery internally with a disk-based solution to minimize the chances that we could have a tape or another piece of our data fall into the wrong hands."
With many generations of data already backed up on tape -- Rautenstrauch estimated it to be over a petabyte's worth -- the new disk will only cover about 25% of the company's data, incorporating only the most critical records. In addition to the elimination of the risk involved in physical transport, disk-based backup holds a few other advantages over tape, according to Rautenstrauch.
"In terms of restore times -- the time it takes to create valid restartable copy -- the difference is just ridiculous between disk and tape," Rautenstrauch said. A disk-based system will clone a file in less than one minute, while a tape copy of a database can take hours or even days to restore.
"There's nothing that's foolproof," he admitted. "One thing that needs to be addressed is that there are command line interfaces that are leveraged when you're making these backups -- you need to control access. That's a security concern."
Controlling access to disks is one reason Daniel Chow, systems and security administrator at Boeing Employees' Credit Union, is sticking to tape.
"A lot of the disk encryption is heavily dependent on the security of your perimeter," he said. "Doing disk encryption is almost futile, in my opinion -- even if you encrypt that disk, if you are able to get access to the server, you have access to that data."
Encrypted tape, according to Chow, is a better defense against hackers. "For you to grab that data [on a tape], you have to have a similar architecture and hardware."
Hilary Croach, director of information services at Bay Cove Human Services, a small nonprofit organization in Boston, said he is taking a combined approach, looking at alternatives to tape for DR, but is amenable to keeping tape for less critical data. Croach said Topio Inc., which provides continuous replication for DR, was attractive because it kept his backup operations manageable and in-house.
"We do most of our work internally," he said. "Backing up everything on tape is a royal pain and a waste of my technicians' time."
But, he said, vaulting off site with AmeriVault Corp. or Iron Mountain Inc., or e-vaulting, was also not practical for him. "When I looked at the cost, I found that I could get a Topio solution to one of my own sites for the cost of one year's e-vaulting."
Topio's client software is Web based, and unlike e-vaulting, doesn't move the data off site, though it uses a similar process of continuous backup behind the scenes to replicate data on disk. Right now, like Rautenstrauch, Croach is using Topio for his most important data, although he is anticipating moving more and more of his operations to it down the road.
"It's not a total solution," Croach said. "It needs backup software and only does replication -- if it's replicating a corrupt database you've got a corrupt copy. You need a combined solution."
"We'll probably use tapes for some things," Croach said. Such as the 150 GB of flat files that are live on storage right now, which he predicted will be moved to tape as they go through the backup cycle. "It's still somewhat cheaper than disk."
Croach said he has peace of mind knowing both his tapes and replicated files are secure. "If an atom bomb hit the Boston area, it probably still wouldn't affect our vault site," he said, "But with Topio, we can't lose our data en route.
"I've heard that's happened recently."
Note: This article originally appeared on SearchStorage.com.
Dig Deeper on Security Industry Market Trends, Predictions and Forecasts