According to two new reports, storage security is a big concern for IT managers — and for good reason.
In a Web poll released Monday, the Computing Technology Industry Association (CompTIA) found that data protection and security are the biggest challenges for IT professionals involved in managing storage networks for their organizations. Nearly one-third of poll respondents — 32.5 percent — said that protecting and securing stored data is their biggest challenge, nearly double the second-highest challenge, which was storage management (16.9 percent).
On Tuesday, an Enterprise Strategy Group report said IT managers have reason to be concerned.
The ESG report, “Information at Risk: The State of Backup Encryption,” looked at the backup encryption practices of large organizations as a follow-up to Bank of America’s recent loss of unencrypted backup tapes that disappeared from a commercial airline flight in transit to a secure off-site facility.
ESG found more such incidents waiting to happen — most organizations never use encryption technologies, ESG found, making backup and off-site storage of critical data a security risk.
“Data backup and off-site storage is an error-prone manual undertaking that often includes junior employees, unmarked cardboard boxes, untrusted couriers and public transportation,” stated ESG senior analyst Jon Oltsik, the report’s author. “This process is full of holes ripe for compromise. If a malicious individual wanted to steal confidential data, he or she could simply bribe an employee or simply grab a non-descript cardboard box in transit. Since all of the data is stored in cleartext [unencrypted], it could be extremely damaging in the hands of the wrong person.”
The report was based on a survey of 388 IT professionals at North American organizations representing more than 10 industry segments, with average annual revenues of $1 billion or more. ESG found that:
- Only 6% of financial services firms always encrypt their backup data, while 65% say they never encrypt their backup data.
- Only 3% of government organizations always encrypt their backup data, while 77% say they never encrypt their backup data.
- Only 3% of healthcare firms always encrypt their backup data, while 67% say they never encrypt their backup data.
ESG said many users are unaware of the security vulnerabilities introduced by unencrypted backups, but growing awareness and faster and cheaper encryption technologies will likely change that. “The Bank of America security breach provides a concrete example of the risks that will likely lead to new security discussions, assessments and technology purchases,” ESG said.
The report found a strong correlation between organizations’ security awareness and their backup encryption habits. Users who have done a security assessment of their storage infrastructure and processes are far more likely to encrypt their data for backup then those users who have not performed a storage security assessment. And not surprisingly, users who said that their organization had a storage security breach were far more likely to encrypt their backup data than those who had not experienced a storage security breach.
The 660 respondents to the CompTIA Web poll raised a number of other issues besides security and management: 10.1 percent cited gaining faster access to stored data; 7.9 percent said they are challenged by making data more accessible; 6 percent said consolidating storage resources is their biggest challenge, and 5.6 percent cited compliance with government regulations.
The Web poll was conducted between January 24 and March 11.