8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 1/24

• Data Security Technologieso 1.1 Disk Encryption

o 1.2 Hardware based Mechanisms for Protecting Data

o 1.3 Backups

o 1.4 Data Masking

o 1.5 Data Erasure• 2 International Laws and Standards

o 2.1 International Laws

o 2.2 International Standards

• 3 See also

Disk encryption refers to encryption technology that encrypts data on a hard disk

drive. Disk encryption typically takes form in either software (see disk encryption

software] or hardware (see disk encryption hardware). Disk encryption is often

referred to as on-the-fly encryption ("OTFE") or transparent encryption.

Full disk encryption (or whole disk encryption) uses disk encryption software or hardware toencrypt every bit of data that goes on a disk or disk  volume. Full Disk Encryption preventsunauthorized access to data storage. The term "full disk encryption" is often used to signify thateverything on a disk is encrypted, including the programs that can encrypt bootable operatingsystem  partitions. But they must still leave the master boot record (MBR), and thus part of thedisk, unencrypted. There are, however, hardware-based full disk encryption and hybrid full disk encryption systems that can truly encrypt the entire boot disk, including the MBR.

Hardware based Mechanisms for Protecting Data

Software based security solutions encrypt the data to prevent data from being stolen. However, a

malicious program or a hacker may corrupt the data in order to make it unrecoverable or unusable. Similarly, encrypted operating systems can be corrupted by a malicious program or ahacker, making the system unusable. Hardware-based security solutions can prevent read andwrite access to data and hence offers very strong protection against tampering and unauthorizedaccess.

Hardware based or assisted computer security offers an alternative to software-only computer security. Security tokens such as those using PKCS#11 may be more secure due to the physicalaccess required in order to be compromised. Access is enabled only when the token is connectedand correct PIN is entered (see two factor authentication). However, dongles can be used byanyone who can gain physical access to it. Newer technologies in hardware based security solves

this problem offering fool proof security for data.

Working of Hardware based security: A hardware device allows a user to login, logout and to setdifferent privilege levels by doing manual actions. The device uses biometric technology to prevent malicious users from logging in, logging out, and changing privilege levels. The currentstate of a user of the device is read by controllers in peripheral devices such as harddisks. Illegalaccess by a malicious user or a malicious program is interrupted based on the current state of auser by harddisk and DVD controllers making illegal access to data impossible. Hardware based

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 2/24

access control is more secure than protection provided by the operating systems as operatingsystems are vulnerable to malicious attacks by viruses and hackers. The data on harddisks can becorrupted after a malicious access is obtained. With hardware based protection, software cannotmanipulate the user privilege levels, it is impossible for a hacker or a malicious program to gainaccess to secure data protected by hardware or perform unauthorized privileged operations. The

hardware protects the operating system image and file system privileges from being tampered.Therefore, a completely secure system can be created using a combination of hardware basedsecurity and secure system administration policies.

Backups

Backups are used to ensure data which is lost can be recovered

In information technology, a backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event.The verb is back up in two words, whereas the noun is backup (often used like an adjective in

compound nouns).[1]

Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have beenaccidentally deleted or  corrupted. Data loss is also very common. 66% of internet users havesuffered from serious data loss.[2]

Since a backup system contains at least one copy of all data worth saving, the data storage requirements are considerable. Organizing this storage space and managing the backup process isa complicated undertaking. A data repository model can be used to provide structure to thestorage. In the modern era of computing there are many different types of data storage devices 

that are useful for making backups. There are also many different ways in which these devicescan be arranged to provide geographic redundancy, data security, and portability.

Before data is sent to its storage location, it is selected, extracted, and manipulated. Manydifferent techniques have been developed to optimize the backup procedure. These includeoptimizations for dealing with open files and live data sources as well as compression,encryption, and de-duplication, among others. Many organizations and individuals try to haveconfidence that the process is working as expected and work to define measurements andvalidation techniques. It is also important to recognize the limitations and human factorsinvolved in any backup scheme

Data repository models

Any backup strategy starts with a concept of a data repository. The backup data needs to bestored somehow and probably should be organized to a degree. It can be as simple as a sheet of  paper with a list of all backup tapes and the dates they were written or a more sophisticated setupwith a computerized index, catalog, or relational database. Different repository models havedifferent advantages. This is closely related to choosing a  backup rotation scheme.

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 3/24

Unstructured 

An unstructured repository may simply be a stack of floppy disks or CD-

R/DVD-R media with minimal information about what was backed up and

when. This is the easiest to implement, but probably the least likely to

achieve a high level of recoverability.

Full + incrementals 

A full + incremental repository aims to make it more feasible to store several

copies of the source data. At first, a full backup (of all files) is made. After

that, any number of incremental backups can be made. There are many

different types of incremental backups, but they all attempt to only back up a

small amount of data (when compared to the size of a full backup). A

incremental backup copies everything that changed after the last backup

(full, differential or incremental). Restoring a whole system to a certain point

in time would require locating the last full backup taken previous to that time

and all the incremental backups that cover the period of time between the

full backup and the particular point in time to which the system is supposed

to be restored.[3] The scope of an incremental backup is typically defined as a

range of time relative to other full or incremental backups. Different

implementations of backup systems frequently use specialized or conflicting

definitions of these terms.

