In February, the Bank of America announced that it had lost backup tapes containing personal data and credit card information on 1.2 million government employees, including United States senators. While there is no evidence that this information has been misused, the simple fact that the loss occurred has created a huge, expensive problem and left the bank with a very black eye.
Once again, the primary lesson is that what's valuable -- and can get you in trouble -- is the data, not the hardware or tapes themselves. When we talk about "securing tape," we are really talking about securing the data on those tapes.
Tapes are especially vulnerable to security breaches because they are inherently portable, often transported off site and, in the case of backup tapes, contain everything in the enterprise's computers. What's worse, because they may not be used again for months or years, they can be gone for a long time before anyone notices -- if anyone ever notices.
There are a number of steps you can take to protect the data on your tapes and ensure that tapes themselves are less of a security risk.
Think of those tapes as bags of money and treat them accordingly. Always keep critical tapes under lock and key when they're not being used and transport them in locked containers, perhaps by a messenger who does not have a key to the container.
One simple protection is to encrypt your tapes. Encryption can help prevent misuse of the information should the tapes be stolen or otherwise compromised.
Fortunately, many modern storage management systems and backup software provide encryption as a standard feature. If yours doesn't, consider using a separate encryption package.
Vendors such as NeoScale Systems and Decru Inc. offer devices that have features such as encryption, key management, compression and digital signatures for tapes.
Experience shows that people will expose tape to risks that they would never expose a bag of money or a laptop computer to. But losing a bag of money is cheap compared with the cost if critical data on a tape is potentially compromised.
The worst case scenario is having your data stolen and not realizing the tape is missing.
There's an element of CYA here. If things get really,
For more information:
Tip: When to choose tape
Topics: Tape backup
About the author: Rick Cook has been writing about mass storage since the days when the term meant an 80 K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years, he has been a freelance writer specializing in storage and other computer issues.