Unencrypted backup tapes leave gaping hole in data protection

1 min read

Despite high profile cases of unencrypted backup tapes going missing, more than a third of organisations still do not know if they encrypt their backup tapes and half are not sure where they would store tape backup encryption keys.

That is among the worrying findings in the new 2008 Encryption and Key Management Benchmark Survey, conducted by Trust Catalyst for information and communications systems security specialist Thales. The god news is that the survey indicates that frightening data loss headlines, coupled with compliance pressures, are driving manufacturers to encrypt more applications than ever before. Web sever and SSL encryption come top the list, with 94% being encrypted, closely followed by desktop file and email encryption, along with full disk encryption. However, tape backup encryption only featured 11th in the list, below USB and mobile device encryption – potentially leaving a major hole in enterprise data protection strategies. Bryta Schulz, vice president product marketing at Thales, says this is illustrated by the many recent data losses, including 15,000 patient records lost when a thief took unencrypted tapes from a doctor’s surgery. “Most organisations appear to be securing sensitive data in an unplanned and unstructured way, leaving both the organisation and data at risk,” comments Schulz. “In particular, it is surprising to see that the use of tape backup security is so low in the list of priorities, given the risks associated with lost tape and data recovery. We believe this shows organisations are struggling with key management issues for data storage applications.”