Data Tapes Lost? Don't Worry About It…
from the let-it-go dept
With so many stories recently about lost, unencrypted backup data tapes, one security analyst is pointing out why you shouldn’t really worry. First of all, if someone really wants to steal a lot of data from a company, there are much more effective ways to go about it. However, in cases where the data tapes are simply lost, it’s quite unlikely anyone who finds them can actually access and use the data. First, the tapes are often quite fragile, so if they’re sitting around, there’s a good chance that the data may have decayed. Then, even if the data is on there, it won’t be clear to anyone what’s actually on the tape or how to access it. So, while it’s still problematic that these tapes aren’t more well protected, the actual risk from a lost tape is pretty low.
Comments on “Data Tapes Lost? Don't Worry About It…”
Is this really an issue?
I don’t know & can’t speak for everyone, but who loses backup tapes?
I would look into my procedures a little more if this was a concern.
Re: Is this really an issue?
People lose backup tapes when they are taken offsite.
We encrypt ours with DES-128 it is monitored during the transfer.
BTW – the analyst is:
http://www.enterprisestrategygroup.com/
Avoid them – they have the wrong priorities.
No Subject Given
Uh… yeah… security through obscurity. Not a good way to go. Depending on obscurity to protect you data has been proven to be a bad practice over and over and over… it’s old news…
Additionally – did anbody stop to think that when you don’t know where your backup tapes are – that you can’t assume they are ‘Lost’? They may have been targeted and stolen…
– Your Paranoid Security Practioner
Re: No Subject Given
Which… if they were indeed stolen… blows the security by obscurity arguement right out of the water. If someone covet’s your data backup tapes, it’s not for the physical tape it’s for the data that’s on them and if they go through the trouble to steal them, they certainly are determined enough figure out how to access the data that’s on them.
In fact they probably know exactly how to access it from the get go…
I can see it now...
Our unencrypted backups have gone missing!
We hope that they weren’t stolen.
We hope that whomever has them does not have the means to read them.
We hope that they have decayed beyond readability.
We hope that our customers don’t find out.
We hope that we don’t get sued.
First I worried about spam, but nobody listened…
Then I worried about spyware, but nobody listened…
Now I worry about privacy – and nobody is listening.
tapes are hard to access?
with almost every mom and pop back-office in the legacy habit of changing daily snapshot and weekly back-ups out of their seagate, colorado, iomega, whatever tape back-up solution, how is this obscure?
No Subject Given
…except the idiots that lost the tape probably had labelled it: CUSTOMER CREDIT CARD ACCOUNT NUMBERS (UNENCRYPTED) — XXXXX FORMAT TAPE.
Re: To the Author of this Topic
If it were your data on the tape would it still be ok? Wow, really, did you write this as flamebait?
Re: Re: Jon Oltsik -- Wow, just wow
If Jon Oltsik (the orginal author) was consulting for my company I would have to drop their services immediately and have another consultant go over all the things they touched in my company. I have to ask the same question another poster mentioned. So it would be ok if someone lost your data on tape? Also, I would like to know if you would continue to do business with that organization, especially if your data was used to defraud you?
Your managing editor really let you post this? Was there an editing process at all. Wow, just wow.
Data Loss - Critical Asset of any corporation
The backup data tape could contain strategic plans, competitive information and/or research and development data. I wouldn’t hire the “one” security analyst that you quote. Use an online backup service or product. For example, http://www.evault.com
I can't believe it...
Who loses tapes? You’d be amased.
Would you continue doing business? Yes. People use Fleet…er…Bank of…er…whoever they are all the time!
If you’ve lost your tapes, you’ve lost your data restore. Huge problem rigt there.
Moreover, if you’ve lost a tape chances are you’ve used a backup program I can steal/purchase to read your data. Backup exec comes with a free trial.
If you’ve written data on media, I can recover it. Your only hope is to encrypt it and NOT let me know the key. Oh, and better make it a hard one- I’d hate to have to bust out some tools only to find that you used “key”, “password”, “1111”, or “god” as a passphrase.
I am speaking hypothetically here, but not only is all of this theyoretically possible- in a disaster recovery scenario you have to assume this will be your only means of restoring data…forcing it out.
Re: I can't believe it...
These companies took the cheap way out.
It takes more effort to do backup if you encrypt, so they don’t. Our backup time and media use doubled when we compared encrpting vs not encrypting.
You have to pay more to handle the offsite transportation of the media correctly, so it is not done. We use a salaried engineer monitoring the backup process and handling of the media.
In the long run, our customers pay less for our decisions.