How to keep stored data out of enemy hands

What you will learn from this tip: A few ways to safeguard backup tapes.

In February, the Bank of America announced that it had lost backup tapes containing personal data

Requires Free Membership to View

and credit card information on 1.2 million government employees, including United States senators. While there is no evidence that this information has been misused, the simple fact that the loss occurred has created a huge, expensive problem and left the bank with a very black eye.

Once again, the primary lesson is that what's valuable -- and can get you in trouble -- is the data, not the hardware or tapes themselves. When we talk about "securing tape," we are really talking about securing the data on those tapes.

The secondary lesson is that you had better secure your backup and archive tapes, especially if they contain critical data about your business or your customers.

Tapes are especially vulnerable to security breaches because they are inherently portable, often transported off site and, in the case of backup tapes, contain everything in the enterprise's computers. What's worse, because they may not be used again for months or years, they can be gone for a long time before anyone notices -- if anyone ever notices.

There are a number of steps you can take to protect the data on your tapes and ensure that tapes themselves are less of a security risk.

  • Physically secure your tapes.

    Think of those tapes as bags of money and treat them accordingly. Always keep critical tapes under lock and key when they're not being used and transport them in locked containers, perhaps by a messenger who does not have a key to the container.

  • Encrypt your tapes.

    One simple protection is to encrypt your tapes. Encryption can help prevent misuse of the information should the tapes be stolen or otherwise compromised.

    Fortunately, many modern storage management systems and backup software provide encryption as a standard feature. If yours doesn't, consider using a separate encryption package.

    Vendors such as NeoScale Systems and Decru Inc. offer devices that have features such as encryption, key management, compression and digital signatures for tapes.

  • Set security policies for tapes and make sure they're followed.

    Experience shows that people will expose tape to risks that they would never expose a bag of money or a laptop computer to. But losing a bag of money is cheap compared with the cost if critical data on a tape is potentially compromised.

  • Audit your tapes and maintain records.

    The worst case scenario is having your data stolen and not realizing the tape is missing.

    There's an element of CYA here. If things get really, really nasty, it's extremely valuable to be able to document everything that happened to every important tape from the time critical data was recorded on it, until that data was erased or the tape destroyed.

    For more information:

    Tip: When to choose tape

    Topics: Tape backup

    Tip: Tape price hikes looming

    About the author: Rick Cook has been writing about mass storage since the days when the term meant an 80 K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years, he has been a freelance writer specializing in storage and other computer issues.

    This was first published in April 2005

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.