Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/23/2006
09:00 AM
50%
50%

IT Managers Walk Tape Tightrope

Experts warn of no good reason to use the medium for critical backup and recovery

SECAUCUS, New Jersey -- Users that continue to rely on tape for backing up or accessing critical data do so at their peril, IT managers and industry experts warned at an industry event today.

Randy Kahn, CEO of analyst firm Kahn Consulting said that although tape is a cost-effective, long-term storage medium, it may not be the best option for firms that need swift access to key pieces of information. "Is it sufficiently accessible, can you get to it when you need to get to it?" he asked.

A number of firms have already incurred the wrath of regulatory bodies, thanks to their inability to produce critical data when requested. Morgan Stanley, for example, was recently slapped with a $15 million fine by the Securities and Exchange Commission (SEC) for failing to produce email evidence in court. (See Email Travail.)

According to the SEC, the firm allegedly didn't produce backup tapes on request, never archived emails for faster searches, and overwrote backup tapes containing subpoenaed emails.

Kahn told Byte and Switch that such high profile storage snafus highlight the need for firms to rethink their storage strategies. The majority of firms, he explains, are currently using backup tapes for the wrong reasons. "Backup tapes are essential, but they are essential for disaster recovery," he says. "It's the worst possible place to park records that you need immediately."

David McDermott, records manager at Boise, Idaho-based agricultural manufacturer J.R Simplot and chair of industry body ARMA International agreed that most users haven't wrapped their heads around this challenge yet. "There's a lot of companies out there that don't understand the severity of the procedures and processes that they should have in place," he says.

J.R Simplot, according to McDermott, has a "very robust program" in place for records retention, and is currently developing an electronic system for handling the likes of email data. "Anything that is produced [by the company] could be included in the electronic records management program, he adds.

Kahn urged other users to follow this lead and consider specialized records management systems that can handle the business, legal, and technology needs of current compliance regulations: "There's all kinds of document management, electronic content management (ECM), and records management systems, that provide functionalities of all kinds."

A number of vendors, including EMC's Documentum division, FileNet, Hummingbird, and Interwoven are making moves in this space. (See EMC Acquires Authentica, EMC Googles Documentum, York Saves With Content Management , FileNet Sets New Standard, Hummingbird Has Server Solution, and Interwoven Delivers Content Storage .)

Kahn, however, highlighted the cultural challenges involved in getting a firm's IT staff and legal teams to build an effective records management system. Storage administrators, he explains, are typically concerned about the likes of file sizes whereas company lawyers are focused on content, policy, and regulations. "It's a different perspective," he says.

But the analyst believes that picking storage security battles carefully can help one get around these problems. "You take the hot button issue, the low-hanging fruit," he explains. "Take one problem, solve it holistically, and move onto the next problem," adding the users do not need to "boil the ocean."

It was not just storage security that was a hot topic in the Garden State today, as users expressed their concern about reports that a laptop containing sensitive information on 26.5 million people was stolen from a Department of Veterans Affairs employee. "I don’t know why the information is being kept on the hard drive on a laptop, rather than on a server," says McDermott.

Ray Ricks, the former vice president of security services at Citibank, now CEO of security vendor eCenturion used his keynote to warn that criminals and even terrorist organizations are becoming more sophisticated in how they perpetrate financial fraud. Even some Los Angeles street gangs, he warns, are now using magnetic stripe data from credit cards as a form of currency. "They are using it to trade and barter and pay off inter-gang debts," he reports.

Ricks also reiterated concerns that America's chief enemy in the war on terror is getting in on this act. (See U.S.: Al Qaeda Eyeing Cyber Threats.) "There is evidence that Al Qaeda has compromised our financial services systems by skimming credit cards," he says.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Citibank
  • EMC Corp. (NYSE: EMC)
  • FileNet Corp. (Nasdaq: FILE)
  • Hummingbird Ltd. (Nasdaq, Toronto: HUM)
  • Interwoven Inc.
  • Morgan Stanley
  • Securities and Exchange Commission (SEC)
  • Storage Networking Industry Association (SNIA)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    Hacking Yourself: Marie Moe and Pacemaker Security
    Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
    Startup Aims to Map and Track All the IT and Security Things
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15208
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
    CVE-2020-15209
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
    CVE-2020-15210
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
    CVE-2020-15211
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
    CVE-2020-15212
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...