Where do your backup tapes go to die?
The trade press is filled with stories about companies getting into big regulatory trouble over lost backup tapes [1][2]. The tricky part is that usually, one reason companies use backup tapes is the ability to archive backup tapes offsite for extended periods of time. Terabytes by Terabytes, rotating cheap SATA disks usually is cheaper and faster, but hard drives don't have the offline persistence of backup tapes.
But with offsite storage comes loss of physical control. You hire a reputable, but not too expensive, records company to pickup the tapes, and store them at what you hope to be a secure facility. So I was a bit surprised to find a drum full of backup tapes dumped into an alley close to my house. The drum was filled with LTO data tapes commonly used in backups. The tapes looked in good shape, but a bit wet due to being exposed to rain. I don't have a sacrificial reader to try them out (given that they are wet, I don't want to put them in a "good" reader that is still in use). There are no markings showing the owner of the tapes either on the drum or the tapes themselves, but a couple have pencil markings (like a letter and a number) indicating that they may be used.
At this point I can only speculate what the tapes contain. There are a number of hospitals in the immediate area (couple miles), and I have found medical supplies and lost/discarded patients before. But so far no records. The same pile of trash also includes a similar drum with an address label, and I have yet to be able to contact that company.
So do you audit whoever stores, and discards, your tapes? Would it make sense to identify the owner in case they are found? Or is this just increasing the risk? Do you encrypt backup tapes before sending them offsite?
[1] http://www.southcoasttoday.com/apps/pbcs.dll/article?AID=/20121110/NEWS/211100330
[2] http://www.darkreading.com/database-security/167901020/security/news/240142846/10-top-government-data-breaches-of-2012.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
Rob
Dec 4th 2012
1 decade ago
Moriah
Dec 4th 2012
1 decade ago
JTK
Dec 4th 2012
1 decade ago
Eli
Dec 4th 2012
1 decade ago
when we upgraded to LTO-3 drives. A "Set it, and Forget it" solution.
PaulOutBox
Dec 4th 2012
1 decade ago
Roy
Dec 4th 2012
1 decade ago
How long is the data sensitive? If the sensitivity is longer that the time-to-crack then you have to destroy the tapes. SSNs are the classic example.
MattC
Dec 4th 2012
1 decade ago
Of course if your keys are not well secure then that makes the above a mute point. And given the places such keys must be present just to encrypt and manage the data that is your most likely spot to be compromised to make the tapes of value.
BGC
Dec 5th 2012
1 decade ago
MattC's statement is exactly spot-on. Sensitivity Window vs Time-To-Crack. It IS that simple. You forget that if I can crack an old tape, I may have just found the key for your current tapes, perhaps.
Cheers all,
Steven
Dec 5th 2012
1 decade ago
1 - Bad Actors don't need to hang on to tapes for 10 years. They can read them now! It will be encrypted, but if you're identified as a target with value, they can hang onto data as long as necessary. And the cost of hanging onto the data gets cheaper over time.
2 - Time-to-Crack has such a high uncertainty that I don't see how anyone can be sure they have as much as 10 years. Is there an unknown flaw in the algorithm? Does the NSA already have a quantum decryptor?
The cost to shred a tape compared to the cost to buy a tape is so low (1%?), that it should really be done for any data that isn't strictly public.
FYI, we had 5 tons of tapes shredded last year.
MattC
Dec 5th 2012
1 decade ago