Differential backup 

A differential backup copies files that have been created or changed since the

last full backup. It does not mark files as having been backed up (in other

words, the archive attribute is not cleared). If you are performing a

combination of full and differential backups, restoring files and folders

requires that you have the last full as well as the last differential backup.

Reverse delta 

A reverse delta system stores the differences between current versions of a

system and previous versions. A reverse delta backup will start with a normal

full backup. After the full backup is performed, the system will periodically

synchronize the full backup with the live copy, while storing the data

necessary to reconstruct older versions. This can either be done using hard

links, or using binary diffs. This system works particularly well for large,

slowly changing, data sets. Examples of programs that use this method are

rdiff-backup and Time Machine 

Continuous data protection 

Instead of scheduling periodic backups, the system immediately logs every

change on the host system. This is generally done by saving byte or block-

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 4/24

level differences rather than file-level differences.[4] It differs from simple disk

mirroring in that it enables a roll-back of the log and thus restoration of old

image of data.

Full system backup 

 This type of backup is designed to allow an entire PC to be recovered to "bare

metal" without any installation of operating system, application software and

data. Most users understand that a backup will prevent "data" from being

lost. The expense in a full system recovery is in the hours that it takes for a

technician to rebuild a machine to the point of restoring the last data backup.

So, a full system backup makes a complete image of the computer so that if 

needed, it can be copied back to the PC, usually using some type of bespoke

software such as Ghost, and the user can carry on from that point.

Backups can be also used when installing from one operating system to another.

[edit] Storage media

Regardless of the repository model that is used, the data has to be stored on some data storagemedium somewhere.

Magnetic tape 

Magnetic tape has long been the most commonly used medium for bulk data

storage, backup, archiving, and interchange. Tape has typically had an order

of magnitude better capacity/price ratio when compared to hard disk, but

recently the ratios for tape and hard disk have become a lot closer.[5]

Thereare myriad formats, many of which are proprietary or specific to certain

markets like mainframes or a particular brand of personal computer. Tape is

a sequential access medium, so even though access times may be poor, the

rate of continuously writing or reading data can actually be very fast. Some

new tape drives are even faster than modern hard disks. A principal

advantage of tape is that it has been used for this purpose for decades (much

longer than any alternative) and its characteristics are well understood.

Hard disk 

 The capacity/price ratio of hard disk has been rapidly improving for manyyears. This is making it more competitive with magnetic tape as a bulk

storage medium. The main advantages of hard disk storage are low access

times, availability, capacity and ease of use.[6] External disks can be

connected via local interfaces like SCSI, USB, FireWire, or eSATA, or via

longer distance technologies like Ethernet, iSCSI, or Fibre Channel. Some

disk-based backup systems, such as Virtual Tape Libraries, support data

deduplication which can dramatically reduce the amount of disk storage

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 5/24

capacity consumed by daily and weekly backup data. The main

disadvantages of hard disk backups are that they are easily damaged,

especially while being transported (e.g., for off-site backups), and that their

stability over periods of years is a relative unknown.

Optical storage 

Blu-ray Discs dramatically increase the amount of data possible on a single

optical storage disk. Systems containing Blu-ray discs can store massive

amounts of data and be more cost efficient than hard drives and magnetic

tape. Some optical storage systems allow for cataloged data backups without

human contact with the discs, allowing for longer data integrity. A recordable

CD can be used as a backup device. One advantage of CDs is that they can

be restored on any machine with a CD-ROM drive. (In practice, writable CD-

ROMs are not always universally readable.) In addition, recordable CD's are

relatively cheap. Another common format is recordable DVD. Many optical

disk formats are WORM type, which makes them useful for archival purposessince the data can't be changed. Other rewritable formats can also be utilized

such as CD-RW or DVD-RAM.

Floppy disk 

During the 1980s and early 1990s, many personal/home computer users

associated backing up mostly with copying to floppy disks. The low data

capacity of a floppy disk makes it an unpopular and obsolete choice today.[7] 

Solid state storage 

Also known as flash memory, thumb drives, USB flash drives, CompactFlash,SmartMedia, Memory Stick, Secure Digital cards, etc., these devices are

relatively costly for their low capacity, but offer excellent portability and

ease-of-use.

Remote backup service 

As broadband internet access becomes more widespread, remote backup

services are gaining in popularity. Backing up via the internet to a remote

location can protect against some worst-case scenarios such as fires, floods,

or earthquakes which would destroy any backups in the immediate vicinity

along with everything else. There are, however, a number of drawbacks toremote backup services. First, internet connections (particularly domestic

broadband connections) are generally substantially slower than the speed of 

local data storage devices, which can be a problem for people who generate

or modify large amounts of data. Secondly, users need to trust a third party

service provider with both privacy and integrity of backed up data. The risk

associated with putting control of personal or sensitive data in the hands of a

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 6/24

third party can be managed by encrypting sensitive data so that its contents

cannot be viewed without access to the secret key. Ultimately the backup

service must itself be using one of the above methods, so this could be seen

as a more complex way of doing traditional backups.

