Backup Rule #7: Encrypt Your Backups

Last week I opened my newspaper (yes, I still read the news on paper) to see a report of, once again, a major data breach caused by a batch of backup tapes being lost in transit to the warehouse. At the very least, I had hoped that the system administrators at large organizations that hold the most personal of all information would have gotten the word to encrypt their backup tapes, but this piece of news and the results of our InformationWeek Analytics Backup Survey have proven me wrong.

Howard Marks

March 2, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Last week I opened my newspaper (yes, I still read the news on paper) to see a report of, once again, a major data breach caused by a batch of backup tapes being lost in transit to the warehouse. At the very least, I had hoped that the system administrators at large organizations that hold the most personal of all information would have gotten the word to encrypt their backup tapes, but this piece of news and the results of our InformationWeek Analytics Backup Survey have proven me wrong.

In our survey, only 18 percent of respondents reported that they encrypt all their backups to removable media, while an astounding 56 percent reported they don't encrypt their backups at all. Given the massive costs an organization can incur when it loses even a single backup tape, and how easy it is to encrypt your backups, I find it mind boggling that backup administrators still don't encrypt.

In most states, an organization that loses a backup tape containing personal information--such as the credit card numbers from your Website or Social Security numbers and birth dates from your HR system--is legally required to notify all the people whose data has been lost. Imagine how much work it would take for you to even figure out what data was on the tape, who was affected and how to contact all those people within the 60 days the law gives you to send out notices.

In the case I read about in the paper, the New York Health and Hospitals Corporation (HHC), which runs the public hospitals in the city of New York, had a contractor pick up a box of backup tapes on Dec. 23. While making a later stop on his route, the courier left the truck unlocked, and the HHC tapes were stolen. Even though the tapes had database backup data on them and it would require some sophistication to retrieve the data from the tapes, the HHC was required by law to notify the 1.7 million people whose personal data was on those tapes.  They sent out letters in 17 languages--New York is a diverse place, after all--and are offering identity theft protection, which, while not required by law, is becoming the standard response.

According to the Ponemon Institute, the average cost of a data breach is over $200 per compromised record, so the HHC is out about $350 million. That money would have been much better spent on a key management system and some more patient care. Don't let this happen to you. Encrypt your backups.

Read more about:

2011

About the Author

Howard Marks

Network Computing Blogger

Howard Marks</strong>&nbsp;is founder and chief scientist at Deepstorage LLC, a storage consultancy and independent test lab based in Santa Fe, N.M. and concentrating on storage and data center networking. In more than 25 years of consulting, Marks has designed and implemented storage systems, networks, management systems and Internet strategies at organizations including American Express, J.P. Morgan, Borden Foods, U.S. Tobacco, BBDO Worldwide, Foxwoods Resort Casino and the State University of New York at Purchase. The testing at DeepStorage Labs is informed by that real world experience.</p><p>He has been a frequent contributor to <em>Network Computing</em>&nbsp;and&nbsp;<em>InformationWeek</em>&nbsp;since 1999 and a speaker at industry conferences including Comnet, PC Expo, Interop and Microsoft's TechEd since 1990. He is the author of&nbsp;<em>Networking Windows</em>&nbsp;and co-author of&nbsp;<em>Windows NT Unleashed</em>&nbsp;(Sams).</p><p>He is co-host, with Ray Lucchesi of the monthly Greybeards on Storage podcast where the voices of experience discuss the latest issues in the storage world with industry leaders.&nbsp; You can find the podcast at: http://www.deepstorage.net/NEW/GBoS

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights