Within the last decade, there has been a huge increase in the accumulation and communication of digital computer data in both the private and public sectors. Much of this information is of significant value, either directly or indirectly, and it requires protection.
The subsequent emergence of large centralised storage repositories such as enterprise disk subsystems and tape silos further increases the threat to personal and corporate privacy. Since data banks are commonly accessed from remote computer terminals, there is the possibility of easy and unauthorised access to sensitive information from any place in the data communications system.
This is usually regarded as the highest access environment, and a large amount of effort has therefore been put into place to protect such on-line data. Despite the increasing awareness to the IT industry of the importance of back-up however, and the cost benefits of archiving data to tape, the potential weakness of security of tape-resident data is generally being ignored.
Encryption can be used but, unless it is properly understood and applied, may only provide an illusion of security.
Where is the threat?
It can be generally accepted that at least some proportion of the data held by a company is sensitive, be it to private individuals, members of staff, business rivals, foreign governments etc, or because of the security legislation in the country or community where the business operates.
The proportion of sensitive data is dependent upon the nature of the business in which the company operates. The usual environments where there will be the highest proportion of sensitive data are government, research and financial institutions. Here the data is the company's most guarded asset, such as new product development in a pharmaceutical company, medical records or highly private financial transactions.
Most major companies have a backup strategy, so that in the event of a system failure, the data will be available for restore when the failure has been resolved. Virtually all large companies perform this operation to tape.
Tape technology has now advanced to the point where 100 GB of data can be stored on a cartridge small enough to fit into a pocket. Many companies operate stringent security procedures in their data centres - visitors must be accompanied by pass-holding staff, keycode door locks and the like - all of which are subject to abuse resulting in a security mirage. Even if these security measures are implemented, they are totally reliant upon the loyalty of staff.
The most serious threat to sensitive data, however, has arisen through disaster recovery policies. Many companies are moving their back-up and archive tapes to their disaster recovery sites, or to a remote storage facility. It is during transit from one site to another that the tapes are at the highest level of risk, be it from organised theft, accident or misplacement. Data tapes which have been encrypted however will have a higher level of security should they fall into the public domain or into the hands of competitors.
The encryption methodology used must however be secure in itself. Encryption is a waste of time and money, however, if the decryption resources can be easily obtained. Dexchange, for example, employs a combination of hardware and security codes that makes it virtually impossible for any person to decrypt data away from the client's premises.
The hardware is easily installed at the customer's premises, and is totally transparent to the host and operating system. Once installed, encryption is done automatically during backups, with little or no effect on backup times. Likewise, decryption takes place automatically during the restore process, but only at the premises where the customer's hardware is located.
Source: Mike Smith, Dexchange