Neoscale 2 WP_ImprovingDataSecurityProtectingTapeStorage.pdf
clever points, Portable storage media sent outside the physical protection of the data center is inherently at risk to theft or tampering., The rapid increase of sensitive and regulated data presents additional privacy concerns, as is the case in recent security incidents., therefore increased risk, Backup and recovery are primarily a means for data preservation, not protection against tape media access.
encryption options, Encryption through the backup application:, Putting data encryption on the backup server adds performance overhead, impacting application response and performance. Encryption keys would need to be protected and managed on the systems – a difficulty based on the number of hosts and their locations., Encryption within the tape library:, Encryption increases the library cost as well as form factor. Key management must also be taken into account as the tape library is generally not a secure platform and multi-vendor, remote, or third party managed library systems would be even more difficult to manage., Encryption with Storage Security Appliance:, A tape media security appliance offers the benefit of performance, centralized management, protected/managed keys, flexible deployment, and seamless integration with backup applications. The appliance can operate in a network path and can be flexibly placed before a SAN, NAS, or DAS connected tape library. The purpose built tape media encryptor offloads the processing burden associated with media encryption with nominal latency and can centralize the security management function, which in turn, provides greater policy enforcement and solid key protection.
then mainly discussion of encryption
why, This level of security must extend to tape media which is often used for bulk data transfer or long-term, distributed archive of private, trusted or regulated information., laws, what you need to do, Specifically, financial firms have an obligation to demonstrate adequate means to insure the protection and privacy of customer records/information;, take reasonable precautions against anticipated threats which could affect the protection or integrity of customer data;, and, safeguard against unauthorized access or use of such customer data., and, report security breaches involving unencrypted data in the most expedient time following awareness of said breach, relies on loss detection, Since tape media breach discovery is often “after-the-fact”, it can adversely affect systems recovery and business liability., How does an IT manager know if sensitive information stored on their tape media has been lost, mis-delivered or stolen… unfortunately during the recovery process?, How does an IT manager know if sensitive information stored on their tape media has been copied… it is difficult if not impossible?, Failure or untimely notification can result in civil lawsuit – albeit public notification is quite a damaging prospect in itself., encryption is the answer, While it may be difficult in some cases for an organization to be aware of a breach or tied to such leakage, encrypting personal information stored on volumes of tape media has significant merit – as it is a foreseeable unauthorized access risk., Op Risk not just compliance, Operational risk is defined as “The risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events., Clearly, security breaches which expose business critical or financially sensitive materials would result in devastating customer trust as well as the investment stability of the financial institution., Here to, organizations need to demonstration risk mitigation processes associated with processing, handling and protecting sensitive data, including maintaining security and availability of tape media and archive., tapes can be big, At one point, tapes only contained 100G worth of data. Advancements in this portable media can now store about a half terabyte of typically clear-text information – a tape can hold the entire human genome.
but, Physical security and manual media tracking are required efforts minimize access risks and assure system recovery, but are costly to scale., Any storage media that is accessible internally, handled by many staff, and often sent outside the confines of the data centre can be vulnerable to unauthorized data access, theft or corruption., As tape media is handled by more persons and is transport/stored in more geographically diverse locations, what can organizations do to ensure the access control, privacy, integrity and auditing concerning backup tape media., impact, Once open system portable media is in the hands of the adversary, there is unlimited time to sample, analyze and reconstruct the information regardless of backup application and compression algorithm.
tapes in last place again, Best security practices require traditional front end security methods such as physical access controls, data network transport protection, host defenses, system and applications authorization, and security policy., However, this layered defense model should extend to secondary storage – preventing unauthorized access to tape media being rotated, remotely stored, transported, or being handled by third parties., Security is never ignored – but often is second place, termed as part of the logistics process, or can be seen as an expensive inconvenience.
encryption issues, performance, software-based encryption consumes system processing which in-turn impacts application response and affects backup windows., This will often require spending to increase system processing horsepower or off-loading such security processing requirements. Additional considerations regard key management and media management., keys, Keys are used with the encryption algorithm to secure data. Therefore appropriate management, use and protection of the keys are required and will vary by vendor. Key management provision must be analyzed by users to assess implementation requirements., data size, Furthermore, encryption flattens files and data which can adversely affect compression ratios offered by tape library vendors. Without the use of selective encryption, firms would have purchase more media to address lost compression rates., use selective encryption, solution - use an appliance
omitting an important last step: secure off-site storage., You’ve implemented technology and procedures at great expense, but you may be omitting an important last step: secure off-site storage., From firewalls and strong authentication to intrusion detection and anti-virus, you have defense in depth through a variety of technologies and procedures.
