Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011.

Similar presentations


Presentation on theme: "Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011."— Presentation transcript:

1

2 Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011

3 Fast Reliable Certified Secure Data Recovery What Is The Data Security Gap? How Can You Close That Gap? Questions & Answers Agenda

4 Fast Reliable Certified Secure Data Recovery All Storage Devices Fail

5 Fast Reliable Certified Secure Data Recovery I NEED MY DATA NOW!

6 Fast Reliable Certified Secure Data Recovery Main Causes of Device Failure and Data Loss Hardware Failure Requires Professional Data Recovery

7 Fast Reliable Certified Secure Data Recovery Who Can You Trust?

8 Ponemon Institute Survey: First national study on security of data recovery operations 636 IT Security/IT Support professionals surveyed All verticals, including business and government Focus on third-party data recovery services Goal: Confirm or dispel belief that confidential and sensitive data may be at risk when in the possession of a disreputable third-party data recovery service provider. The Risk of Choosing the Wrong Recovery Vendor

9 Fast Reliable Certified Secure Data Recovery Myth Buster: We never send data out for recovery! Source: The Ponemon Institute Study: Security of Data Recovery Operations

10 Fast Reliable Certified Secure Data Recovery Surprise Factor: Loss of Sensitive Data Drives Vendor Engagements Source: The Ponemon Institute Study: Security of Data Recovery Operations

11 Fast Reliable Certified Secure Data Recovery Known Factor: Data Recovery Vendors Selected by IT Support Source: The Ponemon Institute Study: Security of Data Recovery Operations

12 Fast Reliable Certified Secure Data Recovery Risk Factor: IT Security Not Involved In Selection Process Source: The Ponemon Institute Study: Security of Data Recovery Operations

13 Fast Reliable Certified Secure Data Recovery 83% reported a breach 19% breached at data recovery vendor 43% due to vendors lack of security protocols Data Recovery Providers Could Put Your Data at Risk Source: The Ponemon Institute Study: Security of Data Recovery Operations

14 Fast Reliable Certified Secure Data Recovery The Smoking Gun

15 Fast Reliable Certified Secure Data Recovery Closing the Data Security Gap

16 NIST Special Publication (SP) Updated language to Section Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non discloser agreements, be properly bonded, and adhere to organization-specific security policies." Source: Contingency Planning Guide for Federal Information Systems, Section 5.1.3: Protection of Resources New NIST Guideline: Proper Security Vetting

17 Fast Reliable Certified Secure Data Recovery BITS/Financial Roundtable/Shared Assessments Standardized Information Gathering (SIG) tool (SIG.V6) updated October, 2010 Do third party vendors have access to Scoped Systems and Data? (backup vendors, service providers, equipment support maintenance, software maintenance vendors, data recovery vendors, etc)? If so, is there: Security review prior to engaging their services (logical, physical, other corp controls) Security review at least annually, on an ongoing basis Risk assessments or review Confidentiality and/or Non Disclosure Agreement requirements Requirement to notify of changes that might affect services rendered SIG/AUP Auditing Tools

18 Fast Reliable Certified Secure Data Recovery FDIC Action items discussed Internal memo to be distributed to FDIC Examiners Letter to be distributed to Financial Institutions Updates to FFIEC handbook FDIC Vendor Mgt Guidelines

19 Fast Reliable Certified Secure Data Recovery Negligent or unethical data recovery technicians Unprotected networks housing restored data files Lost or compromised data during transit Switch-up of client data Improper disposal of unwanted storage devices Recovered data returned with viruses or malware Risk Points During Data Recovery

20 Fast Reliable Certified Secure Data Recovery Vet Your Data Recovery Vendors

21 Fast Reliable Certified Secure Data Recovery Demand Proof: Proof of internal information technology controls and data security safeguards, such as SAS 70 Type II audit reports Certification by leading encryption software companies Proof of chain-of-custody protocols and certified secure network Vetting and background checks of all employees Secure and permanent data destruction when required Use of encryption for data files in transit Proof of a certified ISO-5 (Class 100) Cleanroom Source: The Ponemon Institute Study: Security of Data Recovery Operations Checklist for Vetting Data Recovery Vendors

22 Fast Reliable Certified Secure Data Recovery Technology Certifications Protocols DriveSavers Best Practices Authorized by leading Data Storage Mftrs DOD Approved Data Destruction Certified by Leading Encryption Vendors Certified ISO-5 (Class 100) Cleanroom SAS 70 Type II Audit Reports

23 Fast Reliable Certified Secure Data Recovery We Can Save It!

24 Choose Your Service Option

25 Live 24/7 Support

26 Approved GSA Contractor - #GS-35F-0121S Annual SAS 70 II Security Audits High Security Service Available Certified to recover encrypted data DOD-approved data erasure process

27 Fast Reliable Certified Secure Data Recovery Recap D ata loss does occur D ata recovery companies are used often C ritical data is at risk of breach Y ou can close the security gap V et the security protocols of data recovery service providers

28 Fast Reliable Certified Secure Data Recovery Q & A

29 Fast Reliable Certified Secure Data Recovery Michael Hall, CISO ext 126 Rob Matheson Corporate Account Executive ext 136 Thank you


Download ppt "Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011."

Similar presentations


Ads by Google