Reader Comments (rss)

(Flattened / Threaded)

1.  

   Is this really an issue?

   

   Smaca, Feb 7th, 2006 @ 8:44am

   
   

   I don't know & can't speak for everyone, but who loses backup tapes?
   
   I would look into my procedures a little more if this was a concern.

   [ reply to this | link to this | view in thread ]

2.  

   No Subject Given

   

   Anonymous, Feb 7th, 2006 @ 9:16am

   
   

   Uh... yeah... security through obscurity. Not a good way to go. Depending on obscurity to protect you data has been proven to be a bad practice over and over and over... it's old news...
   
   Additionally - did anbody stop to think that when you don't know where your backup tapes are - that you can't assume they are 'Lost'? They may have been targeted and stolen...
   
   - Your Paranoid Security Practioner
   
   

   [ reply to this | link to this | view in thread ]

3.  

   Re: No Subject Given

   

   Anonymous, Feb 7th, 2006 @ 9:29am

   
   

   Which... if they were indeed stolen... blows the security by obscurity arguement right out of the water. If someone covet's your data backup tapes, it's not for the physical tape it's for the data that's on them and if they go through the trouble to steal them, they certainly are determined enough figure out how to access the data that's on them.
   In fact they probably know exactly how to access it from the get go...
   
   
   

   [ reply to this | link to this | view in thread ]

4.  

   I can see it now...

   

   Wizard Prang, Feb 7th, 2006 @ 9:49am

   
   

   Our unencrypted backups have gone missing!
   We hope that they weren't stolen.
   We hope that whomever has them does not have the means to read them.
   We hope that they have decayed beyond readability.
   We hope that our customers don't find out.
   We hope that we don't get sued.
   
   
   First I worried about spam, but nobody listened...
   Then I worried about spyware, but nobody listened...
   Now I worry about privacy - and nobody is listening.

   [ reply to this | link to this | view in thread ]

5.  

   tapes are hard to access?

   

   monkey, Feb 7th, 2006 @ 9:51am

   
   

   with almost every mom and pop back-office in the legacy habit of changing daily snapshot and weekly back-ups out of their seagate, colorado, iomega, whatever tape back-up solution, how is this obscure?

   [ reply to this | link to this | view in thread ]

6.  

   No Subject Given

   

   Mark, Feb 7th, 2006 @ 11:18am

   
   

   if the data is on there, it won't be clear to anyone what's actually on the tape or how to access it.

   ...except the idiots that lost the tape probably had labelled it: CUSTOMER CREDIT CARD ACCOUNT NUMBERS (UNENCRYPTED) -- XXXXX FORMAT TAPE.

   [ reply to this | link to this | view in thread ]

7.  

   To the Author of this Topic

   

   Mark Cable, Feb 7th, 2006 @ 12:27pm

   
   

   If it were your data on the tape would it still be ok? Wow, really, did you write this as flamebait?

   [ reply to this | link to this | view in thread ]

8.  

   Jon Oltsik -- Wow, just wow

   

   Kevin Botham, Feb 7th, 2006 @ 12:40pm

   
   

   If Jon Oltsik (the orginal author) was consulting for my company I would have to drop their services immediately and have another consultant go over all the things they touched in my company. I have to ask the same question another poster mentioned. So it would be ok if someone lost your data on tape? Also, I would like to know if you would continue to do business with that organization, especially if your data was used to defraud you?
   
   Your managing editor really let you post this? Was there an editing process at all. Wow, just wow.

   [ reply to this | link to this | view in thread ]

9.  

   Data Loss - Critical Asset of any corporation

   

   Alston, Feb 7th, 2006 @ 1:29pm

   
   

   The backup data tape could contain strategic plans, competitive information and/or research and development data. I wouldn't hire the "one" security analyst that you quote. Use an online backup service or product. For example, www.evault.com

   [ reply to this | link to this | view in thread ]

10.  

    Re: Is this really an issue?

    

    Anonymous Coward, Feb 7th, 2006 @ 2:11pm

    
    

    People lose backup tapes when they are taken offsite.
    
    We encrypt ours with DES-128 it is monitored during the transfer.
    
    BTW - the analyst is:
    http://www.enterprisestrategygroup.com/
    
    Avoid them - they have the wrong priorities.

    [ reply to this | link to this | view in thread ]

11.  

    I can't believe it...

    

    Tom Cameron, Feb 7th, 2006 @ 3:53pm

    
    

    Who loses tapes? You'd be amased.
    
    Would you continue doing business? Yes. People use Fleet...er...Bank of...er...whoever they are all the time!
    
    If you've lost your tapes, you've lost your data restore. Huge problem rigt there.
    
    Moreover, if you've lost a tape chances are you've used a backup program I can steal/purchase to read your data. Backup exec comes with a free trial.
    
    If you've written data on media, I can recover it. Your only hope is to encrypt it and NOT let me know the key. Oh, and better make it a hard one- I'd hate to have to bust out some tools only to find that you used "key", "password", "1111", or "god" as a passphrase.
    
    I am speaking hypothetically here, but not only is all of this theyoretically possible- in a disaster recovery scenario you have to assume this will be your only means of restoring data...forcing it out.

    [ reply to this | link to this | view in thread ]

12.  

    Re: I can't believe it...

    

    Anonymous Coward, Feb 7th, 2006 @ 6:33pm

    
    

    These companies took the cheap way out.
    
    It takes more effort to do backup if you encrypt, so they don't. Our backup time and media use doubled when we compared encrpting vs not encrypting.
    
    You have to pay more to handle the offsite transportation of the media correctly, so it is not done. We use a salaried engineer monitoring the backup process and handling of the media.
    
    In the long run, our customers pay less for our decisions.

    [ reply to this | link to this | view in thread ]

Add Your Comment