CIO and CISO

Privacy Leader

Marketer and Brand Manager

Blog

Increasing Encryption Deployments ... The Response to Compliance Regulations & Cyber Attacks
April 24, 2012
 Dear Friends, please join me on Thursday, April 24, 2012 at 2 PM EST where I will be speaking about the usage of encryption and how it has been evolving. Permalink

New Report on Data Recovery Operations
January 24, 2012
  As the use of third-party data recovery service providers continues to increase, so does the potential for a data breach to occur during the data recovery process. Permalink

Second Annual Patient Privacy Study Released
December 1, 2011
 Widespread use of mobile devices is putting patient data at risk, according to the latest Ponemon Institute research on healthcare providers' patient privacy practices. Permalink

Home » Blog » New Report on Data Recovery Operations » 

RSS Feed

RSS Feed RSS Feed

New Report on Data Recovery Operations

New Report on Data Recovery Operations

January 24, 2012

  As the use of third-party data recovery service providers continues to increase, so does the potential for a data breach to occur during the data recovery process. In fact, of the 87 percent of respondents who report their organization had a data breach in the past two years, 21 percent say that at least one data breach occurred when a drive was in their possession.

Every corporate IT support organization knows, data storage device failure is inevitable. Whether it results from a dropped computer, a malware attack or a spilled cup of coffee, companies are frequently challenged with recovering data from drives that have not been backed up. Not only can a crashed drive result in a business disruption, it is now becoming more evident that the consequence of using an unscrupulous data recovery vendor can be the loss or theft of sensitive and confidential information.

 Released this month, Trends in Security of Data Recovery Operations study was conducted by Ponemon Institute and sponsored by DriveSavers. This is the second annual study on the security of data recovery operations for business and government organizations. We believe this is an important issue because of the confidential and sensitive data that can be at risk when in the possession of a third-party data recovery service provider.

A possible reason is the organization’s lax vetting protocols and a lack of data security protocols at the data recovery security provider, as reported by many respondents. Moreover, respondents in our study report how their organizations are putting speed of service, success of data recovery and overall quality of service ahead of security. As the study shows, this can be attributed to the lack of IT operations involvement in the vendor selection process. Risk assessments or proof of compliance with security guidelines are often either not conducted or not known if they were conducted.

 Based on these findings, organizations should have in place a policy and guidelines for selecting a data recovery service provider. The most important practices to include in the policy are presented in the beginning of this report.  In addition, organizations need to address potential new threats to the security of data during the data recovery process. This includes making sure that if a cloud service provider uses a data recovery service provider it should be required to notify the organization. While the need to recover data may be time sensitive, it is important that every effort is made to ensure that the organization’s confidential and sensitive data is protected during the recovery process. To read the full report, click here.  http://www.drivesaversdatarecovery.com/certification/drivesavers-library/

 

 

 

Posted by Dr. Larry Ponemon at 8:43 am
Permalink Add Comment (0 Comments)