Many organisations may find that years of irreplaceable tape backups are inaccessible because modern machines cannot handle legacy formats.
Speaking at a launch event for EMC's latest research, David Cripps, chief information security officer (CISO) at Investec, said: "People will find that they have the tape, but they won't be able to read it back."
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Investec keeps some old hardware purely for the purpose of restoring legacy tape backups.
The inability to access legacy tapes is part of a wider IT problem relating to the availability of systems. The EMC research estimated that unscheduled downtime costs $611,375 (£379,519) per year in the UK. EMC also reported that security breaches cost UK businesses an average of $1,158,077 per year, while the annual cost of data loss is $1,302,895.
The global study of 3,300 IT and senior business executives found that reduced investments in critical areas of IT – such as continuous availability, integrated backup and advanced security – were hampering the resilience of IT infrastructure and recovery time after downtime.
More articles on backup systems
“At Investec, we use security as a business risk, just like the risk [assessment] in the liquidity market," said Cripps. "It is a risk event. My reporting line is into risk, and business makes an assessment of the risk impact.”
Challenges of being a CISO
From a security and availability perspective, Cripps said that if systems are down for a second, there is an immediate impact on the business.
Among the issues he is tackling are cloud computing, cyber crime and requests from staff to use their own devices.
Cripps warned that from a CISO perspective, legislation is increasingly affecting how organisations are run. Changes to the EU Data Protection Directive, for example, will mean that a business has a time limit of 24 hours to report data loss to a regulator.
Cripps said the security industry was failing businesses by selling fear, uncertainty and doubt (FUD).
“As an industry, there is still a great deal of FUD by vendors to sell a product. People phone up and say they have a solution for APT [advanced persistent threats]. This is our life. Don't try to scare me into buying something, because [if you do that], you have lost straight away,” he said.