[edit] Managing the data repository

Regardless of the data repository model or data storage media used for backups, a balance needsto be struck between accessibility, security and cost. These media management methods are notmutually exclusive and are frequently combined to meet the needs of the situation. Using on-linedisks for staging data before it is sent to a near-line tape library is a common example.

On-line 

On-line backup storage is typically the most accessible type of data storage,

which can begin restore in milliseconds time. A good example would be an

internal hard disk or a disk array (maybe connected to SAN). This type of storage is very convenient and speedy, but is relatively expensive. On-line

storage is quite vulnerable to being deleted or overwritten, either by

accident, by intentional malevolent action, or in the wake of a data-deleting

virus payload.

Near-line 

Near-line storage is typically less accessible and less expensive than on-line

storage, but still useful for backup data storage. A good example would be a

tape library with restore times ranging from seconds to a few minutes. A

mechanical device is usually involved in moving media units from storageinto a drive where the data can be read or written. Generally it has safety

properties similar to on-line storage.

Off-line 

Off-line storage requires some direct human action in order to make access

to the storage media physically possible. This action is typically inserting a

tape into a tape drive or plugging in a cable that allows a device to be

accessed. Because the data is not accessible via any computer except during

limited periods in which it is written or read back, it is largely immune to a

whole class of on-line backup failure modes. Access time will vary dependingon whether the media is on-site or off-site.

Off-site data protection 

 To protect against a disaster or other site-specific problem, many people

choose to send backup media to an off-site vault. The vault can be as simple

as a system administrator's home office or as sophisticated as a disaster

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 7/24

hardened, temperature controlled, high security bunker that has facilities for

backup media storage. Importantly a data replica can be off-site but also on-

line (e.g., an off-site RAID mirror). Such a replica has fairly limited value as a

backup, and should not be confused with an off-line backup.

Backup site or disaster recovery center (DR center)

In the event of a disaster, the data on backup media will not be sufficient to

recover. Computer systems onto which the data can be restored and properly

configured networks are necessary too. Some organizations have their own

data recovery centers that are equipped for this scenario. Other

organizations contract this out to a third-party recovery center. Because a DR

site is itself a huge investment, backing up is very rarely considered the

preferred method of moving data to a DR site. A more typical way would be

remote disk mirroring, which keeps the DR data as up to date as possible.

[edit] Selection and extraction of data

A successful backup job starts with selecting and extracting coherent units of data. Most data onmodern computer systems is stored in discrete units, known as files. These files are organizedinto filesystems. Files that are actively being updated can be thought of as "live" and present achallenge to back up. It is also useful to save metadata that describes the computer or thefilesystem being backed up.

Deciding what to back up at any given time is a harder process than it seems. By backing up toomuch redundant data, the data repository will fill up too quickly. Backing up an insufficientamount of data can eventually lead to the loss of critical information.

[edit] Files

Copying files 

Making copies of files is the simplest and most common way to perform a

backup. A means to perform this basic function is included in all backup

software and all operating systems.

Partial file copying

Instead of copying whole files, one can limit the backup to only the blocks or

bytes within a file that have changed in a given period of time. This technique

can use substantially less storage space on the backup medium, but requires

a high level of sophistication to reconstruct files in a restore situation. Some

implementations require integration with the source filesystem.

[edit] Filesystems

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 8/24

Filesystem dump

Instead of copying files within a filesystem, a copy of the whole filesystem

itself can be made. This is also known as a raw partition backup and is

related to disk imaging. The process usually involves unmounting the

filesystem and running a program like dump. This type of backup has thepossibility of running faster than a backup that simply copies files. A feature

of some dump software is the ability to restore specific files from the dump

image.

Identification of changes

Some filesystems have an archive bit for each file that says it was recently

changed. Some backup software looks at the date of the file and compares it

with the last backup to determine whether the file was changed.

Versioning file system 

A versioning filesystem keeps track of all changes to a file and makes those

changes accessible to the user. Generally this gives access to any previous

version, all the way back to the file's creation time. An example of this is the

Wayback versioning filesystem for Linux.[8] 

If a computer system is in use while it is being backed up, the possibility of files being open for reading or writing is real. If a file is open, the contents on disk may not correctly represent whatthe owner of the file intends. This is especially true for database files of all kinds. The term fuzzy backup can be used to describe a backup of live data that looks like it ran correctly, but does not

represent the state of the data at any single point in time. This is because the data being backedup changed in the period of time between when the backup started and when it finished. For databases in particular, fuzzy backups are worthless.[citation needed ]

Snapshot backup

A snapshot is an instantaneous function of some storage systems that

presents a copy of the file system as if it were frozen at a specific point in

time, often by a copy-on-write mechanism. An effective way to back up live

data is to temporarily quiesce it (e.g. close all files), take a snapshot, and

then resume live operations. At this point the snapshot can be backed up

through normal methods.[9] While a snapshot is very handy for viewing afilesystem as it was at a different point in time, it is hardly an effective

backup mechanism by itself.

Open file backup

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 9/24

Many backup software packages feature the ability to handle open files in

backup operations. Some simply check for openness and try again later. File

locking is useful for regulating access to open files.

