Iron Mountain Admits Tape Loss, Recommends Encryption

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

In a move that could fuel efforts to change data storage practices, records management giant Iron Mountain has admitted losing a customer’s backup tapes and is recommending that customers begin encrypting tapes.

“Iron Mountain performs upwards of five million pickups and deliveries of backup tapes each year, with greater than 99.999% reliability,” the company said in a statement Thursday. “Nevertheless, since the beginning of the year, four events of human error at Iron Mountain resulted in the loss of a customer’s computer backup tapes. While four losses is not a large number in comparison to an annual rate of five million transportation events, any loss is important to customers and to Iron Mountain.”

Iron Mountain did not name the customer, but the admission comes on the heels of announcements from Bank of America and Ameritrade that the financial firms had lost backup tapes containing customer data and were notifying customers.

“Iron Mountain is advising its customers that current, commonly used disaster recovery processes do not address increased requirements for protecting personal information from inadvertent disclosure,” the company said.

Companies commonly create multiple copies of their computer data on backup tapes and move them off site to allow for recovery in case of a disaster. According to a recent report from the Enterprise Strategy Group, only seven percent of businesses encrypt all of their backup tapes.

Many businesses don’t encrypt because the process increases the complexity of the backup process and may reduce the reliability of an effective disaster recovery plan, Iron Mountain said.

“Iron Mountain, therefore, is recommending that companies encrypt backup tapes containing personal information, but take care to incorporate encryption in a way that does not compromise their overall disaster recovery plans,” the company said. “This announcement is the beginning of a campaign to educate our customers on these important issues so that together we can start to work toward solutions.”

Iron Mountain noted that the accidental loss of backup tapes “poses a potential risk if sensitive information stored on those tapes is unencrypted. … Iron Mountain is not aware of any incident in which the physical loss of a backup tape resulted in the unauthorized access of personal information. It is important to understand that unencrypted information stored on backup tapes is difficult to read, but it is not impossible. Companies need to reassess their backup strategies and seriously consider encrypting sensitive data to prevent a potential breach of privacy.”

“We invest more in training, automation and process controls than anyone in our industry,” stated Iron Mountain CEO Richard Reese. “But even Iron Mountain is not immune from human error. The only effective means to prevent unauthorized access to data is the use of encryption.”

Iron Mountain spokesperson Melissa Burman said the company made the announcement “to create awareness and educate our customers on this issue. We believe encryption is the best way for businesses to meet the increasing need for privacy protection.”

The company isn’t currently working with storage security vendors or offering an encryption solution, she said.

“For now, we’re focused on the education component, but we are evaluating solutions to bring to our customers, either directly or indirectly, that will make it easier for them
to implement encryption into the tape backup process without compromising
disaster recovery objectives,” Burman told Enterprise Storage Forum.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.