| Encryption is readily available for new applications in | | | | from the inside. Internet hacking has quickly become |
| e-commerce, telecommunications and finance. With | | | | the most efficient method of stealing data. Under the |
| security breaches commonplace, the need for | | | | new compliance regulations the database |
| encryption has become so necessary that various | | | | administrators (DBA's) find themselves charged with |
| agencies have seen a need to step in and impose | | | | a high level of duties for which they often feel they |
| regulations. Why is it even necessary to encrypt | | | | do not have the most effective arsenal of tools. |
| backup data? The reason is security. Data stored in | | | | Logic would tell us that the risk personally and to |
| clear-text is open to attack by everyone. | | | | company information and customer privacy is high |
| IT organizations are beginning to realize that the | | | | enough to immediately begin a solid plan of data |
| reach and effect of these security laws impacts their | | | | encryption. Concerned CEOs searching for ways to |
| procedures and processes. There is currently no | | | | minimize risk are taking a longer and harder look at |
| specific set of guidelines for compliance within the IT | | | | cost-effective ways to make data security a priority. |
| industry. One area of compliance that remains | | | | Government regulations, including more stringent |
| high-risk is that of data storage encryption. For the | | | | control and audit requirements, are designed to |
| most part, data transported to off-site storage is not | | | | protect consumer data and confidential information, |
| secured and tracked, leaving tapes defenseless | | | | making it clear in no uncertain terms the penalties and |
| against theft, alteration or unauthorized viewing. | | | | fines one could face for failing to meet these |
| Encryption appliances for backup tapes are the only | | | | requirements. Records storage leader Iron Mountain, |
| way to ensure data at rest is safe. | | | | which fell victim to the loss of tapes containing |
| The California Security Breach Information Act is a | | | | sensitive customer information, is recommending that |
| cutting-edge law which enforces a rule stating | | | | companies encrypt backup tapes containing personal |
| California residents must be notified any time their | | | | information saying, "We believe encryption is the best |
| "personal information" is compromised. Of course, this | | | | way for businesses to meet the increasing need for |
| law imposes strict requirements for public disclosure, | | | | privacy protection." |
| the main reason for the increase in reported security | | | | Still, while most organizations perform backup data |
| breaches across the country. The difference today is | | | | and maintain offsite copies, backup tapes remain |
| that those responsible will have to pay for their | | | | largely unencrypted. This leaves the risk at high levels |
| mistakes. If an IT Manager fails to properly encrypt | | | | and exposes the company, IT managers and |
| company data, the sentences range from suspension | | | | supervisors to stiff fines and penalties for failure to |
| to 10 years in prison, with fines from $100 to | | | | comply with government regulations that control |
| $1,000,000. | | | | exposure of confidential consumer information, such |
| Therefore, concern is steadily growing over an | | | | as the Health Insurance Portability and Accountability |
| individual company's current and potential liability. To | | | | Act of 1996 (HIPAA), the Fair and Accurate Credit |
| define what your most critical data is and how best | | | | Transaction Act of 2003 (FACTA), and the Financial |
| to encrypt that data while at rest requires an | | | | Services Act of 1999 (Gramm-Leach-Bliley or GLBA). |
| in-depth review of current encryption policies, | | | | Unfortunately, as with all new regulations, there is |
| including assessing methods, key lengths and key | | | | much work to be done in plugging the holes, but one |
| management. Only after this thorough process will | | | | thing is clear: it doesn't matter whether the breach is |
| your company be in the position to address these | | | | accidental or intentional. If it happens to you, you're |
| high-risk areas with proper encryption. | | | | responsible. |
| Security measures are widely implemented to protect | | | | New encryption methods and hardware are helping |
| data, however these are not nearly effective enough | | | | to take away some of the difficulties commonly |
| to provide the security that guarantees the safety | | | | associated with the process of encryption. What can |
| of stored confidential records. The answer was to | | | | be done to ensure the security of this data and |
| transport backup tapes off-site for protection. | | | | protect those involved with it? What, if anything, is |
| However, as corporations grew increasingly computer | | | | holding your organization back from taking the |
| and Internet savvy, the risk of employee theft, data | | | | necessary steps to choose the only appropriate |
| lost or stolen during transport, environmental damage | | | | solution, data encryption? Which encryption solution |
| and theft of discarded tapes grew. Each of these | | | | best meets your needs and will instill the highest level |
| threats brought increased security measures. | | | | of confidence? No longer is it a matter of whether |
| However, the biggest threat to confidential | | | | you're going to encrypt, but when and, even more |
| information today comes not from the outside, but | | | | importantly, how. |