When attempting to understand the logistics of backing up open files, one

must consider that the backup process could take several minutes to back upa large file such as a database. In order to back up a file that is in use, it is

vital that the entire backup represent a single-moment snapshot of the file,

rather than a simple copy of a read-through. This represents a challenge

when backing up a file that is constantly changing. Either the database file

must be locked to prevent changes, or a method must be implemented to

ensure that the original snapshot is preserved long enough to be copied, all

while changes are being preserved. Backing up a file while it is being

changed, in a manner that causes the first part of the backup to represent

data before changes occur to be combined with later parts of the backup

after the change results in a corrupted file that is unusable, as most large

files contain internal references between their various parts that must remainconsistent throughout the file.

Cold database backup

During a cold backup, the database is closed or locked and not available to

users. The datafiles do not change during the backup process so the

database is in a consistent state when it is returned to normal operation.[10] 

Hot database backup

Some database management systems offer a means to generate a backup

image of the database while it is online and usable ("hot"). This usually

includes an inconsistent image of the data files plus a log of changes made

while the procedure is running. Upon a restore, the changes in the log files

are reapplied to bring the database in sync.[11] 

[edit] Metadata

 Not all information stored on the computer is stored in files. Accurately recovering a completesystem from scratch requires keeping track of this non-file data too.

System description

System specifications are needed to procure an exact replacement after a

disaster.

Boot sector 

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 10/24

 The boot sector can sometimes be recreated more easily than saving it. Still,

it usually isn't a normal file and the system won't boot without it.

Partition layout

 The layout of the original disk, as well as partition tables and filesystem

settings, is needed to properly recreate the original system.

File metadata 

Each file's permissions, owner, group, ACLs, and any other metadata need to

be backed up for a restore to properly recreate the original environment.

System metadata

Different operating systems have different ways of storing configuration

information. Microsoft Windows keeps a registry of system information that is

more difficult to restore than a typical file.

[edit] Manipulation of data and dataset optimisation

It is frequently useful or required to manipulate the data being backed up to optimize the backup process. These manipulations provide many benefits including improved backup speed, restorespeed, data security, media usage and reduced bandwidth requirements.

Compression 

Various schemes can be employed to shrink the size of the source data to be

stored so that it uses less storage space. Compression is frequently a built-in

feature of tape drive hardware.

De-duplication 

When multiple similar systems are backed up to the same destination storage

device, there exists the potential for much redundancy within the backed up

data. For example, if 20 Windows workstations were backed up to the same

data repository, they might share a common set of system files. The data

repository only needs to store one copy of those files to be able to restore

any one of those workstations. This technique can be applied at the file level

or even on raw blocks of data, potentially resulting in a massive reduction in

required storage space. Deduplication can occur on a server before any data

moves to backup media, sometimes referred to as source/client side

deduplication. This approach also reduces bandwidth required to send

backup data to its target media. The process can also occur at the target

storage device, sometimes referred to as inline or back-end deduplication.

Duplication 

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 11/24

Sometimes backup jobs are duplicated to a second set of storage media. This

can be done to rearrange the backup images to optimize restore speed, to

have a second copy at a different location or on a different storage medium.

Encryption 

High capacity removable storage media such as backup tapes present a data

security risk if they are lost or stolen.[12] Encrypting the data on these media

can mitigate this problem, but presents new problems. Encryption is a CPU

intensive process that can slow down backup speeds, and the security of the

encrypted backups is only as effective as the security of the key

management policy.

Multiplexing 

When there are many more computers to be backed up than there are

destination storage devices, the ability to use a single storage device with

several simultaneous backups can be useful.

Refactoring

 The process of rearranging the backup sets in a data repository is known as

refactoring. For example, if a backup system uses a single tape each day to

store the incremental backups for all the protected computers, restoring one

of the computers could potentially require many tapes. Refactoring could be

used to consolidate all the backups for a single computer onto a single tape.

 This is especially useful for backup systems that do incrementals forever 

style backups.

Staging 

Sometimes backup jobs are copied to a staging disk before being copied to

tape. This process is sometimes referred to as D2D2T, an acronym for Disk to

Disk to Tape. This can be useful if there is a problem matching the speed of 

the final destination device with the source device as is frequently faced in

network-based backup systems. It can also serve as a centralized location for

applying other data manipulation techniques.

[edit] Managing the backup process

It is important to understand that backing up is a process. As long as new data is being createdand changes are being made, backups will need to be updated. Individuals and organizations withanything from one computer to thousands (or even millions) of computer systems all haverequirements for protecting data. While the scale is different, the objectives and limitations areessentially the same. Likewise, those who perform backups need to know to what extent theywere successful, regardless of scale.

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 12/24

[edit] Objectives

Recovery point objective (RPO)

 The point in time that the restarted infrastructure will reflect. Essentially, this

is the roll-back that will be experienced as a result of the recovery. The mostdesirable RPO would be the point just prior to the data loss event. Making a

more recent recovery point achievable requires increasing the frequency of 

synchronization between the source data and the backup repository.[13] 

Recovery time objective (RTO)

 The amount of time elapsed between disaster and restoration of business

functions.[14] 

Data security 

In addition to preserving access to data for its owners, data must berestricted from unauthorized access. Backups must be performed in a

manner that does not compromise the original owner's undertaking. This can

be achieved with data encryption and proper media handling policies.

