Data breaches: Viewpoint and insight

Imagine waking up tomorrow morning. You fix yourself a cup of coffee when the postman knocks on your door with a registered letter from your bank. You open the letter, and the first line reads like this: "Dear Mr. Smith, We are writing to let you know that computer tapes containing personal account and payment history information about your loan were lost recently while in the possession of a third-party courier..."

Sounds like a nightmare, right? But for 3.9 million customers of the world's largest financial services firm, this nightmare became a reality two weeks ago. Citigroup, reported the Wall Street Journal, "said a cardboard box containing computer tapes with personal information on 3.9 million customers of its storefront consumer-finance unit was lost by United Parcel Service Inc., despite 'enhanced security procedures' to protect such information."

You can be certain that both Citigroup and UPS take security very seriously. You can be certain that both companies have elaborate security policies to ensure that computer tapes with sensitive customer information never get lost. But you can also be certain that sooner or later, a tape will go missing.

And missing they go. Security breaches seem to have become a daily instance. Last week MasterCard admitted to having 40 million of its card compromised. In February Bank of America lost backup tapes holding hundreds of thousands of social security numbers. In April, Time Warner admitted that a backup tape with information on over 600,000 of its past and current employees was lost en route to the vault by an outsourced data storage company.

You might assume that these tapes have some kind of built-in protection, some kind of mechanism that ensures that if they fall into the wrong hands the information on them won't be read. You might assume this, but you'd be wrong. Storage solutions such as tape backups are inherently insecure. And according to the Enterprise Strategy Group, 93% of all companies leave their tape backups unprotected - trusting the driver who picks up these tapes and drives them to an offsite storage location.

But with a thriving black market for identity theft, the risk of entrusting your crown jewels to a van driver is high. Even Iron Mountain, the leader in offsite data protection, recommends its own customers encrypt their backup tapes before entrusting them to the company's secure warehouses.

When your company produces dozens, if not hundreds of backup tapes each month, keeping track of them and ensuring none get lost or stolen can be difficult. Some might say impossible. So how can you guarantee your backup tapes are never lost?

The answer is: you can't. But you can guarantee that even if those tapes are lost or stolen, no one will ever be able to read the information on them. How? By encrypting the backup tapes before they leave your premises.

So why arent more companies protecting their sensitive information?

The first reason has to do with existing mindsets towards security. For years, the prevailing approach to security was perimeter-based: Build a high fence and ensure the bad guys dont climb over it. But when 50-80% of all security breaches begin inside the organisation, what good does a high fence do?

The second reason why organisations have been so slow to protect their sensitive information has to do with complexity. Until now, most solutions on the market were too slow or too complex (or both!) to integrate into an already intricate IT environment.

But thanks to recent innovations in storage security, encrypting backup tapes and disks can now be done quickly, with no impact on performance and without changing the way companies do business.

All this spells a unique opportunity for the channel to step up and take the lead. Customers are surrounded with endless security solutions and a myriad of conflicting recommendations, and are clamouring for a partner who can ease their pain.

The role of the channel throughout all technology markets is becoming more and more that of a partner rather than that of a product, or even solution provider. Users are no longer looking to simply increase capacity/performance/security/etc; they need to consider the business objectives behind the organisation and work from that level right down to the applications rather than the other way around.

According, todays resellers need to lead the way with a proactive approach to their customers security. They need to stop focusing on building fences and focus on building impenetrable foundations. They need to move from selling point solutions to providing their customers with a holistic approach to security. For those willing to make this shift, the opportunities are endless.

Joanna Shields is Vice President & Managing Director of Decru EMEA. The company secures networked data storage with robust, wire-speed encryption appliances that fit transparently into the existing network infrastructure.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter