Vulnerabilities / Threats // Insider Threats
8/4/2010
07:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Data Retention Policies Absent Or Partially Implemented

Almost 90% of IT and legal pros value data retention plans, but less than half their organization have them and many fail to follow through with required technology, finds Applied Research survey.

When it comes to retaining important emails and other records, 87% of IT and legal professionals believe that having a formal data retention plan is important for knowing which information to retain or delete. But only 46% of their organizations actually have such a plan.

That's according to a new study released by Symantec, based on a June 2010 survey of 1,680 senior IT and legal executives in 26 countries, conducted by Applied Research.

"There's definitely a gap in terms of what people perceive as important around information management -- around retention policies, deletion policies -- and what their actual practices are," said Danny Milrad, senior manager of product marketing for information management at Symantec.

In some cases, organizations create good retention and deletion policies, but fail to follow through with required technology. For example, in 2009, the Massachusetts attorney general launched an investigation into the city of Boston's email retention practices, or lack thereof, after it emerged that the chief of policy and planning had deleted his work email on an almost daily basis, and that his emails hadn't been retained.

Last week, however, the state's attorney general dropped the case against him, noting that the city's own archives and records management division "actually encouraged employees, in concrete, easy to understand language, to routinely delete emails," which the city officially stored for three years. Unfortunately, no such storage system was in place, though the city has since begun to rectify the problem.

Boston aside, many organizations lack any clear policies, resulting in a pack-rat approach to retention. Deleting nothing, however, creates its own problems, because storage isn't cheap. For example, the Symantec study found that 75% of enterprises use their backup systems to satisfy legal hold requests, and that such holds account for 45% of their total backup storage volume. Furthermore, by some estimates, approximately 70% of all stored data is duplicate data.

Taken to extremes, this volume of stored information can literally start to consume the company. "We had a customer in the UK that had so many backup tapes that they had to shut down the company's swimming pool to build a storage facility," said Milrad. "For electronic discovery requests, how much does it cost to pull those tapes out and find the information?" With 250,000 tapes in total, the cost and time required could be substantial.

If that example is a storage-volume outlier, it previews where many companies are headed. The lesson, then, is to have a plan and put the right technology in place to ensure that your organization sticks to the plan, said Milrad. "Being able to defend your information management plan is what's going to be able to keep your CEO out of the news, for reasons they shouldn't be in the news."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.