- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Data should be encrypted in transit. All you need to remember are those six words. When your company ships a pile of back-up tapes from Point A to Point B, that's "in transit." The data on those tapes should be encrypted. Period. End of discussion.
Let me put it another way. People connect to your network over the Internet via some kind of VPN that uses encryption, right? You wouldn't think of shutting down your IPSec or SSL VPN and going back to unencrypted Point-to-Point Tunneling Protocol would you? "Of course not," you say. Well, that's data in transit, and it's encrypted. Not because you think that anyone is necessarily trying to listen in. But just in case.
It's the same way with back-up tapes that you plan to ship somewhere. You can probably send tapes out every day, even twice a day, for years and never lose a set. But as good as FedEx may be, chances are it's going to lose a package sooner or later. So just in case, the data should be encrypted. It's inexpensive-there's no excuse for not encrypting. By network standards, tape drives are dog slow. Your average $300 home firewall will encrypt at 70M to 80M bit/sec - nearly twice as fast as your typical digital linear tape drive. And that dual-CPU, 3.2-GHz server you're using to run the tape drives can do it without breaking a sweat.
What bothers me about this issue are the amazingly long rivers of text written by people who don't understand why operations managers who don't encrypt data in transit should be fired. This is not a complex issue; it's a simple one. I feel like Ernest Hemingway here. Encrypt your data.
Of course, I know why the tapes aren't encrypted. It's that status quo thing I wrote about in my last column . Operations managers have been directing backups for 10, maybe 20 years. Back then, we never thought about the security of data on tapes, and many operations managers have never revisited the issue. The security team probably never thought to call up the operations team and ask about this topic.
But when the first lost back-up tape story hit the news months ago , it should have shocked every operations manager in the world into saying, "I need to start encrypting data tomorrow." Those who aren't encrypting their back-up tapes today should be fired tomorrow. There's no excuse for not doing this, other than incompetence.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment