Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com



Similar documents
WHY CLOUD BACKUP: TOP 10 REASONS

Why cloud backup? Top 10 reasons

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Protecting Backup Media with AES Encryption

The potential legal consequences of a personal data breach

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

White Paper FASTFILE / Page 1

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Application Security in the Software Development Lifecycle

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Read this guide and you ll discover:

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

plantemoran.com What School Personnel Administrators Need to know

HIPAA: Bigger and More Annoying

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Datacenter Hosting - The Best Form of Protection

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Identity Theft Security and Compliance: Issues for Business

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson

CIBECS / IDG Connect DATA LOSS SURVEY. The latest statistics and trends around user data protection for business.

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Security Controls What Works. Southside Virginia Community College: Security Awareness

PCI Compliance for Healthcare

Aegis Padlock for business

Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

Network & Information Security Policy

Uncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Privacy Legislation and Industry Security Standards

Information Security Services

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

Why is online backup replacing tape? WHITEPAPER

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information

Community First Health Plans Breach Notification for Unsecured PHI

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

4 Essential Steps to a Successful HIPAA Audit. by Roman Diaz, Touchstone Compliance President. Assessment & solutions for meeting HIPAA standards

12 Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

4 Ways an Information Security Analyst Improves Business Productivity

Security and Employee Monitoring Security and

Risk Assessment Guide

12 Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

Privilege Gone Wild: The State of Privileged Account Management in 2015

Preparing for the HIPAA Security Rule

Protecting Your Data On The Network, Cloud And Virtual Servers

Why Lawyers? Why Now?

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

Best Practices in Incident Response. SF ISACA April 1 st Kieran Norton, Senior Manager Deloitte & Touch LLP

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Protection Breach Management Policy

Planning and Implementing Disaster Recovery for DICOM Medical Images

Private vs. Public Cloud Solutions

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

WHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES

Securing Critical Information Assets: A Business Case for Managed Security Services

Information Resources Security Guidelines

The HITECH Act: Protect Patients and Your Reputation

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

HIPAA COMPLIANCE AND

Remote Access Securing Your Employees Out of the Office

Security Is Everyone s Concern:

Making the leap to the cloud: IS my data private and secure?

Medical Information Breaches: Are Your Records Safe?

Privacy Law Basics and Best Practices

WHITE PAPER. Protecting Credit Card Data: How to Achieve PCI Compliance

Client Security Risk Assessment Questionnaire

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

Regulatory Compliance: How Digital Data Protection Helps

BIG SHIFT TO CLOUD-BASED SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

CHIS, Inc. Privacy General Guidelines

Meeting the Challenges of Remote Data Protection: Requirements and Best Practices

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

AB 1149 Compliance: Data Security Best Practices

HIPAA Violations Incur Multi-Million Dollar Penalties

Cards at School. Why Banks View Campuses as High Risk Customers. Payments

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked

Data Security. So many businesses leave their data exposed, That doesn t mean you have to Computerbilities, Inc.

Mitigating and managing cyber risk: ten issues to consider

Network Security & Privacy Landscape

Quality Programs for Regulatory Compliance

HIPAA Security Alert

2014 StorageCraft. All rights reserved. CASE STUDY: SOLUTIONSTART TECHNOLOGIES

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Making Database Security an IT Security Priority

7 Mistakes Businesses Make When Moving To the Cloud

10 Hidden IT Risks That Threaten Your Practice

About Dorset Connects

ITAR Compliance Best Practices Guide

Transcription:

Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

DATA PROTECTION CHALLENGE Encryption, the process of scrambling information to make it unreadable to the average human dates back to the Romans. Formerly reserved for high level government agencies, the 1970s saw a shift in encryption practices, making encryption more readily available for new applications in e-commerce, telecommunications and finance. Now, with security breaches commonplace in the daily news, the need for encryption has become so necessary that various agencies have seen a need to step in and impose regulations. But first, let s ask the obvious question: Why is it even necessary to encrypt backup data, and why is the topic receiving so much attention? The reason is security. Data stored in clear-text is open to attack by everyone from service providers to partners to evil insiders. Once you know how, it isn t that hard to do. Common firewall technologies, VPN's, and IPS systems do protect the perimeter of the network and offer some security. But they do not change the fact that the data is still stored in clear-text, leaving it ripe for the taking. 1. Data Protection Challenge 2. Off - Site Storage = Defenseless Data 3. How to Begin? With an honest risk assessment 4. What s stopping you from encrypting NOW? 5. Everyone is at risk, from CEO s to Programmers 6. Today s regulations are tomorrow's jail sentence 7. Stay out of jail with the newest encryption hardware 8. The Q3 is Today s Cutting Edge Solution Off-Site Storage = Defenseless Data Although regulatory compliance was originally implemented to assure standardized corporate financial reporting and auditing practices, IT organizations are beginning to address its widespread implications, realizing that, since IT supports the infrastructure of business, the reach and effect of these laws impacts their procedures and processes. Although several sources for guidance are available, there is currently no specific set of guidelines for compliance within the IT industry. However, one area of compliance that remains high-risk is that of data encryption. For the most part, data transported to off-site storage is not secured and tracked, leaving tapes defenseless against theft, alteration or unauthorized viewing. Encryption of backup tapes is the only way to ensure data at rest is safe. The California Security Breach Information Act (aka CA SB 1386) of 2003 is an excellent example of the direction being taken with these new regulations. Created to address data security breaches in California, this cutting-edge law enforces a rule stating California residents must be notified any time their personal information is compromised. This applies to a last name with first name or first initial, and other identifying information such as a social security number, driver s license number or California ID card. It also extends to bank account numbers, credit and debit card numbers, and access passwords or security codes. With the population of California representing approximately 12% of the United States population, it is unlikely a security breach could occur without containing some personal information from a California resident. Of course, this law imposes strict requirements for public disclosure, the main reason for the increase in reported security breaches across the country. In reality, it s better reporting, not a sudden influx of incidences, that have caused this increase. The difference today is that those responsible will have to pay for their mistakes. So how devastating might it be if an IT Manager fails to properly encrypt company data? Hang on to your hard drives because, depending on the regulation that has been broken, the sentences range from suspension to 10 years in prison, with fines from $100 to $1,000,000. 1. BOSaNOVA. Inc 2012 W. Lone Cactus Drive, Phoenix, AZ 85027

Source: Enterprise Strategy Group With new regulations raising the bar on regulatory compliance, what was once considered an adequate backup process may become an adequate reason to end up behind bars. How to Begin? With An Honest Risk Assessment Therefore, concern is steadily growing over an individual company s current and potential liability. To honestly assess your risk, several key questions must be answered immediately. What process controls are currently in place for database management? Can you describe the monitoring and reporting currently being used? When was the last time you ran tests on your process controls to identify leaks and make suggestions for improvements? Are you willing to fully understand and accept your own responsibility for managing the internal controls of the databases you manage? Honest answers to these questions allow you to define what your most critical data is and how best to encrypt that data while at rest. To do this requires an in-depth review of current encryption policies, including assessing methods, key lengths and key management. Only after this thorough process will your company be in the position to address these high-risk areas with proper encryption. 2. BOSaNOVA. Inc. 2012 W. Lone Cactus Drive, Phoenix, AZ 85027

What s Stopping You from Encrypting NOW? Historically, data backup is a task fraught with procrastination. The complexity of the process is time consuming and costly, incurring unacceptable downtime and slowing of networks. VPN, firewalls and other security measures are widely implemented to protect data, however these are not nearly effective enough to provide the security that guarantees the safety of stored confidential records. In times past, corporations were concerned only with disaster scenarios; what if something happened to their on-site backup tapes? The answer was to transport backup tapes off-site for protection. However, as corporations grew increasingly computer and Internet savvy, the risk of employee theft, data lost or stolen during transport, environmental damage and theft of discarded tapes grew. Each of these threats brought increased security measures. However, the biggest threat to confidential information today comes not from the outside, but from the inside. And, with over one billion Internet users, Internet hacking has quickly become the most efficient method of stealing data. In most settings, it is the database administrator (DBA) who has oversight of all access to corporate data, and who performs regularly scheduled tasks like importing and exporting data, creation of various reports, and maintaining the performance and stable environment of the database. Under the new compliance regulations, DBA's find themselves charged with a high level of duties for which they often feel they do not have the most effective arsenal of tools. Everyone is at Risk, From CEOs to Programmers For IT managers, it is vitally important to understand the kinds of processes your department has implemented that will prevent unauthorized access to databases, which could lead to altering of confidential database information, as well as accidentally or deliberately destroying precious data. Logic would tell us that the risk personally and to company information and customer privacy is high enough to immediately begin a solid plan of data encryption. While changes in attitude about data encryption have been slow in coming, many CEOs are realizing the impact that security breaches can have on their bottom lines. Concerned CEOs searching for ways to minimize risk are taking a longer and harder look at cost-effective ways to make data security a priority. The cost of information security and protection is fast becoming the number concern across corporate America, as the risks to confidential corporate data and personal safety increase. Government regulations, including more stringent control and audit requirements, are designed to protect consumer data and confidential information, making it clear in no uncertain terms the penalties and fines one could face for failing to meet these requirements. No corporation is immune to the risks involved in failing to encrypt backup data, not even companies responsible for storing the very data we strive to protect. A story released in April 2005 revealed that records storage leader Iron Mountain had fallen victim to the loss of tapes containing sensitive customer information. Because of this incident, Iron Mountain said in its statement, Iron Mountain is advising its customers that current, commonly used disaster recovery processes do not address increased requirements for protecting personal information from inadvertent disclosure. They further went on to advise, Iron Mountain, therefore, is recommending that companies encrypt backup tapes containing personal information... and ended by saying, We believe encryption is the best way for businesses to meet the increasing need for privacy protection. 3. BOSaNOVA. Inc 2012 W. Lone Cactus Drive, Phoenix, AZ 85027