Backup procedures are not simply an IT issue, but are an important part of corporate risk management and governance.
Part of our job as security professionals is to challenge assumptions, to anticipate potential problems, and to propose solutions to avoid or mitigate those problems.
assumption and risks, disk based storage is more cost effective than tape storage., A very generalized assumption made across almost all industries is that backing up data from production systems onto some archival media is an important part of business continuity., Making backups, and using tape drives for archival is the de facto standard. Most people don’t even consider alternatives to this process, although disk drive technology has evolved to the point where disk based storage is more cost effective than tape storage., For quite some time, we in the security field have known that off site storage of backup tapes introduces some level of risk to the confidentiality of the data which is stored on those tapes., risks, Storage media in the possession of the delivery driver may be lost., from simple human error, as is believed to have happened in the Ameritrade and Time Warner cases. Once physically lost, we have no control over access to the content., Storage media may be stolen from the delivery truck., Even if the truck is locked while the driver is inside the building of another customer, the truck could be stolen or burglarized., Storage media on the return trip from the centralized storage site may be delivered to the wrong customer., Often the tape containers are unmarked, or only numbered or marked with a barcode. A routine and repetitive manual process such as driver delivery of these tape containers is susceptible to error. If mis-delivered, we are at the mercy of the recipient to respect the confidentiality of the data, The delivery driver may act alone or in collusion with others to divert tapes., While most backup storage services perform screening and background checks on their employees, employee misdeeds are certainly possible., Most of the pickups and deliveries are performed by a single employee, making detection of abuse much more difficult than if two employees were dispatched in each truck., Finally, the centralized storage facility itself may be compromised through inadequate physical security or through lapses in employee screening by the off-site storage provider, mitigation strategies, tips, based on a risk assessment, taking into consideration the likelihood of each risk occurrence, the potential impact, and the cost of the mitigation effort., Often the most significant component of mitigation cost is increased labor resulting from the modified procedures., it is important to perform this risk analysis in a way that encompasses all related operational procedures and asset protection., Carefully scrutinize contracts with the off-site backup provider., While the selection of a provider may often be based on cost and availability of service in your area, the fact that this provider will have physical possession of your most valuable corporate assets warrants extra diligence. As with any outsourced IT service provider, you should seek audit rights, assurance that the service provider's hiring procedures include criminal and credit background checks on all employees and indemnification of losses. Sadly, the largest service providers may resist these commitments, leaving you to bear all of the risk resulting from mistakes made by you or the service provider., Use locked containers to transport your tapes., While no easily portable container can withstand a serious effort to access the tapes within, locks will discourage casual perusal, prevent another customer from inadvertently loading your tapes onto their system if wrongly delivered, and provide an obvious indication if unauthorized access to the tapes has occurred., Encrypt the contents of all data prior to writing to backup tapes., Some commercial backup systems provide encryption as a feature. Depending on the amount of data involved, in-house backup scripts can be used to perform encryption on a backup server, using well known cryptographic applications such as PGP/GPG or even custom developed applications based on RSA BSAFEÒ or the popular OpenSSL libraries. For larger amounts of data, dedicated cryptographic hardware may be required to reduce the encryption time. In all cases, key management and key recovery are important considerations. If the keys needed to decrypt the data are only available on the backup machine, the entire backup process may prove useless if that original backup machine is lost in the same incident that causes the need for restoration from tape (fire, flood, etc.), Selectively encrypt only sensitive data, For example, consider an on-line shopping site having a very large product catalog database, all of which is already public data, as well as application and operating system code that may not be sensitive. Customer data, including names, addresses, authentication credentials and possibly credit cards or bank account numbers or other financial data would also be present. The time and processing cost needed to encrypt just the sensitive customer data would probably represent a fraction of the time and processing needed to encrypt all data in the system. This simple example illustrates the benefit of selective encryption, but to apply this approach to enterprise backup procedures requires that a current and accurate data classification scheme be in place., Encrypt data at rest., This phrase refers to is a requirement addressed in the financial world by the Gramm-Leach-Bliley Act (GLBA) and in the health care industry by the Health Insurance Portability and Accountability Act (HIPAA). Once again, a current and accurate data classification scheme is needed to drive this implementation of encryption of data at rest, but if this has been done consistently throughout the organization, encryption of backup data is not as important.
