"It is important to understand that unencrypted information stored on backup tapes is difficult to read, but it is not impossible," Richard Reese,

Say what? What's difficult about it? I suppose some proprietary systems are more obscure than others, but basically if you can't take a full backup and a freshly formatted machine, and recover the system to it, then there's something gravely wrong with this backup procedure!

"We are working very aggressively to educate our clients about the changing landscape," said Melissa Burman, spokeswoman for Iron Mountain.

Changing landscape? A lot of us have been recommending backup encryption for more than a decade, and doing it with Unix pipes. Some packages (e.g. AMANDA) have been offering it since at least 1998, probably longer for all I know. The built in backup in VMS has had optional DES encryption for much longer. And I distinctly recall a discussion on the importance of properly securing backup media when we first covered formal backup procedures at school, more than (yikes!) twenty years ago.

What has changed, if anything, is the increasing outsourcing of functions from in-house sysadmins who cared about the systems they looked after, to service companies who are strictly there for the bottom line and certainly not going to include any "optional extras" for free. Since security is intangible, it is usually one of the first things to go.

"The process is totally insecure," Oltsik said. "You put you most junior people on this job, and those are the people that are most likely to be bribed and look for another way to make money."

I find that rather questionable, and would like to see some hard data. Anecdotally, the junior people are more likely to fool around probing into things for kudos or just curiosity or a thrill. If you let them know that when they find security problems, they can bring it to you and will get praised for diligence (instead of censured for embarrassing you), they are a considerable asset. The people who are susceptible to bribery are embittered older employees who have been badly treated by the company. Not only are they less likely to be restrained by feelings of loyalty (since, frankly, the company doesn't deserve any), but they will be much better at hiding their tracks.

What the "junior employee" really indicates is that backups are regarded as boring (which they are) and minor (which they are not), and hence are usually poorly resourced in time and attention. This is evinced in many other ways too -- when was the last time you tested a full recovery? Yet when you stop and calculate the actual value of a backup tape, it probably should be escorted everywhere by an armed guard, with an exchange of signatures at every hand over.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11048/31739#31739