Anywhere you look these days, it seems you can find a news story in which some poor IT guy explains how his company’s systems were hacked and its data stolen. These cyber crimes run the spectrum from teenage kids trying to recreate a scene from the movie “War Games”, to something more sinister, like the hacker group Anonymous trying to bring down the U.S. economy. Computerworld covers these stories often, as it did recently in the article, “Leaked Apple UDIDs were stolen from digital publishing firm.”
It still amazes me that ALL organizations haven’t mandated that all sensitive data MUST be encrypted. This one, small step could have a huge impact on the ability of hackers to get away with your data. This is not rocket science. You can implement a few simple, cost-effective technologies right now that would make your data much more secure.
Here is a list of five simple steps to thwart data theft:
1) Make data access more secure. At a minimum, add another layer of protection over simple password access. Use biometrics on laptops instead of passwords. Encrypt all file systems on devices that leave the premises. Add a secure token layer along with password access to enable access to applications. Use secure sockets layer (SSL) and encrypted virtual private network tunnels to get to applications and servers over the network.
2) Encrypt data at rest. There are a number of products (such as the Hitachi VSP storage array) that provide the ability to encrypt all stored data in the storage network using the storage hardware itself. Since encryption is done at the hardware level, all data types and file systems can be secured with little or no performance penalty. The VSP can also encrypt any older storage that is virtualized behind it. If you can’t afford a Hitachi VSP array, then at least implement Brocade’s encryption-capable switches in the storage area network fabric. Brocade switches work by encrypting and decrypting all data that passes through them. All data at rest is secure.
3) Encrypt your network. Wide area networks have encryption modules or firmware that enables you to encrypt any data that passes through the network for replication for disaster recovery (DR) or moving data between facilities or offices.
4) Secure your backups. How often have your heard that yet another company lost customer data by losing or having backup tapes stolen? Either implement a virtual tape library that can encrypt your tapes for you, or buy tape drives that can do it in the drives themselves. This way, when you need to ship tapes offsite, the data will be safe. Also, if you have iPad users or other bring-your-own-device (BYOD) employees, make a corporate
5) Secure your recovery location. Instead of shipping tapes for DR, you should electronically vault (replicate) your data to a secure facility using an encrypted link. The data going over the encrypted link at the network level should also be encrypted, just in case.
By implementing these five simple steps, or even just one or two of them, your chance of appearing in an article about data loss at YOUR organization will drop significantly, and you will sleep easier at night.