intro, 7% chance of laptop hardware failing, In a 2007 study Google determined that once a hard drive reaches 2 years of age it has a 1 in 14 chance of failing over the next year. That’s a very high 7% failure rate., impact of data loss can be fatal, Once a company suffers significant data loss that company has a 93% chance of going out of business as determined by the US bureau of labor., lack of testing, A recent study conducted by Storage Magazine found that only 37% of businesses actually test their internal backups regularly, and that an alarming 77% of those that did found that they were unable to fully recover all of their critical data, inconsistent use of encryption?, A recent Aberdeen Group study found that less than 10% of corporations consistently use encryption technology to protect their most valued computer data assets and an even smaller number of those corporations encrypt their tape backups leaving them exposed to serious regulatory compliance liabilities., you have those Aberdeen reports somewhere, not sure what this means exactly
the mistakes, Negligence & Procrastination, data backup process is the #1 most common mistake companies make with regards to business continuity and disaster planning. The backup process is often an “at the end of the list” type process with devastating consequences if data loss occurs., low priority, but is it really part of BCM, more operations, Lack of Testing Backups, A recent study conducted by Storage Magazine found that only 37% of businesses actually test their internal backups regularly, and that an alarming 77% of those that did found that they were unable to fully recover all of their critical data. It is extremely important to test restoring data before an emergency or data failure occurs., Not Identifying the Correct Data, It’s very common for corporations to have a data failure event only to find during the restore process critical data was omitted in the backup process., Failure to Remove Data Backups Away from the Data Source, in case of fire or natural disaster., relied on tape rotation systems for their backup needs requiring the physical rotation and removal of the tapes to another site in case of fire or natural disaster., This manual, antiquated and cumbersome task is often forgotten or skipped., Relying on Error Prone Tape Backup, even though the medium (Tape Backup) is proven to provide high failure rates, some triggers, Tapes must be physically removed from the site for disaster protection, Tapes fail frequently, Heat and elements can increase the tape failure rate dramatically, Finding the correct data on the correct tapes is difficult, No accountability or reporting for failed data backups, Failure to Plan for Human Error, accidental or intentional deletions of critical computer data is the most common backup restore request by corporate IT departments., Disgruntled employees can inflict significant damage by deleting critical data., Failure to Encrypt Data Backups, A recent offsite data tape storage company lost hundreds of customer backup tapes during transport., These tapes were not encrypted and were completely accessible to anyone who found them creating a regulatory compliance nightmare and extensive fines for the company.
encryption no longer just for military
Data stored in clear-text is open to attack by everyone from service providers to partners to evil insiders., threat agents
For the most part, data transported to off-site storage is not secured and tracked, leaving tapes defenseless against theft, alteration or unauthorized viewing.
Encryption of backup tapes is the only way to ensure data at rest is safe.
California Security Breach Information Act (aka CA SB 1386), Created to address data security breaches in California, this cutting-edge law enforces a rule stating California residents must be notified any time their “personal information” is compromised., This applies to a last name with first name or first initial, and other identifying information such as a social security number, driver’s license number or California ID card., It also extends to bank account numbers, credit and debit card numbers, and access passwords or security codes., With the population of California representing approximately 12% of the United States population, it is unlikely a security breach could occur without containing some personal information from a California resident.
impact, So how devastating might it be if an IT Manager fails to properly encrypt company data? Hang on to your hard drives because, depending on the regulation that has been broken, the sentences range from suspension to 10 years in prison, with fines from $100 to $1,000,000., have another small table
honest RA, What process controls are currently in place for database management?, • Can you describe the monitoring and reporting currently being used?, • When was the last time you ran tests on your process controls to identify “leaks” and make suggestions for improvements?, • Are you willing to fully understand and accept your own responsibility for managing the internal controls of the databases you manage?
encryption issues, To do this requires an in-depth review of current encryption policies, including assessing methods, key lengths and key management., Historically, data backup is a task fraught with procrastination., The complexity of the process is time consuming and costly, incurring unacceptable downtime and slowing of networks., threat agents, However, the biggest threat to confidential information today comes not from the outside, but from the inside. And, with over one billion Internet users, Internet hacking has quickly become the most efficient method of stealing data. In most settings, it is the database administrator (DBA) who has oversight of all access to corporate data, and who performs regularly scheduled tasks like importing and exporting data, creation of various reports, and maintaining the performance and stable environment of the database. Under the new compliance regulations, DBA's find themselves charged with a high level of duties for which they often feel they do not have the most effective arsenal of tools., IronMountain incident, A story released in April 2005 revealed that records storage leader Iron Mountain had fallen victim to the loss of tapes containing sensitive customer information. Because of this incident, Iron Mountain said in its statement,, “Iron Mountain is advising its customers that current, commonly used disaster recovery processes do not address increased requirements for protecting personal information from inadvertent disclosure.”, They further went on to advise, “Iron Mountain, therefore, is recommending that companies encrypt backup tapes containing personal information...” and ended by saying,, “We believe encryption is the best way for businesses to meet the increasing need for privacy protection.”, we may have an obligation to encrypt