The Storage Effect

All Things Storage The Storage Effect

Data breaches – what’s it gonna take?

What is the RSA Hack teaching us about data security?

As Steve Duplessie of ESG says, “If RSA can get hacked, you sure can.”

Reading up on this, there really is nothing new.  To Steve’s point, what is it going to take for us to wake up and realize it’s not a matter of if we’ll get hacked, it’s a matter of when. Today, we are so focused on what to do when we get hacked to mitigate the consequences.  There’s US Government regulation for communicating when a breach occurs, but nothing that mandates data protection. In fact, only two states (Nevada & Massachusetts) have laws on the books that mandate the encryption of data. I’m not saying we need government regulation to get us to do something, but what really is it going to take?

In a ZD Net Between the Lines blog written by John Hazard, “Data breach costs rise with criminal attacks”.  According to the blog, the Ponemon Institute released their 2010 data breach cost estimates, and according to the Symantec sponsored study, a data breach costs a company on average $7.2 Million, or $214 per compromised record.  I recently put together a presentation on the market for self encrypting drives for Seagate, and my 2009 numbers showed $6.75 Million and $204 per compromised record. It’s only going up, and will continue to go up, if we don’t start think about encrypting nearly every single piece of data we generate, especially data at rest.

Check out 5 reasons to implement self-encrypting server drives. It’s an old story, but everyday, it rears its ugly head.

To use a bank analogy, it seems we spend a lot of time and attention  securing the front door. Shouldn’t we be securing the vault even more? What’s it gonna take?

Security Resources:

Storage Effect Blogs on Security
Inside IT Storage Blogs on Security
Seagate.com/security
Seagate Secure Enterprise drives

Image by: http://www.efytimes.com

3 Comments

Post a Comment

Your email is never shared.

* Required fields

* Seagate will review all blog submissions and determine, in its sole discretion, whether such submissions will be posted for broader viewing. No blog comment will be considered for posting if deemed potentially damaging to Seagate's reputation or insufficiently aligned with the relevant blog topic. Without in any way limiting the foregoing, no submissions will be posted that contain: confidential company information; profanity; racial slurs; gratuitous references to sex, substance use, or violence; or statements that are in any way contrary to the letter or spirit of Seagate's Code of Business Conduct and Ethics.