This article can also be found in the Premium Editorial Download "Storage magazine: Benefits of third-party data protection and recovery management tools."
Download it now to read this article plus other related content.
I'd love to say ESG drove the behavioral change, but my guess is that it was related to three critical factors:
- Visible data breaches. In February 2005, Bank of America lost backup tapes containing the personal information of 1.2 million customers. The same thing happened to Citigroup in June 2005, only this time the tapes contained the personal data of 3.9 million customers. ESG estimates a per-record cost of between $30 and $150, which is a total cost of approximately $1 billion to more than $6 billion for the two breaches combined. Obviously, these incidents demonstrated that the risk of outsiders gaining access to backup tapes was real.
- More privacy laws. The granddaddy of U.S. privacy laws has the catchy name of California Senate Bill (SB) 1386. SB 1386 mandates that companies publicly disclose data breaches if any California citizen's private information is exposed. In effect, SB 1386 was behind the Bank of America and Citigroup disclosures. As of this writing, a total of 28 states have passed similar privacy laws, and there are more stringent regulations in effect in Europe and Asia.
- Boardroom jitters. When CEOs see data breach headlines emanating from Bank of America and Citigroup, they tend to be more willing to open the corporate wallet to scramble bits on their tapes.
Most still don't encrypt
Despite all of this progress, 75% of enterprises still don't encrypt their backup data. Why? Some are still hung up on the traditional objections--cost and performance--to any form of encryption. Enterprises may not have a budget for backup encryption or may feel that encryption will add too much overhead, slow down backup processing and throw a monkey wrench into an already tight backup window. Another obstacle to backup encryption is user confusion--encryption is still a black art to many storage professionals. Finally, storage managers can quickly assume a "deer in the headlights" look when confronted with a choice of encrypting backup tapes using backup software, file-system tools, cryptographic appliances or switches, or encrypting tape drives.
This was first published in July 2007