fast reliable certified secure data recovery does your enterprise have a security gap ? hdi...
TRANSCRIPT
![Page 1: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/1.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Does Your Enterprise Have A
Security Gap ?
HDI Sacramento Chapter August 16th, 2011
![Page 2: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/2.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
What Is The Data Security Gap?
How Can You Close That Gap?
Questions & Answers
Agenda
![Page 3: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/3.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
All Storage Devices Fail
![Page 4: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/4.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
I NEED MY DATA NOW!
![Page 5: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/5.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Main Causes of Device Failure and Data Loss
Hardware Failure RequiresProfessional Data Recovery
![Page 6: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/6.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Who Can You Trust?
![Page 7: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/7.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Ponemon Institute Survey:
• First national study on security of data recovery operations
• 636 IT Security/IT Support professionals surveyed• All verticals, including business and government• Focus on third-party data recovery services• Goal: Confirm or dispel belief that confidential and
sensitive data may be at risk when in the possession of a disreputable third-party data recovery service provider.
The Risk of Choosing theWrong Recovery Vendor
![Page 8: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/8.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Myth Buster: “We never send data out for recovery!”
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
![Page 9: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/9.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Surprise Factor:Loss of Sensitive Data Drives Vendor Engagements
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
![Page 10: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/10.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Known Factor:Data Recovery Vendors Selected by IT Support
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
![Page 11: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/11.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Risk Factor:IT Security Not Involved In Selection Process
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
![Page 12: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/12.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
83% reported a breach
19% breached at data recovery vendor
43% due to vendor’s lack of security protocols
Data Recovery Providers Could Put Your Data at Risk
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
![Page 13: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/13.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
The Smoking Gun
![Page 14: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/14.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Closing the Data Security Gap
![Page 15: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/15.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
NIST Special Publication (SP) 800-34 Updated language to Section 5.1.3
“Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non discloser agreements, be properly bonded, and adhere to organization-specific security policies."
Source: Contingency Planning Guide for Federal Information Systems, Section 5.1.3: Protection of Resources
New NIST Guideline: Proper Security Vetting
![Page 16: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/16.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
BITS/Financial Roundtable/Shared Assessments• Standardized Information Gathering (SIG) tool (SIG.V6)
updated October, 2010
Do third party vendors have access to Scoped Systems and Data? (backup vendors, service providers, equipment support maintenance, software maintenance vendors, data recovery vendors, etc)? If so, is there:
• Security review prior to engaging their services (logical, physical, other corp controls)
• Security review at least annually, on an ongoing basis
• Risk assessments or review
• Confidentiality and/or Non Disclosure Agreement requirements
• Requirement to notify of changes that might affect services rendered
SIG/AUP Auditing Tools
![Page 17: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/17.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
FDIC• Action items discussed
• Internal memo to be distributed to FDIC Examiners• Letter to be distributed to Financial Institutions
• Updates to FFIEC handbook
FDIC Vendor Mgt Guidelines
![Page 18: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/18.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Negligent or unethical data recovery technicians Unprotected networks housing restored data files Lost or compromised data during transit Switch-up of client data Improper disposal of unwanted storage devices Recovered data returned with viruses or malware
Risk Points During Data Recovery
![Page 19: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/19.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Vet Your Data Recovery Vendors
![Page 20: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/20.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Demand Proof: Proof of internal information technology controls and data security
safeguards, such as SAS 70 Type II audit reports Certification by leading encryption software companies Proof of chain-of-custody protocols and certified secure network Vetting and background checks of all employees Secure and permanent data destruction when required Use of encryption for data files in transit Proof of a certified ISO-5 (Class 100) Cleanroom
Source: The Ponemon Institute Study: “Security of Data Recovery Operations”
Checklist for Vetting Data Recovery Vendors
![Page 21: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/21.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Technology
Certifications
Protocols
DriveSavers Best Practices
![Page 22: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/22.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
We Can Save It!
![Page 23: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/23.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Choose Your Service Option
![Page 24: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/24.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Live 24/7 Support
![Page 25: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/25.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Approved GSA Contractor - #GS-35F-0121S
• Annual SAS 70 II Security Audits• High Security Service Available• Certified to recover encrypted data• DOD-approved data erasure process
![Page 26: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/26.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Recap
Data loss does occur Data recovery companies are used often Critical data is at risk of breach You can close the security gap Vet the security protocols of data
recovery service providers
![Page 27: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/27.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Q & A
![Page 28: Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011](https://reader035.vdocument.in/reader035/viewer/2022070305/5513cf065503463a298b5042/html5/thumbnails/28.jpg)
Fast • Reliable • Certified • Secure • Data Recovery
Michael Hall, [email protected]
415.382.8000 ext 126
Rob Matheson
Corporate Account [email protected]
415.382.8000 ext 136
Thank you