Data retention isn’t just something larger enterprises can afford to worry about; it’s also important for SMBs to have data retention policies and procedures in place.
Posted in Small Biz, 8th June 2009 20:02 GMT
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
<a href=”http://www.theregister.co.uk/2009/06/08/webhost_attack/”></a>
 ITProPortal |
Webhost hack wipes out data for 100000 sites
Register, UK Vaserv specializes in low-cost web hosting using VPS, or virtualized private servers. Virtualization features in LXLabs' HyperVM helped Vaserv provide the service, which costs a fraction of the price of dedicated server hosting. … After 100K sites wiped clean LxLabs boss found hanged Why Website Hosting Backups Matter VAServ Hack Results in Massive Data Loss Zero-day vulnerability in … |
June 07, 2009
Hamburg, Germany – A US aviation expert, commenting on the possible loss of the black boxes in the Air France crash, is proposing that flight data be automatically transmitted via satellite to a backup system, the German weekly magazine Der Spiegel reports. In its edition to appear on newsstands …
This item provided by Online Backup Review
By Ashish Nadkarni
There’s only one way to keep data storage costs under control, and that’s to get rid of unnecessary data. That may go against the grain of IT managers who rightly consider backup and preservation as critical to an organization’s health, but when it comes to data storage, there are ways to separate what’s useful from what’s disposable.
It should come as no surprise to any IT manager that your organization’s appetite for data keeps growing every minute. No sooner than a new set of storage tools is deployed, it becomes clear there’s a need for more, and you start planning the next wave of hardware purchases. More hardware means more floor space, power and cooling — it’s a vicious circle.
The total amount of disk storage shipped last year grew 40.5 percent from 2007, according to a recent study by IDC. If you imagine that this appetite for consumption is going to be questioned at some point in the interest of trying to curtail the IT carbon footprint, then you are not alone. Of course, there is no smoking gun, but there are choices you can make to get rid of unwanted data and free up space. That precious space can then be utilized for other purposes, thereby limiting the amount of new storage capacity to be purchased.
Before getting into “slice and dice” mode, it’s important to define what, exactly, is the goal? The goal is to ensure that spinning disk, i.e., online disk storage, is used for storing data that is really valuable to the organization. Any data that is not — and it could be in any shape or form — needs to be appropriately disposed of. Disposal could mean simply deleting it, or it could mean archiving it in another medium, either a magnetic medium such as tape, or an optical medium such as DVD or CD ROM.
Low-Hanging Fruit
What kind of data can be disposed of? Most often, the kind of data that is “time classified” or unstructured …
Please click here to continue reading this article
No related posts.
Data leakage and data loss is at an all time high. USBs, or memory sticks, which are now used to download and transport large amounts of sensitive data, may be largely to blame. A recent survey by Texas-based data security experts Credant Technologies found that, in the last year, 9,000 USB sticks have been forgotten in pockets when people take their clothes to the local dry cleaners.
The survey was carried out in the United Kingdom (UK) to gauge the frequency and ease with which mobile devices such as USB and memory sticks are lost or forgotten in strange places such as dry cleaners. The survey was also designed as a warning to be vigilant when downloading information, as it does frequently get lost.
A similar survey was conducted by Credant Technologies recently amongst taxi drivers in London and New York and showed that over 12,500 handheld devices such as laptops, iPods, and memory sticks are forgotten at the back of taxis every six months.
Michael Callahan, senior vice president and chief marketing officer at Credant Technologies, stated, “Although we conducted this survey in the UK, the idea was to show people everywhere how easy it is to lose data — even in their local dry cleaners — and that none of us are infallible. We’re convinced if we were to do the same survey in the US we’d get very similar results. If the data is sensitive or valuable then people should protect this information with encryption so no one can access the data at any point, as it could easily end up in the wrong hands.”
According to the survey, many mobile devices now have the capacity to store as much as 10,000 documents, 11,000 pictures, 500,000 contact details, or 1.1 million emails, making them an obvious target for identity theft criminals…
In my coverage of business continuity and disaster recovery, I talk to both IT infrastructure and operations professionals as well as IT security professionals and I’ve found that the term "data protection" means something different to each. This comes as no surprise and I think for a long time it didn’t really matter because IT operations and security professionals operated in independent silos. But as silos break down and "data protection" is a shared responsibility across the organization, it’s important to be specific and to understand who is responsible for what.
For IT operations professionals, "data protection" means creating a duplicate copy of data for the purposes of restore/recovery in the event data is destroyed due to a total site failure (i.e. flood takes out your data center), system failure, drive failure, accidental deletion etc. You can create a duplicate copy of your data either locally or at a remote location via backup, snapshot, replication etc. You are protecting your data from destruction. This is why backup companies such as CommVault, EMC, IBM Tivoli, HP, and Symantec (the former Veritas) refer to their backup applications and other offerings as "data protection software." The name of HP’s backup application is HP Data Protector. Ironically, these "data protection" offerings sometimes make your data less secure because it is backed or replicated to tape or over the Internet to another site in a clear text format. Which is why all these vendors now offer the ability to encrypt the data as it’s backed up to tape or replicated.
For IT security professionals, the term "data protection" means ensuring that only authorized individuals have the appropriate level of access to your organization’s sensitive data and that all access is tracked for audit. You deploy perimeter security, end-point secruity, data encryption etc. to "protect" your data from breaches, "leakage," crimeware/malware, physical theft etc. Thus we have security vendors and offerings such as McAfee’s Total Protection For Data and Mobile Armor’s Data Protection Suite.
You could argue that holistic data protection requires both recoverability and security and I would agree. Data storage is one area where IT operations professionals and security professionals need to work more closely together particularly in the area of encryption and secure data erasure. Right now, storage architects and administrators are evaluating new data storage encryption functionality available in tape drives, appliances, storage networks, disk drives, and path failover software. They’re also looking at secure data erasure services from the major storage vendors. These are services that ensure the data is wiped clean before an entire storage array or individual disk drive is returned to the vendor or to an asset disposal company and refurbished.
I’d be interested to know whether the term "data protection" has led to any confusion in IT shops and also how well security professionals know about the vulnerabilities in enterprise disk storage and tape and if storage teams are relying on their expertise to solve some of the challenges.
This item provided by The Forrester Blog For Security & Risk Professionals