IT Managers Walk Tape Tightrope

Experts warn of no good reason to use the medium for critical backup and recovery

James Rogers, Contributor

May 23, 2006

4 Min Read
Dark Reading logo in a gray background | Dark Reading

SECAUCUS, New Jersey -- Users that continue to rely on tape for backing up or accessing critical data do so at their peril, IT managers and industry experts warned at an industry event today.

Randy Kahn, CEO of analyst firm Kahn Consulting said that although tape is a cost-effective, long-term storage medium, it may not be the best option for firms that need swift access to key pieces of information. "Is it sufficiently accessible, can you get to it when you need to get to it?" he asked.

A number of firms have already incurred the wrath of regulatory bodies, thanks to their inability to produce critical data when requested. Morgan Stanley, for example, was recently slapped with a $15 million fine by the Securities and Exchange Commission (SEC) for failing to produce email evidence in court. (See Email Travail.)

According to the SEC, the firm allegedly didn't produce backup tapes on request, never archived emails for faster searches, and overwrote backup tapes containing subpoenaed emails.

Kahn told Byte and Switch that such high profile storage snafus highlight the need for firms to rethink their storage strategies. The majority of firms, he explains, are currently using backup tapes for the wrong reasons. "Backup tapes are essential, but they are essential for disaster recovery," he says. "It's the worst possible place to park records that you need immediately."

David McDermott, records manager at Boise, Idaho-based agricultural manufacturer J.R Simplot and chair of industry body ARMA International agreed that most users haven't wrapped their heads around this challenge yet. "There's a lot of companies out there that don't understand the severity of the procedures and processes that they should have in place," he says.

J.R Simplot, according to McDermott, has a "very robust program" in place for records retention, and is currently developing an electronic system for handling the likes of email data. "Anything that is produced [by the company] could be included in the electronic records management program, he adds.

Kahn urged other users to follow this lead and consider specialized records management systems that can handle the business, legal, and technology needs of current compliance regulations: "There's all kinds of document management, electronic content management (ECM), and records management systems, that provide functionalities of all kinds."

A number of vendors, including EMC's Documentum division, FileNet, Hummingbird, and Interwoven are making moves in this space. (See EMC Acquires Authentica, EMC Googles Documentum, York Saves With Content Management , FileNet Sets New Standard, Hummingbird Has Server Solution, and Interwoven Delivers Content Storage .)

Kahn, however, highlighted the cultural challenges involved in getting a firm's IT staff and legal teams to build an effective records management system. Storage administrators, he explains, are typically concerned about the likes of file sizes whereas company lawyers are focused on content, policy, and regulations. "It's a different perspective," he says.

But the analyst believes that picking storage security battles carefully can help one get around these problems. "You take the hot button issue, the low-hanging fruit," he explains. "Take one problem, solve it holistically, and move onto the next problem," adding the users do not need to "boil the ocean."

It was not just storage security that was a hot topic in the Garden State today, as users expressed their concern about reports that a laptop containing sensitive information on 26.5 million people was stolen from a Department of Veterans Affairs employee. "I don’t know why the information is being kept on the hard drive on a laptop, rather than on a server," says McDermott.

Ray Ricks, the former vice president of security services at Citibank, now CEO of security vendor eCenturion used his keynote to warn that criminals and even terrorist organizations are becoming more sophisticated in how they perpetrate financial fraud. Even some Los Angeles street gangs, he warns, are now using magnetic stripe data from credit cards as a form of currency. "They are using it to trade and barter and pay off inter-gang debts," he reports.

Ricks also reiterated concerns that America's chief enemy in the war on terror is getting in on this act. (See U.S.: Al Qaeda Eyeing Cyber Threats.) "There is evidence that Al Qaeda has compromised our financial services systems by skimming credit cards," he says.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

About the Author

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights