Posted by: Azaltsman
aes, backup tapes, data breach, des, disaster recovery, disk to disk backup, encryption, HIPAA, pgp, phi, symantec
Most organizations today use tapes as target media for data backup software. Although disk to disk and offsite backup technology has been around for many years companies continue to use backup tapes as their means for data and disaster recovery. A backup tape is a highly portable medium has the capability to easily expose your organization to a data breach.
Tape backup systems contain at least three components: tape backup drive, data backup software application, and backup tapes. A typical tape backup configuration is a tape backup drive connected using a cable (usually SCSI or USB) to a server with data backup software installed and configured. The data backup software, such as Symantec Backup Exec, is programmed to backup data on computers systems on your network. Agents are sometimes deployed to remote systems to enable a faster backup process. Data is backed up over a network, from directly attached (to the backup server) storage devices, or storage area networks (SANs). That data is mechanically copied to tape using a proprietary backup format.
If you have electronic protected health information (PHI) on your computer network and it is being backed up to a tape you should do the following:
- Enable data encryption on the tape backup software. Make sure you understand how data is encrypted and how data is decrypted in case you need to restore it. Make sure the encryption technology is secure (cipher strength, algorithm, etc). For example if the tape backup is using DES encryption it is not a secure method of securing your data. AES 128 bit is highly recommended.
- Encrypt the data before it is copied to tape. This means you need software to encrypt files on your network. Encrypted data copied over to a tape is secure!
Tapes are susceptible to loss and require people and/or various third parties to store them off-site for disaster recovery purposes. Consider moving to an offsite backup service or implement a secure disk to disk backup system.