The damaged data dilemma worms, viruses, spyware and spam are the culprits.The latest magazine advertisement from Adobe asking the question "How Did 80% of the Information Become 100% Useless?" caught my attention helping me realize that something has really gone wrong here. Disk and tape devices have become increasingly more reliable in protecting against device and component failures by providing continual improvements Continual Improvement (also called incremental improvement or staircase improvement) is a process or productivity improvement tool intended to have a stable and consistent growth and improvement of all the segments of a process or processes. for availability, reliability and security of its storage subsystems The part of a computer system that provides the storage. It includes the controller and disk drives. See storage system. and devices through RAID and a variety of data-replication techniques such as mirroring, snapshot copy and journaling. Our concerns about data safety are shifting from disk crashes and tape media damage to a new and serious threat that may be harder to resolve. The vast majority of this concern exists on non-mainframe systems such as Windows, Linux and Unix, where over 85% of the world's digital data is stored. Risk Factors Today, digital data is being exposed to higher risk factors as a result of destructive security breaches such as worms, viruses, spyware and the onslaught of spam as the wave of hackers and terrorists (now officially criminals) gain momentum worldwide. The spread of cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. crimes is aided by the increased number of nodes on the Internet, increased processor speed, and readily available bandwidth. Recovery from an intrusion is complex and difficult. The impact of an intrusion can result in data theft, permanent data damages, and complete data loss unless special procedures are implemented. Somehow, even after the storage hardware and storage management software suppliers spent decades and millions of R & D dollars developing architectures that protect data from storage device and network failures, the newest, and soon to be the biggest, potential threat to data loss in the 21st century is becoming intrusion. E-mail is a prime example of an application that is extremely vulnerable to intrusion. The scope and use of e-mail is truly exploding and it is estimated that the number of e-mails sent each day worldwide will exceed 36 billion in 2006. Unfortunately as we enter 2005, about 80% of e-mail traffic is "useless" spam clogging the Internet and private network bandwidth more every day. Most of the world's digital viruses and worms are transmitted by e-mail via the Internet. Blacklists of known spamming computers are no longer an effective method of stopping spam and spyware from arriving in your business. To block spam coming directly from an ISP's computers, all mail from that ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. would be have to be blocked, which would cripple crip·ple n. One that is partially disabled or unable to use a limb or limbs. v. To cause to lose the use of a limb or limbs. electronic communication. Spammers no longer use their own machines to send spam. Instead, they rely on malicious code placed on consumers' machines via viruses or spyware that transforms them into unknowing "zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. " remotely controlled by spammers. That coupled with other tactics, have allowed spammers to circumvent cir·cum·vent tr.v. cir·cum·vent·ed, cir·cum·vent·ing, cir·cum·vents 1. To surround (an enemy, for example); enclose or entrap. 2. To go around; bypass: circumvented the city. most technical measures taken by network operators to stop them, and spammers continue to ignore federal and state laws that specifically prohibit their activities. These intrusions can both damage and destroy data. Regulatory Effects Numerous government compliance regulations now affect e-mail retention. The Sarbanes-Oxley Act See SOX. requires every public company to save every record related to the audit process including all e-mails for 7 years. This reflects an important change in the role of e-mail as it has evolved to become a defacto document and records repository for many businesses. E-mail has moved beyond the worldwide communication system it was intended to be. Managing e-mail as a corporate records repository has become another new storage management discipline. Much of the e-mail repository represents "data at rest" and is seldom referenced after a few days since it was created. Historically, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. has been used only for data in transmission. Today, encrypting stored data or data at rest is becoming increasingly important, as data is still vulnerable to theft. Stealing encrypted data is of little value. Also, the metadata tags that are generated from the approaching wave of security appliances Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. will, in itself, become mission-critical data and require mirroring, encryption and a carefully implemented high-availability strategy. Recent Impact Studies In a recent spam study, market research firm Rockbridge Associates Inc. and the Center for Excellence in Service at the University of Maryland's Robert H. Smith School of Business The Robert H. Smith School of Business is a graduate school of business management within the University of Maryland, College Park. The school was named after an alumni Robert H. Smith following his generous donation of $15 million in 1998. , estimated that deleting spam alone costs nearly $22 billion a year in lost worker productivity. The study was based on a survey of 1,000 adults and said the 78% who said they receive spam spend an average of three minutes "Three Minutes" is the 46th episode of Lost. It is the twenty-second episode of the second season. The episode was directed by Stephen Williams, and written by Edward Kitsis and Adam Horowitz. It first aired on May 17, 2006 on ABC. deleting it each day they check their e-mail. The costs and efforts associated with virus and worm attacks had stabilized in the past few years but they are now going up again. The research firm Computer Economics conducted an Impact of Malicious Code study and it estimates that worldwide damages in 2004 were about $17.5 billion, up from $13 billion last year. Nearly $11 billion in 2004 damages came from the MyDoom, Netsky, Bagle, and Sasser viruses. The 2004 CSI/FBI Computer Crime and Security Survey indicated that only 45% of the companies surveyed used intrusion prevention See IPS and IDS. systems. Other recent surveys indicate that less than half of the customers questioned are protected by any type of disaster recovery plan! These surveys suggest a tremendous financial exposure resulting from damaged data still exists. Isn't this 2005? The growing threat of the damaged data dilemma is expected to create new jobs for information security professionals with an annual growth rate of 14% being projected through 2008 by IDC. As a result, the worldwide number of information security professionals is expected grow from 1.3 million to about 2.1 million workers over this period. The expense resulting from data loss and the cost of additional security workers will add new dimensions to the IT profit and loss statements of many companies. The overall impact of intrusion, combined with absorbing the financial load of government compliance, will make the CIO's financial juggling act even tougher in the next few years. Solutions Security appliances that provide fast and transparent access to encryption, compression, authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. and someday hopefully true biometric-based security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the are appearing. These also improve spam/spy-ware detection and filtering and they can help identify open-relay servers which are used for spam forwarding; but the spammers have been able to stay ahead of these solutions by using programs that connect to databases of legitimate words, those not normally seen in spam, that randomly insert these words into e-mail to attempt to classify spam as a legitimate e-mail. For primary and secondary physical storage, legal data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign , LUN masking mask·ing n. 1. The concealment or the screening of one sensory process or sensation by another. 2. An opaque covering used to camouflage the metal parts of a prosthesis. , zone settings, remote vaults and replication technologies all improve the data-protection capability by limiting access rights and many good solutions are available. Conclusion Estimates suggest that 70% of all companies go out of business after a major data loss and about 20% of all businesses experience a major disaster that affects IT every five years. Approximately 35% of disaster-recovery plans work when tested, leaving a significant opportunity for improvement. As stated earlier, only about 45% of businesses are using an intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. . As the value of data increases daily, the threat to data security is also increasing and, as a result, the overall security market is expected to grow from $17 billion in 2001 to nearly $45 billion in 2006 making it larger than the worldwide disk and tape markets combined. The damaged data dilemma mounts for the IT industry as we accelerate into the information age. CIOs and senior IT decision makers have no choice but to develop data protection strategies that go well beyond recovery for device and network failures. Even with the tools that are becoming available, can this growing security threat to digital data be averted? Fred Moore
Fred Moore (born September 7, 1911 in Los Angeles, California, USA; died November 23, 1952 in Burbank, California, USA in a road accident), was an American character is president of Horison Information Strategies (Boulder, CO) www.horison.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion