Cyber Security Industry Alliance Newsletter •  Volume 3, Number 9  • July/August 2007

Cyber Security Corner: Long Term Data Integrity and Compliance Tips

Reprinted Courtesy of SC Magazine

 
 Robert Sims, President and CEO, Crossroads Systems

As 90 percent of a company's data is located near- or online, long-term data integrity and protection requirements are becoming increasingly important, especially when facing compliance audits. Data protection has traditionally fallen to the storage administrators who are often not as familiar with security and compliancy as they are with access and availability.

Most corporations' executives don't realize the true ramifications of having to keep data stored and accessible for long periods of time: tapes degrade over time and are not always accessible.

 

Most corporations' executives don't realize the true ramifications of having to keep data stored and accessible for long periods of time. Being able to quickly find and pull data from tape media five to 10 years after the initial data was written can be tricky, and simply “hoping for the best” doesn't work when your company is facing compliance audits due to governmental regulations.

Although backing up data to tape media is still the most common way to store data long term, there is a problem with this approach that storage administrators deal with all too often – tapes degrade over time. However, the odds are that many corporate executives feel assured that if the data is stored, it must be accessible. This is not always the case. In other words, there are many corporate executives who sometimes have unrealistically high expectations when it comes to storage devices like tape media.

What can a company do to ensure long-term data integrity for compliance? Companies need to educate their storage administrators on compliance and provide the tools necessary to proactively monitor drives and media. These solutions need to offer reports required during compliance audits and long-term accessibility.

 

Consider having a security or compliance officer educate the storage department on compliance issues and how they affect the entire corporation. Also, set up a system to proactively remove storage media that could cause backup failures.

 

Companies should keep a close eye on quickly-changing compliancy regulations – possibly having their security or compliance officer educate the storage department on regulations specific to the storage administrators and explain exactly how their work toward compliance is part of the bigger picture affecting the entire corporation.

Companies must choose proactive solutions, such as a monitoring solution that gives administrators an alert or “heads up” when data cannot be written or verified as written to tape as well as a reporting functionality needed for proving compliance on several levels. Organizations need to implement solutions that allow administrators to proactively remove media that has reached its effective life and could cause your backup to fail.

The cycle doesn't end with the tapes being archived – successful storage does not always mean successful recovery. Administrators need to implement periodic validation methods of stored media in order to verify that the stored data is still recoverable. In this manner, compliance requirements can be achieved for long-term data protection that not only brings peace of mind during the audit process, but gives corporations the assurance that when needed, their data is available.

Robert Sims is the President and CEO of Crossroads Systems, Inc.

This article first appeared in the April 5, 2007 edition of SC Magazine online.