[edit] Limitations

An effective backup scheme will take into consideration the limitations of the situation.

Backup window

 The period of time when backups are permitted to run on a system is calledthe backup window. This is typically the time when the system sees the least

usage and the backup process will have the least amount of interference with

normal operations. The backup window is usually planned with users'

convenience in mind. If a backup extends past the defined backup window, a

decision is made whether it is more beneficial to abort the backup or to

lengthen the backup window.

Performance impact

All backup schemes have some performance impact on the system being

backed up. For example, for the period of time that a computer system isbeing backed up, the hard drive is busy reading files for the purpose of 

backing up, and its full bandwidth is no longer available for other tasks. Such

impacts should be analyzed.

Costs of hardware, software, labor

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 13/24

All types of storage media have a finite capacity with a real cost. Matching

the correct amount of storage capacity (over time) with the backup needs is

an important part of the design of a backup scheme. Any backup scheme has

some labor requirement, but complicated schemes have considerably higher

labor requirements. The cost of commercial backup software can also be

considerable.

Network bandwidth

Distributed backup systems can be affected by limited network bandwidth.

[edit] Implementation

Meeting the defined objectives in the face of the above limitations can be a difficult task. Thetools and concepts below can make that task more achievable.

Scheduling

Using a job scheduler can greatly improve the reliability and consistency of 

backups by removing part of the human element. Many backup software

packages include this functionality.

Authentication

Over the course of regular operations, the user accounts and/or system

agents that perform the backups need to be authenticated at some level. The

power to copy all data off of or onto a system requires unrestricted access.

Using an authentication mechanism is a good way to prevent the backup

scheme from being used for unauthorized activity.

Chain of trust 

Removable storage media are physical items and must only be handled by

trusted individuals. Establishing a chain of trusted individuals (and vendors)

is critical to defining the security of the data.

[edit] Measuring the process

To ensure that the backup scheme is working as expected, the process needs to include

monitoring key factors and maintaining historical data.

Backup validation 

(also known as "backup success validation") The process by which owners of 

data can get information about how their data was backed up. This same

process is also used to prove compliance to regulatory bodies outside of the

organization, for example, an insurance company might be required under

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 14/24

HIPAA to show "proof" that their patient data are meeting records retention

requirements[15]. Disaster, data complexity, data value and increasing

dependence upon ever-growing volumes of data all contribute to the anxiety

around and dependence upon successful backups to ensure business

continuity. For that reason, many organizations rely on third-party or

"independent" solutions to test, validate, and optimize their backupoperations (backup reporting).

Reporting

In larger configurations, reports are useful for monitoring media usage,

device status, errors, vault coordination and other information about the

backup process.

Logging

In addition to the history of computer generated reports, activity and change

logs are useful for monitoring backup system events.

Validation

Many backup programs make use of checksums or hashes to validate that

the data was accurately copied. These offer several advantages. First, they

allow data integrity to be verified without reference to the original file: if the

file as stored on the backup medium has the same checksum as the saved

value, then it is very probably correct. Second, some backup programs can

use checksums to avoid making redundant copies of files, to improve backup

speed. This is particularly useful for the de-duplication process.

Monitored backup

Backup processes are monitored by a third party monitoring center. This

center alerts users to any errors that occur during automated backups.

Monitored backup requires software capable of pinging the monitoring

center's servers in the case of errors. Some monitoring services also allow

collection of historical meta-data, that can be used for Storage Ressource

Management purposes like projection of data growth, locating redundant

primary storage capacity and reclaimable backup capacity. The Wizards

Storage Portal is an example of a solution that monitors IBM's well known

 Tivoli Storage Manager(TSM) solution.

[edit] Lore

Wikiquote has a collection of quotations related to: Backup

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 15/24

[edit] Confusion

Due to a considerable overlap in technology, backups and backup systems are frequentlyconfused with archives and fault-tolerant systems. Backups differ from archives in the sense thatarchives are the primary copy of data, usually put away for future use, while backups are a

 secondary copy of data, kept on hand to replace the original item. Backup systems differ fromfault-tolerant systems in the sense that backup systems assume that a fault will cause a data lossevent and fault-tolerant systems assure a fault will not .

[edit] Advice

 This article may contain original research. Please improve it by verifying 

the claims made and adding references. Statements consisting only of 

original research may be removed. More details may be available on the talk

page. (November 2009)

•  The more important the data is that is stored on the computer, the greater isthe need for backing up this data.

• A backup is only as useful as its associated restore strategy. For criticalsystems and data, the restoration process must be tested.

• Storing the copy near the original is unwise, since many disasters such asfire, flood, theft, and electrical surges are likely to cause damage to thebackup at the same time. In these cases, both the original and the backupmedium are likely to be lost.

• Automated backup and scheduling should be considered, as manual backupscan be affected by human error.

• Backups can fail for a wide variety of reasons. A verification or monitoringstrategy is an important part of a successful backup plan.

• Multiple backups on different media, stored in different locations, must beused for all critical information.

• Backed up archives should be stored in open and standard formats,especially when the goal is long-term archiving. Recovery software andprocesses may have changed, and software may not be available to restoredata saved in proprietary formats.

• System administrators and others working in the information technology fieldare routinely fired for not devising and maintaining backup processes suitableto their organization.

• If you already have a tape backup system, a second backup program may benecessary, do an additional backup to the external hard disk with anautomatic backup program, you will have the double data security, and it iseasy to check the backed up files in the external hard disk.

[edit] Events

• In 1996, during a fire at the headquarters of Crédit Lyonnais, a major bank inParis, system administrators ran into the burning building to rescue backup

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 16/24

tapes because they didn't have off-site copies. Crucial bank archives andcomputer data were lost.[16][17] 

• Privacy Rights Clearinghouse has documented [18] 16 instances of stolen orlost backup tapes (among major organizations) in 2005 & 2006. Affectedorganizations included Bank of America, Ameritrade, Citigroup, and TimeWarner.

• On 3 January 2008, an email server crashed at TeliaSonera, a major Nordictelecom company and internet service provider. It was subsequentlydiscovered that the last serviceable backup set was from 15 December 2007.

 Three hundred thousand customer email accounts were affected

Data Masking

Data Masking of structured data is the process of obscuring (masking) specific data within adatabase table or cell to ensure that data security is maintained and sensitive information is notexposed to unauthorized personnel. This may include masking the data from users (for exampleso banking customer representatives can only see the last 4 digits of a customers national identity

number), developers (who need real production data to test new software releases but should not be able to see sensitive financial data), outsourcing vendors, etc.

Data erasure (also called data clearing) is a software-based method of overwriting data thatcompletely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data recovery possible with common software tools.Unlike degaussing and physical destruction, which render the storage media unusable, dataerasure removes all information while leaving the disk operable, preserving IT assets and theenvironment.

Software-based overwriting uses a software application to write patterns of meaningless dataonto each of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill,identity theft and failure to achieve regulatory compliance. Data erasure also provides multipleoverwrites so that it supports recognized government and industry standards. It providesverification of data removal, which is necessary for meeting certain standards.

To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is less time-consuming thanencryption.

Information technology (IT) assets commonly hold large volumes of confidential data. Socialsecurity numbers, credit card numbers, bank details, medical history and classified informationare often stored on computer hard drives or  servers and can inadvertently or intentionally maketheir way onto other media such as printer, USB, flash, Zip, Jaz, and REV drives.

[edit] Data breach

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 17/24

Increased storage of sensitive data, combined with rapid technological change and the shorter lifespan of IT assets, has driven the need for permanent data erasure of electronic devices as theyare retired or refurbished. Also, compromised networks and laptop theft and loss, as well as thatof other portable media, are increasingly common sources of data breaches.

If data erasure does not occur when a disk is retired or lost, an organization or user faces that possibility that data will be stolen and compromised, leading to identity theft, loss of corporatereputation, threats to regulatory compliance and financial impacts. Companies have spent nearly$5 million on average to recover when corporate data was lost or stolen.[1] High profile incidentsof data theft include:

• Oklahoma Corporation Commission (2008-05-21): Server sold at auctioncompromises more than 5,000 Social Security numbers.[2] 

• University of Florida College of Medicine, Jacksonville (2008-05-20):Photographs and identifying information of 1,900 on improperly disposedcomputer.[3] 

• Compass Bank (2008-03-21): Stolen hard drive contains 1,000,000 customer

records.[4] • Lifeblood (2008-02-13): Missing laptops contain personal information

including dates of birth and some Social Security numbers of 321,000.[5] • Hannaford (2008-03-17): Breach exposes 4.2 million credit, debit cards.[6] • CardSystems Solutions (2005-06-19): Credit card breach exposes 40 million

accounts.[7] 

[edit] Regulatory compliance

Strict industry standards and government regulations are in place that force organizations tomitigate the risk of unauthorized exposure of confidential corporate and government data. These

regulations include HIPAA (Health Insurance Portability and Accountability Act); FACTA (TheFair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley); Sarbanes-Oxley Act (SOx); and Payment Card Industry Data Security Standards (PCI DSS). Failure tocomply can result in fines and damage to company reputation, as well as civil and criminalliability.

[edit] Preserving assets and the environment

Data erasure offers an alternative to physical destruction and degaussing for secure removal of all disk data. Physical destruction and degaussing destroy the digital media, requiring disposaland contributing to electronic waste while negatively impacting the carbon footprint of 

individuals and companies.[8] Hard drives are nearly 100% recyclable and can be collected at nocharge from a variety of hard drive recyclers after they have been sanitized.

 [ edit  ] Limitations

Data erasure through overwriting only works on hard drives that are functioning and writing toall sectors. Bad sectors cannot usually be overwritten but may contain recoverable information.Software driven data erasure could also be compromised by malicious code.[9]

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 18/24

[edit] Differentiators

Software-based data erasure uses a special application to write a combination of 1's and 0's ontoeach hard drive sector. The level of security depends on the number of times the entire hard driveis written over.

[edit] Full disk overwriting

There are many overwriting programs, but data erasure offers complete security by destroyingdata on all areas of a hard drive. Disk overwriting programs that cannot access the entire harddrive, including hidden/locked areas like the host protected area (HPA), device configurationoverlay (DCO), and remapped sectors, perform an incomplete erasure, leaving some of the dataintact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence.