Today s Regulations Are Tomorrow s Jail Sentences Still, while most organizations perform backup data and maintain offsite copies, backup tapes remain largely unencrypted. This leaves the risk at high levels and exposes both the company, the IT managers, (and even supervisors of these departments not directly related to a breach), to stiff fines and penalties for failure to comply with government regulations that control exposure of confidential consumer information, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Fair and Accurate Credit Transaction Act of 2003 (FACTA), and the Financial Services Act of 1999 (Gramm-Leach-Bliley or GLBA). With so many different regulations, one would assume the rules are clear-cut and the playing field is level. Savvy corporations understand the regulations and know exactly what to do to reduce their risk, right? Unfortunately, as with all new regulations, there is much work to be done in plugging the holes, but one thing is clear: it doesn t matter whether the breach is accidental or intentional. If it happens to you, you re responsible. While the overall purpose of these regulations is to create effective internal controls, detect unauthorized use, enforce system maintenance, provide the necessary information for forced independent audits, and prevent corporate fraud, the bulk of the decision making is still left up to the individual IT organizations, with stiff penalties for those in the line of fire. Particularly at risk is the DBA who, because of high-level access to data, can be found most legally liable if a breach should occur. Stay Out of Jail With the Newest Encryption Hardware Although the process of data backup and encryption is not the behemoth it once was, many IT department heads still struggle with the concept. It is commonly agreed among IT professionals that truly complete encryption can take years to implement. There is, unfortunately, nothing straightforward about implementing these new procedures but, thankfully, new encryption methods and hardware are helping to take away some of the difficulties commonly associated with the process of encryption. What can be done to ensure the security of this data and protect those involved with it? What, if anything, is holding your organization back from taking the necessary steps to choose the only appropriate solution, data encryption? Which encryption solution best meets your needs and will instill the highest level of confidence? It s no longer about user availability of backup tapes. The bigger issue is now is the confidentiality and integrity of your data. With news about security breaches hitting the airwaves in greater numbers every day, the issue of encryption is not going to go away. With the newest regulations taking shape as you re reading this, the risk to you personally is just too great. No longer is it a matter of whether you re going to encrypt, but when and, even more importantly, how. One excellent solution is the Q 3, a hardware appliance for tape backup encryption that fits in seamlessly with your current environment, takes little time to setup and has little to no effect on current backup proceprocedures. Offered by BOSaNOVA, Inc., the Q 3 leaves you free to focus on other important aspects of business operations, with no more worries about the safety and integrity of your sensitive data. The Q 3 is the latest encryption product to address your highest levels of risk to your entire IT staff from managers to 4. BOSaNOVA. Inc. 2012 W. Lone Cactus Drive, Phoenix, AZ 85027

programmers. Providing systems implementation across your entire infrastructure, the Q 3 offers the most efficient, cutting-edge process your team can implement quickly and easily, with the assistance of BOSaNOVA s stellar technical support. The Q 3 is Today s Cutting-Edge Solution! The Q 3 painlessly solves several of your most pressing encryption issues, lessening your risk even when you don t have all the IT staff you would like. The Q 3 's seamless interface adds a critical component of security and meets your biggest challenge by not interrupting your workflow or your network s performance. Access to data through this secure hardware appliance now means there s only one way in, making it nearly impossible for your data at rest to be vulnerable to attack from an unknown source. As difficult as the transition from simple backup to encryption can be for some to grasp, there s simply no going back. Previous backup methods are woefully inadequate and new regulations are fast catching up to ensure the level of security so necessary in our data-driven world. Why continue to do nothing? Contact BOSaNOVA today and discover how the new Q 3 can help you sleep better at night. BOSaNOVA Headquarters USA 2012 W. Lone Cactus Drive Phoenix, AZ 85027-9919 Ph. (866) 865-5250 Toll-free Email: info@theq3.com www.theq3.com 5. BOSaNOVA. Inc 2012 W. Lone Cactus Drive, Phoenix, AZ 85027

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information