Longmont, CO (PRWEB) January 9, 2009
Boulder, Colo. Jan. 8, 2009 -- Disk storage media that is either failed or otherwise out of service can pose an extreme risk to enterprise data security. However, it is a risk that can be effectively mitigated with proper planning and execution. This is one conclusion of a new study sponsored by PeakData Services, Inc, a fast-growing IT provider dedicated to information security compliance and risk mitigation services, and performed by International Data Corp. (IDC).
One of IDC's leading compliance analysts, Vivian Tero, analyzed the best-of-breed process employed by a global financial services company to better understand the security and compliance challenges posed by storage media that has been taken out of service due to failure, technology refresh or other reasons. Among her conclusions:
- Firms must audit and inventory storage media, storage systems, applications, and computing systems that may contain personal or confidential information.
- They must identify the options available to manage the probable data breach from the failed media and decommissioned resources.
- They must formalize and document practices for handling the disposition of data in failed and decommissioned media.
The IDC study drew heavily on the experience of one large financial services firm that performed a two-year analysis of their handling of failed and expired storage media. To protect against any possibility of a data breach, for example, the firm would not allow failed or obsolete disk storage media to leave its secure data centers.
While this eliminated risk associated with the transportation of the media to third parties, it created a substantial economic burden for the firm. The firm ultimately discovered that it could safely eradicate the data to comply with multiple regulatory and governmental standards, including, among others, Sarbanes-Oxley, Graham-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Disposal Rule of the Fair and Accurate Credit Transactions Act (FACTA), Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA), using a secure, six-sigma process managed by PeakData Services, thereby eliminating business risk while recovering the economic value of the disk drives.
"This first-of-a-kind study serves as a valuable guide to any organization that is seeking to mitigate business risk associated with the unauthorized access and compromise of sensitive data," said Glenn Jacobsen, vice president and general manager of PeakData Services. "In our experience enterprises are spending enormous amounts of time, energy and money on securing "active" data, while too often overlooking data that is expired. We hope this best-practices study will put this area of risk into sharper focus and give many organizations a practical benchmark against which to compare themselves. That is why we are delighted to make the study available to the public at http://www.peakdataservices.com," Jacobsen said.
About PeakData Services
PeakData Services, Inc. develops and delivers consulting and professional services that incorporate industry-leading people, products, tools, and methodologies to help companies mitigate risk by showing them how to store, protect, and manage their business-critical information more efficiently and cost-effectively. PeakData Services works directly with clients and through leading IT storage and services partners. PeakData is headquartered in Boulder County, Colo., with international operations based in the United Kingdom and Hong Kong. For further information please visit: http://www.peakdataservices.com.