Data erasure also bypasses the BIOS and OS. Overwriting programs that operate through theBIOS and OS will not always perform a complete erasure due to altered or corrupted BIOS data

and may report back a complete and successful erasure even if they do not access the entire harddisk, leaving data accessible.

[edit] Hardware support

Data erasure can be deployed over a network to target multiple PCs rather than having to eraseeach one sequentially. In contrast with DOS-based overwriting programs that may not detect allnetwork hardware, Linux-based data erasure software supports high-end server and storage areanetwork (SAN) environments with hardware support for Serial ATA, Serial Attached SCSI (SAS) and Fibre Channel disks and remapped sectors. It operates directly with sector sizes suchas 520, 524, and 528, removing the need to first reformat back to 512 sector size.

[edit] Standards

Many government and industry standards exist for software-based overwriting that removes data.A key factor in meeting these standards is the number of times the data is overwritten. Also,some standards require a method to verify that all data has been removed from the entire harddrive and to view the overwrite pattern. Complete data erasure should account for hidden areas,typically DCO, HPA and remapped sectors.

The 1995 edition of the National Industrial Security Program Operating Manual (DoD 5220.22-M) permitted the use of overwriting techniques to sanitize some types of media by writing all

addressable locations with a character, its complement, and then a random character. This provision was removed in a 2001 change to the manual and was never permitted for Top Secretmedia, but it is still listed as a technique by many providers of data erasure software.[10]

Data erasure software should provide the user with a validation certificate indicating that theoverwriting procedure was completed properly. Data erasure software should also comply withrequirements to erase hidden areas, provide a defects log list, and list bad sectors that could not be overwritten.

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 19/24

Overwriting StandardDat

e

Overwritin

g RoundsPattern Notes

NIST SP-800-88[11] 200

61 ?

NSA/CSS Storage Device

Declassification Manual

(SDDM)[12]

200

7

Not

approved[by 

whom?]

? Degauss or destroy

U.S. National Industrial

Security Program 

Operating Manual (DoD

5220.22-M)[10]

200

6? ?

U.S. DoD Unclassified

Computer Hard Drive

Disposition[13]

200

1

3

A character, its

complement,

another pattern

U.S. Navy Staff Office

Publication NAVSO P-

5239-26[14]

199

33

A character, its

complement,

random

Verification is

mandatory

U.S. Air Force System

Security Instruction

5020[15]

199

64

All 0's, all 1's, any

character

Verification is

mandatory

British HMG Infosec

Standard 5, BaselineStandard

? 1 All 0's

Verification is

optional

British HMG Infosec

Standard 5, Enhanced

Standard

? 3All 0's, all 1's,

random

Verification is

mandatory

Communications Security

Establishment Canada 

ITSG-06[16]

200

63

All 1's or 0's, its

complement, a

pseudo-random

pattern

For unclassified

media

German Federal Office for

Information Security[17] 

200

42-3

Non-uniform

pattern, its

complement

Australian Government

ICT Security Manual[18]

200

81 ?

Degauss or destroy

 Top Secret media

New Zealand Government 200 1 ? For data up to

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 20/24

Communications Security

Bureau NZSIT 402[19] 8 Confidential

Peter Gutmann's

Algorithm

199

6

Up to 35 ?

Originally intended

for MFM and RLL

disks, which are nowobsolete

Bruce Schneier's

Algorithm[20]

199

67

All 1's, all 0's,

pseudo-random

sequence five

times

Data can sometimes be recovered from a broken hard drive. However, if the platters on a harddrive are damaged, such as by drilling a hole through the drive (and the platters inside), then datacan only be recovered by bit-by-bit analysis of each platter with advanced forensic technology.Seagate is the only company in the world to have credibly claimed such technology, althoughsome governments may also be able to do this.

[edit] Number of overwrites needed

Data on floppy disks can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones).[21] This is not the case with modernhard drives:

• According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6):"Basically the change in track density and the related changes in the storage

medium have created a situation where the acts of clearing and purging themedia have converged. That is, for ATA disk drives manufactured after 2001(over 15GB) clearing by overwriting the media once is adequate to protectthe media from both keyboard and laboratory attack."[11] 

• According to the 2006 CMRR Tutorial on Disk Drive Data SanitizationDocument (p. 8): "Secure erase does a single on-track erasure of the data onthe disk drive. The U.S. National Security Agency published an InformationAssurance Approval of single pass overwrite, after technical testing at CMRRshowed that multiple on-track overwrite passes gave no additionalerasure."[22] "Secure erase" is a utility built into modern ATA hard drives thatoverwrites all data on a disk, including remapped (error) sectors.

• Further analysis by Wright et al. seems to also indicate that one overwrite isall that is generally required.[23] 

Data recovery

From Wikipedia, the free encyclopedia

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 21/24

 Jump to: navigation, search 

Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessiblesecondary storage media when it cannot be accessed normally. Often the data are being salvagedfrom storage media such as hard disk drives, storage tapes, CDs, DVDs, RAID, and other 

electronics. Recovery may be required due to physical damage to the storage device or logicaldamage to the file system that prevents it from being mounted by the host operating system.

The most common "data recovery" scenario involves an operating system (OS) failure (typicallyon a single-disk, single- partition, single-OS system), in which case the goal is simply to copy allwanted files to another disk. This can be easily accomplished with a Live CD, most of which provide a means to mount the system drive and backup disks or removable media, and to movethe files from the system disk to the backup media with a file manager or  optical disc authoringsoftware. Such cases can often be mitigated by disk partitioning and consistently storing valuabledata files (or copies of them) on a different partition from the replaceable OS system files.

Another scenario involves a disk-level failure, such as a compromised file system or disk  partition or a hard disk failure. In any of these cases, the data cannot be easily read. Dependingon the situation, solutions involve repairing the file system, partition table or  master boot record,or hard disk recovery techniques ranging from software-based recovery of corrupted data tohardware replacement on a physically damaged disk. If hard disk recovery is necessary, the disk itself has typically failed permanently, and the focus is rather on a one-time recovery, salvagingwhatever data can be read.

In a third scenario, files have been "deleted" from a storage medium. Typically, deleted files arenot erased immediately; instead, references to them in the directory structure are removed, andthe space they occupy is made available for later overwriting. In the meantime, the original file

may be restored. Although there is some confusion over the term, "data recovery" may also beused in the context of forensic applications or espionage.

Recovering data after physical damage

A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanicalfailures, such as head crashes and failed motors; tapes can simply break. Physical damage alwayscauses at least some data loss, and in many cases the logical structures of the file system aredamaged as well. Any logical damage must be dealt with before files can be salvaged from thefailed media.

Most physical damage cannot be repaired by end users. For example, opening a hard disk in anormal environment can allow airborne dust to settle on the platter and become caught betweenthe platter and the read/write head, causing new head crashes that further damage the platter andthus compromise the recovery process. Furthermore, end users generally do not have thehardware or technical expertise required to make these repairs. Consequently, costly datarecovery companies are often employed to salvage important data.

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 22/24

[edit] Recovery techniques

Recovering data from physically-damaged hardware can involve multiple techniques. Somedamage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover 

every readable bit from the surface. Once this image is acquired and saved on a reliable medium,the image can be safely analysed for logical damage and will possibly allow for much of theoriginal file system to be reconstructed.

 [ edit  ] Hardware repair 

Media that has suffered a catastrophic electronic failure will require data recovery in

order to salvage its contents.

Examples of physical recovery procedures are: removing a damaged PCB ( printed circuit board)and replacing it with a matching PCB from a healthy drive, performing a live PCB swap (inwhich the System Area of the HDD is damaged on the target drive which is then instead readfrom the donor drive, the PCB then disconnected while still under power and transferred to thetarget drive), read/write head assembly with matching parts from a healthy drive, removing thehard disk platters from the original damaged drive and installing them into a healthy drive, andoften a combination of all of these procedures. Some data recovery companies have proceduresthat are highly technical in nature and are not recommended for an untrained individual. Each of them will void the manufacturer's warranty. For companies who will not void a warranty, seecompanies such as Kroll Ontrack , SalvageData, and DriveSavers.

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 23/24

[edit] Recovering from logical (non-hardware) damage

Result of a failed data recovery from a Hard disk drive.

[edit] Overwritten data

See also: Data erasure

When data have been physically overwritten on a hard disk it is generally assumed that the previous data are no longer possible to recover. In 1996, Peter Gutmann, a computer scientist[1], presented a paper that suggested overwritten data could be recovered through the use of Scanning transmission electron microscopy.[1] In 2001, he presented another paper on a similar topic.[2] Substantial criticism has followed, primarily dealing with the lack of any concreteexamples of significant amounts of overwritten data being recovered.[3][4] To guard against thistype of data recovery, he and Colin Plumb designed the Gutmann method, which is used byseveral disk scrubbing software packages.

Although Gutmann's theory may be correct, there's no practical evidence that overwritten datacan be recovered. Moreover, there are good reasons to think that it cannot.[ specify][5][6][7]

[edit] Corrupt filesystems

In some cases, data on a hard drive can be unreadable due to damage to the filesystem. In themajority of these cases, at least a portion of the original data can be recovered by repairing thedamaged filesystem using specialized data recovery software. This type of data recovery can be performed by knowledgeable end-users as it requires no special physical equipment. However,more serious cases can still require expert intervention.

[edit] Online Data Recovery

8/6/2019 Data Security Technologies

http://slidepdf.com/reader/full/data-security-technologies 24/24

"Online" or "Remote" data recovery is yet another method to restore the lost or deleted data. It issame as performing the regular software based recoveries except that this kind of recovery is performed over the Internet without physically having the drive or computer in possession. Therecovery technician sitting somewhere else gains access to user's computer and complete therecovery job online. In this scenario, the user doesn't have to travel or send the media to

anywhere physically.

Although online data recovery is convenient and useful in many cases, it still carries some pointsmaking it less popular than the classic data recovery methods. First of all, it requires a stable broadband Internet connection for it to be performed correctly, which many third world countriesstill lack. Also, it cannot be performed in case of physical damage to media and for such cases,the traditional in-lab recovery has to take place