Less Is More: Risk Management and Your Backup Plan

Download PDF

How vulnerable is your backup media? No media management plan is foolproof, but creating a set of best practices can mitigate your risk.

Minding Your Media

What concerns you the most about the way information is being handled in your backup system?

  • The potential for inadvertent information disclosures
  • Weak security when transporting your records offsite
  • Securing the Chain-of-Custody
  • A need for improved disaster recovery plans

Are you worried about inadvertent disclosures, security breaches and data corruption when you back up and store company data, particularly when you’re moving that data offsite?

You’re smart to be concerned. Data breaches can cost your company in several ways. In fact, a 2010 Ponemon Institute study revealed that companies experiencing a data breach spent an average of $7.2 million to recover from it, and that figure will likely rise. Even the largest, most profitable company can’t afford that kind of bottom-line hit. And the damage doesn’t stop there. Security breaches, theft, corporate espionage and just plain bad luck can result in your brand’s name being tarnished in the public mind—plus you could face lawsuits, fines and lost revenue.

The costs of noncompliance with federal and state data privacy rules should be daunting enough to ensure that companies protect their sensitive data. Despite that, many firms simply aren’t prepared and fail to guard these records, particularly as they move from office to offsite storage sites.

Transporting backup media off campus can increase the risk that data will be misplaced, lost or stolen, exposing your company to liability. But you can reduce that risk if you understand where your media management strategy is vulnerable and then institute best practices in response.

Because of the laws currently in place, now more than ever your company must follow solid media management practices that are applied consistently across your organization. This will reduce the risk that your company will lose information, prevent inadvertent disclosures and reduce downtime from outages. Not only will you fortify your brand and build a competitive advantage, you’ll improve efficiencies throughout your organization.

Designate program leaders. Assigning a group of employees to backup data security chores—from start to finish—will position your organization to address challenges and lessen the risks that litter the business landscape before problems happen. Make sure each member of the team understands your best practices for managing that media.

Understand backup media lifecycles. To create a comprehensive and secure media management program, you must understand the complicated path that backup media takes from your offices to offsite storage facilities and back again. That means preparing the media for transfer, replacing tapes produced by your backup system with another tape, and ejecting all tapes scheduled for transport.

Place media ready for transport in a secure, environmentally controlled area. Only employees authorized to exchange media with a third party should be permitted here.

Ensure that media exchanges take place only between designated employees and the courier. The courier should produce identification and follow a checklist to ensure media are exchanged securely.

Control authorization and access. Set up a list of employees permitted to work with backup tapes and provide that list to your offsite service provider. This is critical to ensure Chain-of-Custody. Companies often get lax about authorization; this leaves you open to theft, loss or inadvertent disclosure.

Create policies to track and log data to prevent discrepancies from snowballing. Along with getting media ready to move offsite, make sure each shipment has a tape validation list. It should detail what’s in each shipment and what the final inventory should include. Any discrepancies can be addressed immediately, thereby ramping down risk.

Ensure processing quality. You can never completely factor out human error, but accurate validation files attached to your media shipments can help distinguish between true discrepancies and recurring inaccuracies. It’s well worth the upfront work—remember, discrepancy investigations can cost you time, money and efficiency. But make sure you review discrepancy reports daily to ensure problems are fixed quickly and are not repeated.

Institute rigorous encryption and disaster recovery policies. Encryption not only guards the data on backup media, it also can protect your company’s reputation, since many regulations do not require you to report the loss of encrypted media. A disaster recovery plan that incorporates your offsite service partner will help ensure your company’s ability to bounce back from problems.

Team with a Pro

Of course, the company you select to transport, house and manage your media plays an important role in your media management scheme. A trusted partner will reduce the likelihood that the Chain-of-Custody of your backup tapes will be compromised at any point and will help you minimize risks—fines and penalties if sensitive information is accidentally disclosed.

Make sure you select a partner that offers:

  • A choice of media transportation options, including access to a dedicated truck/van that carries only your media
  • The tightest security procedures possible around processes and personnel
  • Rigorous background checks, screenings and formal training for anyone handling your media
  • The ability to scan media at every transition point, ensuring that you’ll have an accurate record of who did what, from loading dock to vault
  • A verifiable audit trail, including documented reports, so you can identify where your records are at all times
  • System notifications detailing any discrepancies with your media
  • Highly secure, fully managed data protection, complete with proactive administration and monitoring

Do you have questions about data backup and recovery? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s Data Backup and Recovery team. You’ll be connected with a knowledgeable product and services specialist who can address your specific challenges.

Iron Mountain Suggests:
Your company will benefit most from tape if you:

1. Control access to media. Only authorized personnel should be able to touch or tap into stored information and the actual media.

2. Set procedures for handling discrepancies. The more quickly you resolve any discrepancies between what you’ve sent offsite and what you intended to send offsite, the less vulnerable you are.

3. Adopt a rigorous disaster recovery scheme. You want to protect data mainly so you can get your company up and running in the face of the unexpected. Your disaster recovery plan should guide your media management strategy.

5. Collaborate with a partner. Managing, storing and retrieving data on tape requires resources and expertise. A trusted partner can offer both, plus top-notch solutions and facilities for protecting and accessing tapes.

Related Content

The Lowdown on Compliant Data Storage

Take the Fast Track to Archived Data Access

Tape Archiving: The Classic Choice that Keeps on Going