http://www.darkreading.com/database-security/167901020/security/storage-security/229300828/backup-files-put-database-information-at-risk.html By Ericka Chickowski Contributing Writer Darkreading March 11, 2011 No matter how many safeguards organizations install to protect their production databases, all that work could be for naught if they aren't layering security into their back-up processes. The potential fallout from such a misstep was illustrated vividly in the recent Cord Blood Registry, which suffered a large-scale data breach when it exposed more than 300,000 records after an unencrypted back-up tape was taken from an employee's car. According to Diana Kelly, analyst for Security Curve, this kind of breach is caused by a common out-of-sight, out-of-mind mentality that frequently plagues companies today. "Production data is, well, in production, so orgs have -- or should have -- that data in the active protection zone," she says. "But once it's backed up, it's easier to forget about." Kelly explains that step No. 1 to keep this database information secure is implementing strong encryption practices and key management. J. Wolfgang Goerlich, a network security manager at a financial services firm, concurs. He says the risk of misplaced backup information is at the top of his list of worries. "Encryption is the No. 1 control to prevent scenarios such as the Cord Blood Registry breach. Encryption does require time for configuration and ongoing maintenance, but it has a very low fixed cost," Goerlich says. "In the Cord Blood Registry scenario, three areas that should have been encrypted: the laptop hard drive, the database backup file, and the LTO4 backup tapes. If encrypted, the stolen media would be all but useless. The personal information of 300,000 people would be unreadable and unrecognizable." [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Sun Mar 13 2011 - 23:06:56 PDT
This archive was generated by hypermail 2.2.0 : Sun Mar 13 2011 - 23:14:00 PDT