LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Risks to Computers.......and Encryption
From:	Hugh Smith <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 22 Nov 2005 13:19:53 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (182 lines)
 From Mr. Owens post:

I agree with nearly everything Mr. Owens provides. I think this is a 
great
commentary on the trends in the industry.  Mr. Owens analysis and the
comments from Mr Maechtlen and Mr. Nicol create a comprehensive
dialog to help a records manager to participate in a discussion of 
trends
with IT regarding Records Management and where the two sciences
intersect and how each one can assist the other.

> From:    Norman Owens <[log in to unmask]>
> Subject: Re: Risks to Computers.......and Encryption
>
> Hugh,
>
> I believe that you take the Hoffman quote out of context and then 
> mis-apply
> it.  You then infer that we should be very worried because EMC, rather 
> than
> Mr. Hoffman, evaluates the rush to encryption as knee-jerk.  I think 
> that
> you generally represent the IT group as risk takers leading a rush to 
> cool
> technology.  So I would like to offer the Storage Magazine quote in 
> full and
> then draw a different conclusion.
>
> The Hoffman quote and context:
>
> "Whatever the case, it's important to remember that encrypting backups
> should be only a small part of an organization's security strategy. "A 
> tape
> falling off of an Iron Mountain truck is a 5% problem," says Hoffman. 
> "It's
> far more likely that information will be leaked because of a laptop 
> loss or
> employee theft." Broadly speaking, he sees the rush to encrypt backups 
> as "a
> massive knee-jerk reaction within the storage industry right now. The 
> best
> way to secure your backup is not to put it on tape [and to use disk]."

I was reluctant to include the whole quote as I did not want this to be 
a "piling on"
  thing about losing tapes and the consequences it creates for the 
client who is
forced to endure the negative publicity that results from lost media.

My first post on this whole topic referred to my disgust for those who 
lose tapes
and then point at the client and say, "It's their fault, not ours.  
They should have
encrypted!" And then, follow up with a public relations push that seems 
to infer
that anyone who does not encrypt is somehow to blame for any future 
losses
that occur by their tape storage vendor.

As Peter states in his post:

>> IMs suggestion that responsible (organizations) should encrypt their
>> tapes obfuscates the problem that the pickup and delivery of tapes (or
>> any other media) should  be performed perfectly everytime. Yes
>> organizations should take every precaution within reason  to protect
>> their information, but at they same time their contracted vendors
>> should work towards providing the level of protection that their
>> customers expect from them.

>
> Hoffman's argument overall is that disk is a better backup media than 
> tape
> and so tape encryption is mis-guided because a disk-based solution is
> better.  He also doesn't feel that tape loss poses as much of a risk as
> internal threats and laptop loss.  This message that disk is better for
> backups than tape is at least a 10-year-old message from EMC.
>
> You have used a reference to the quote to imply a worry point that I 
> don't
> think EMC shares.  EMC is selling the encryption appliances as at a 
> brisk
> pace.

EMC in the last year put out a press release stating they were adding
tape storage to their array of services because there is a place for it 
in
dynamic disaster recovery. But you are correct, I have a limited 
knowledge
of this whole matrix of IT and back up and recovery. Where does 
encryption
fit? Is disk to disk always better?  Is tape still viable?  My feeling 
is that hard
media such as tapes and cartridges are to computers; what paper is to 
records
management.  Every year we call for the eulogy on paper as digital 
media grows
in importance; but paper use continues to expand. ( See Smead report on 
file folder
sales.) Tape and cartridge growth is still on the rise, but for how 
long?

My company builds server vaults as well as vital records vaults. The 
Server Vault
portion of our business is dramatically increasing, probably due to 
your observation
that disk to disk is growing in popularity due to its advantages. 
Question, is encryption
necessary if I am doing disk to disk back up?

Ironically, our Server Vault clients usually vault the main data 
processing area and then
also vault the mirror site.  But building two data server facilities is 
expensive and until that
cost comes down, won't tape stay popular for the general industry?

> I have tried to argue that if you are worried about data loss through 
> tape
> theft then you should encrpyt your tape data.  Iron Mountain, a leading
> vendor of these off-site services now says that all responsible 
> customers
> should do this.  To a previous suggestion that we focus on SLAs I 
> wonder
> what use that will be if a leading provider of these services now 
> rejects
> the SLA approach as a means of decreasing the risk of data loss.

Yes but this infers that all who do not encrypt are irresponsible.  
This could be
interpreted that "Nothing will change on our end, we will continue to 
lose tapes
so you are now officially warned "Encrypt or be liable for our losses 
of your data."
Banks store billions of dollars.  They do not warn us "If we lose your 
money, it is
your fault! You should have taken extra precautions!"

It would be unkind of me to remark on the comment........
>> "To a previous suggestion that we focus on SLAs I wonder what use 
>> [the SLA]
>> that will be if a leading provider of these services now rejects
>> the SLA approach as a means of decreasing the risk of data loss."

But it is taking every bit of restraint that I have, to not comment on 
this.
>
> Hoffman and others argue that this focus on tape encryption is 
> misdirected
> which is all well and good unless this is what your CIO and corporate 
> board
> is worried about too.  And you can't afford to supplant tape with disk.

How does the records manager use the insights you have provided to 
become
more involved in the protection of records and the overall integrity of 
the records
management program within the organization?

:~) And I am not just asking this to provide the close for a speech I 
will give in Omaha
in January.  Although I request that those in Nebraska not read Mr. 
Owens next post
for fear it will spoil the ending to my presentation.

These dialogs are what makes the Listserv valuable, as everything can 
be learned
from those with a speciality in the field being discussed. So as we 
approach Thanksgiving,
I am thankful for the friends on the List who take time to educate each 
other.

I also look forward to Peter's comment that he would provide more later 
on this topic.

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
ATOM RSS1 RSS2
LISTSERV.IGGURU.US