Unencrypted backup tapes ‘still the norm’

Almost a year of near-continuous warnings about the vulnerability of backup tapes have gone unheeded, results from a DISUK survey show. Less than a quarter of companies currently encrypt their backup tapes, closely matching results of a similar survey conducted in March 2005 (1).

In fact, DISUK’s global ‘Paranoia Audit 2005’ showed markedly less paranoia worldwide than might be considered healthy to ensure rigorous data security. 

Only 34 percent of respondents said that their corporate security policy included backup encryption, and only 23 percent said that it was actually taking place.

However, of the non-encrypting 77 percent, more than 46 percent plan to incorporate encryption.  But, overall, this still leaves almost one in six firms with no plans to encrypt backup tapes any time soon.

Paul Howard, managing director of DISUK, said, “These results are surprising given the spate of high-profile incidents during 2005 that involved the loss of backup tapes containing sensitive personal information.  At the time these incidents served to highlight that millions of people are at daily risk of identity theft because data backed up to magnetic tape is unencrypted more often than not.  Many organisations appear to have short memories or simply to think it won’t happen to them.”

A lack of a standard approach to data security is also revealed by a lack of consistency and uncertainty over precisely with whom, within organisations, responsibility lies.  Less than one in five respondents cited the storage manager, with the security manager named by 41 percent.  Of more concern, responsibility was deemed to be shared between these two by 17 percent of respondents, while nine percent admitted that responsibility was unclear and two percent replied that no-one was responsible.  This suggests that lines of responsibility are either unclear or non-existent in more than a quarter of organisations.

Of the encrypting minority, encryption software is used by more than half, with the remainder split between backup/archiving software and encryption appliances, reinforcing the interpretation that there is no standard approach to the issue.

Paul Howard said, “Effective data security will only become a reality through a combination of technology and well-managed human processes.  For example, more than half of the companies that took part in our survey use a third party either to transport or store backup tapes, and someone needs to have specific, overall responsibility for that relationship.  Muddled chains of responsibility often end in tears.”

Encouragingly, daily backups are taken by 74 percent of companies, while a further 24 percent undertake a weekly backup.  Just one in 10 companies take hourly backups.  Tape remains the most common backup medium at 76 percent, although disk continues to take a growing share at 38 percent.

Security for its own sake remains the leading driver for backup encryption, cited by almost three-quarters of respondents.  Regulatory compliance was mentioned by only 41 percent of participants.

(1) From the research conducted by Enterprise Strategy Group, Inc. - “Information at Risk: The State of Backup Encryption” March 2005.

Geographical breakdown of respondents was as follows:
US/Canada – 53 percent
EMEA - 41 percent
ACCPAC - 5 percent

•Date: 17th Nov 2005 • Region: UK/US/World • Type: Article •Topic: IT continuity
Rate this article or make a comment - click here