Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/23/2006
09:00 AM
50%
50%

IT Managers Walk Tape Tightrope

Experts warn of no good reason to use the medium for critical backup and recovery

SECAUCUS, New Jersey -- Users that continue to rely on tape for backing up or accessing critical data do so at their peril, IT managers and industry experts warned at an industry event today.

Randy Kahn, CEO of analyst firm Kahn Consulting said that although tape is a cost-effective, long-term storage medium, it may not be the best option for firms that need swift access to key pieces of information. "Is it sufficiently accessible, can you get to it when you need to get to it?" he asked.

A number of firms have already incurred the wrath of regulatory bodies, thanks to their inability to produce critical data when requested. Morgan Stanley, for example, was recently slapped with a $15 million fine by the Securities and Exchange Commission (SEC) for failing to produce email evidence in court. (See Email Travail.)

According to the SEC, the firm allegedly didn't produce backup tapes on request, never archived emails for faster searches, and overwrote backup tapes containing subpoenaed emails.

Kahn told Byte and Switch that such high profile storage snafus highlight the need for firms to rethink their storage strategies. The majority of firms, he explains, are currently using backup tapes for the wrong reasons. "Backup tapes are essential, but they are essential for disaster recovery," he says. "It's the worst possible place to park records that you need immediately."

David McDermott, records manager at Boise, Idaho-based agricultural manufacturer J.R Simplot and chair of industry body ARMA International agreed that most users haven't wrapped their heads around this challenge yet. "There's a lot of companies out there that don't understand the severity of the procedures and processes that they should have in place," he says.

J.R Simplot, according to McDermott, has a "very robust program" in place for records retention, and is currently developing an electronic system for handling the likes of email data. "Anything that is produced [by the company] could be included in the electronic records management program, he adds.

Kahn urged other users to follow this lead and consider specialized records management systems that can handle the business, legal, and technology needs of current compliance regulations: "There's all kinds of document management, electronic content management (ECM), and records management systems, that provide functionalities of all kinds."

A number of vendors, including EMC's Documentum division, FileNet, Hummingbird, and Interwoven are making moves in this space. (See EMC Acquires Authentica, EMC Googles Documentum, York Saves With Content Management , FileNet Sets New Standard, Hummingbird Has Server Solution, and Interwoven Delivers Content Storage .)

Kahn, however, highlighted the cultural challenges involved in getting a firm's IT staff and legal teams to build an effective records management system. Storage administrators, he explains, are typically concerned about the likes of file sizes whereas company lawyers are focused on content, policy, and regulations. "It's a different perspective," he says.

But the analyst believes that picking storage security battles carefully can help one get around these problems. "You take the hot button issue, the low-hanging fruit," he explains. "Take one problem, solve it holistically, and move onto the next problem," adding the users do not need to "boil the ocean."

It was not just storage security that was a hot topic in the Garden State today, as users expressed their concern about reports that a laptop containing sensitive information on 26.5 million people was stolen from a Department of Veterans Affairs employee. "I don’t know why the information is being kept on the hard drive on a laptop, rather than on a server," says McDermott.

Ray Ricks, the former vice president of security services at Citibank, now CEO of security vendor eCenturion used his keynote to warn that criminals and even terrorist organizations are becoming more sophisticated in how they perpetrate financial fraud. Even some Los Angeles street gangs, he warns, are now using magnetic stripe data from credit cards as a form of currency. "They are using it to trade and barter and pay off inter-gang debts," he reports.

Ricks also reiterated concerns that America's chief enemy in the war on terror is getting in on this act. (See U.S.: Al Qaeda Eyeing Cyber Threats.) "There is evidence that Al Qaeda has compromised our financial services systems by skimming credit cards," he says.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Citibank
  • EMC Corp. (NYSE: EMC)
  • FileNet Corp. (Nasdaq: FILE)
  • Hummingbird Ltd. (Nasdaq, Toronto: HUM)
  • Interwoven Inc.
  • Morgan Stanley
  • Securities and Exchange Commission (SEC)
  • Storage Networking Industry Association (SNIA)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Threaded  |  Newest First  |  Oldest First
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/21/2020
    Cybersecurity Bounces Back, but Talent Still Absent
    Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
    Meet the Computer Scientist Who Helped Push for Paper Ballots
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-25514
    PUBLISHED: 2020-09-22
    Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
    CVE-2020-25515
    PUBLISHED: 2020-09-22
    Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
    CVE-2020-14022
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...
    CVE-2020-14023
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
    CVE-2020-14024
    PUBLISHED: 2020-09-22
    Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...