Backup Security Blunders Continue; Security Experts Offer Workable Solutions

TORONTO, MAY 03, 2005 /PR/ Corporate data used to be an easy and elegant component of IT management. Now it has become one of the biggest security risks in the business. Toronto security consultants expose the risks and offer solutions to avoid embarrassment, liability and loss of business.

The corporate world has recently been hit by a public wave of security blunders that exposed severe weaknesses in the strategy of businesses to deal with the protection of information assets. Companies like AmeriTrade and Time Warner are the latest victims of what amounts to a lack of security planning.

Organizations of all sizes are improperly handling data backups - which essentially represent their entire organization’s assets – leading to privacy, confidentiality and regulatory compliance breaches. Aside from guaranteed public embarrassment, such losses and unauthorized disclosure will expose corporate assets and even more importantly, private client records.

Corporate security expert Claudiu Popa said: “without enforced security policies dedicated specifically to corporate backups, organizations will continue to compromise vast amounts of confidential data and the private information of innocent individuals”. As president of Toronto-based Informatica Security, he has observed dozens of organizations whose security efforts are concentrated around network security, leaving one of the most vulnerable aspects of information asset protection open to a variety of deceptively simple attacks. He added: “if your courier is able to clone your entire organization by simply restoring your backup data, you’ve got more than just a security problem”.

Mr. Popa has published a short series of tips to help managers understand and address the risk. “Securing Corporate Backups: 8 Best Practices for Executives and IT Managers” is available from the Informatica web site at www.InformationSecurityCanada.com.

This year, Canada’s Informatica Corporation celebrates its 15th year in business, providing security project management and strategy consulting to successful companies. The Toronto-based company offers structured security audits for service providers, application security assessments, product evaluations and security awareness education.

Securing Corporate Backups:
8 Best Practices for Executives and IT Managers

1. Once you have a reliable back-up system in place, augment its functionality with a strong, hardware-based encryption system.

2. Audit and review all access to tape storage locations and containers. Build an access control list into your existing security policy set.

3. Have in-house personnel irretrievably destroy old tapes and verify/document their physical destruction.

4. Always, always, always audit third-party data storage providers for security policy enforcement, access control measures and service level agreements.

5. Always audit, preferably on a yearly basis, data (paper, media, etc) destruction companies for irretrievability of content.

6. Ensure that you have a protocol for identifying third party company representatives and only surrendering corporate data to them in sealed containers.

7. Use segregation of duties enforced by policy for all personnel handling back-up data. Document all access, testing, backup & restore cycles.

8. Considering an ‘online’ or ‘Internet-based’ backup system? Understand the security risks and always ensure that the service provider’s security is independently audited.

Options:

• Media enquiries
• Subscribe to Claudiu's monthly newsletter
• Download a printable PDF of the backup security tips
• Related article from SecurityFocus