Many firms are leaving themselves exposed to a data leak through poor backup policies. Despite recent publicity about data breaches and the clamour to make sure all data is protected, most businesses are ignoring a fundamental point of attack in the backup process.
So says Curtis Preston, vice president of data protection at GlassHouse Technologies Inc. He claims most firms treat backup as an ignored and feared part of the business, relegated to the newest person on the team who often had no experience and never looked back once promoted to something else.
“This is folly. Backup is the most powerful data system in the entire company,” he said. “All data flows through it and it cuts right through any encryption or other security, policy or auditing processes in place throughout the rest of the organisation.”
To make matters worse, most backups are performed with root access, giving the user complete control with little or no chance of detection should they do something malicious.
“The log-ins are usually never changed from their default setting, even when the password is ‘ChangeMe’. It boggles the mind when everyone is banging on about data leaks, but leaving the back door wide open,” said Preston.
Because many backup systems allow users to run scripts elsewhere in the system in case they need to shut down processes that are locking files or something similar, someone in this privileged position could steal valuable company data undetected and wreak havoc across the entire business if so inclined.
Preston believes businesses need to stop ignoring backup as some dark art and regulate the area, as with the rest of business, bringing in proper password management, user policies and auditing.
“And if a company is going to insist in assigning the job of data backup to the new guy, they need to perform proper background checks before hiring him,” he concluded.
Subscribers 0
Fans 0
Followers 0
Followers