Archive or anarchy?

Businesses want to get to their data quickly and easily, but with increasing amounts of material available, a disciplined approach to storage security isessential

Businesses want to get to their data quickly and easily, but with increasing amounts of material available, a disciplined approach to storage security isessential

Data is the lifeblood of an organisation, but it is no good to anyone unless it can be pumped to where it is needed. The flow of data is what makes a ­business competitive, agile, able to react to changes quickly and capable of ­­making decisions based on historical trends.

Such analysis cannot be conducted if the data is not available, lost or in a format which cannot be easily accessed. There is little use in storing information unless it can be retrieved in a timely fashion.

Clearly, if the wrong information is stored or the data is corrupted it is of no use to anyone. It is therefore important for businesses to consider not only what information to store, but also how it should be stored and how easily it can be retrieved.

Let's face it, most businesses expect data to be on hand all the time. Companies quickly lose faith in IT if it is unable to provide the right information quickly. Users simply do not appreciate the amount of time needed to restore archived information. They do not understand the sheer effort required to find and load up the relevant back-ups.

To make the lives of back-up staff easier, organisations are deploying structured storage, also known as information lifecycle management, to keep frequently accessed data near where it is needed. With information lifecycle management, information should be readily available to the end-user.

Since this information is designed to be accessed easily, the IT director must ensure that only the right end-users can see it. User authentication, security and privacy should all be considered key components of a company's storage strategy.

With the risk of back-up tapes getting lost, suppliers are offering tape encryption, since, given enough time, a determined hacker could decipher the back-up file format and retrieve potentially business-critical or confidential information from a stolen tape.

Data may be archived for many years, so will the decryption keys still be available? And even if the data is decrypted, has the organisation still got a licence to run the software that can make any sense of it? The data may be invalid - or worse, it may be infected by a virus.

Protecting against a current virus should be easy, since anti-virus software can check that the data is not infected before it is backed up. But each time the archived tape is accessed there is a risk it could be infected, unless the back-up system adheres to the same level of IT security as operational systems.

The validity of the archived data may, however, be questionable. Is it really fair to assume a customer's address has not changed in several years? And what happens if this factually incorrect data is accidentally loaded into the operational system? Mayhem.

It is far too easy to make mistakes, particularly when end-users can now access archived data so easily, thanks to information life-cycle management. Worryingly, while the IT industry has worked at giving users access to the information, it appears to have done very little to reduce the risk and minimise the inevitable disruption caused by human error, or malicious intent.

In the future, the answer may be digital rights management. Not only could this prevent unauthorised users from seeing the data, it might even have a role to play in ensuring old data does not overwrite new.

There is no single solution. But as access to data becomes easier, the IT director will need to put in place multiple layers to ensure the integrity of the data and that it is only accessed by authorised end-users.

Read more on IT risk management