Off-site backups pose dangerous security risks
Off-site backups pose dangerous security risks
Apr 21, 2005: Backing up critical data to off-site storage areas can create unnecessary security risk for many organisations if they do not use encryption technologies to protect their data, according to Enterprise Strategy Group.
Its report: "Information at Risk: The State of Backup Encryption", is based on 388 Information Technology professionals from over 10 industry areas, from organisations that range from US$50 million to US$5 billion or more.
The report found that only six percent of financial services always encrypt their backup data, while 65 percent say that they never encrypt their backup data.
Three percent of government organisations encrypt their data, where as 77 percent do not and three percent of healthcare firms protect their data with encryption technology whilst 67 percent are not as smart.
Jon Oltsik, the senior analyst at Enterprise Strategy Group, said: "Data backup and off-site storage is an error-prone manual undertaking that often includes junior employees, unmarked cardboard boxes, untrusted couriers, and public transportation.
"This process is full of holes ripe for compromise. If a malicious individual wanted to steal confident data, he or she could simply bribe an employee or simply grab a non-descript cardboard box in transit. Since all of the data is stored in cleartext (i.e. it is encrypted), it could be extremely damaging in the hands of the wrong person."
An example of the risks was exposed in February by the Bank of America, when encrypted backup tapes containing customer accounts and social security numbers disappeared from a commercial airline flight in transit to a secure off-site facility.
Oltsik added: "Clearly, a security audit or breach can be an unpleasant eye-opening experience that leads to action. Users come face-to-face with risks and vulnerabilities and addresses them with the appropriate security countermeasures.
"Since the majority of organisations haven't assessed their storage security or reported a storage security breach, their backup data remains unencrypted and extremely vulnerable, putting many types of confidential information at risk."
Related Article: