The latest magazine advertisement from Adobe asking the question “How Did 80% of the Information Become 100% Useless?” caught my attention helping me realize that something has really gone wrong here. Disk and tape devices have become increasingly more reliable in protecting against device and component failures by providing continual improvements for availability, reliability and security of its storage subsystems and devices through RAID and a variety of data-replication techniques such as mirroring, snapshot copy and journaling. Our concerns about data safety are shifting from disk crashes and tape media damage to a new and serious threat the may be harder to resolve. The vast majority of this concern exists on non-mainframe systems such as Windows, Linux and Unix where over 85% of the world’s digital data is stored.
By Fred Moore
Today digital data is being exposed to higher risk factors as a result of destructive security breaches such as worms, viruses, spyware and the onslaught of spam as the wave of hackers and terrorists, now officially criminals, gain momentum worldwide. The spread of cyber crimes is aided by the increased number of nodes on the Internet, increased processor speed, and readily available bandwidth. Recovery from an intrusion is complex, difficult and the impact of an intrusion can result in data theft, permanent data damages, and complete data loss unless special procedures are implemented. Somehow, even after the storage hardware and storage management software suppliers spent decades and millions of R&D dollars developing architectures that protect data from storage device and network failures, the newest and soon to be the biggest potential threat to data loss in the 21st century is becoming intrusion. E-mail is a prime example of an application that is extremely vulnerable to intrusion. The scope and use of e-mail is truly exploding and it is estimated that the number of e-mails sent each day worldwide will exceed 36 billion in 2006. Unfortunately as we enter 2005, about 80% of e-mail traffic is “useless” spam clogging the Internet and private network bandwidth more every day. Most of the world’s digital viruses and worms are transmitted by e-mail via the Internet. Blacklists of known spamming computers are no longer an effective method of stopping spam and spyware from arriving in your business. To block spam coming directly from an ISP’s computers, all mail from that ISP would be have to be blocked, which would cripple electronic communication. Spammers no longer use their own machines to send spam. Instead, they rely on malicious code placed on consumers’ machines via viruses or spyware that transform them into unknowing “zombies” remotely controlled by spammers. That coupled with other tactics have allowed spammers to circumvent most technical measures taken by network operators to stop them, and spammers continue to ignore federal and state laws that specifically prohibit their activities. These intrusions can both damage and destroy data.
Numerous government compliance regulations now affect e-mail retention. The Sarbanes-Oxley Act requires every public company to save every record related to the audit process including all e-mails for 7 years. This reflects an important change in the role of e-mail as it has evolved to become a de-facto document and records repository for many businesses. E-mail has moved beyond the worldwide communication system it was intended to be. Managing e-mail as a corporate records repository has become another new storage management discipline. Much of the e-mail repository represents “data at rest” and is seldom referenced after a few days since it was created. Historically, encryption has been used only for data in transmission. Today, encrypting stored data or data at rest is becoming increasingly important, as data is still vulnerable to theft. Stealing encrypted data is of little value. Also, the metadata tags that generated from the approaching wave of security appliances will, in itself, become mission-critical data and require mirroring, encryption and a carefully implemented high-availability strategy.
Recent Impact Studies
In a recent spam study, market research firm Rockbridge Associates Inc. and the Center for Excellence in Service at the University of Maryland’s Robert H. Smith School of Business, estimated that deleting spam alone costs nearly $22 billion a year in lost worker productivity. The study was based on a survey of 1,000 adults and said the 78% who said they receive spam spend an average of three minutes deleting it each day they check their e-mail.
The costs and efforts associated with virus and worm attacks had stabilized in the past few years but they are now going up again. The research firm Computer Economics conducted an Impact of Malicious Code study and it estimates that worldwide damages in 2004 were about $17.5 billion, up from $13 billion last year. Nearly $11 billion in 2004 damages came from the MyDoom, Netsky, Bagle, and Sasser viruses. The 2004 CSI/FBI Computer Crime and Security Survey indicated that only 45% of the companies surveyed used intrusion prevention systems. Other recent surveys indicate that less than half of the customers questioned are protected by any type of disaster recovery plan! These surveys suggest a tremendous financial exposure resulting from damaged data still exists. Isn’t this 2005?
The growing threat of the damaged data dilemma is expected to create new jobs for information security professionals with an annual growth rate of 14% being projected through 2008 by IDC. The worldwide number of information security professionals is expected grow from 1.3 million to about 2.1 million workers over this period as a result. The expense resulting from data loss and the cost of additional security workers will add new dimensions to the IT profit and loss statements of many companies as a result. The overall impact of intrusion, combined with absorbing the financial load of government compliance, will make the CIO’s financial juggling act even tougher in the next few years.
Security appliances that provide fast and transparent access to encryption, compression, authentication and someday hopefully true biometric-based security services are appearing. These also improve spam/spyware detection and filtering and they can help identify open-relay servers which are used for spam forwarding, but the spammers have been able to stay ahead of these solutions by using programs that connect to databases of legitimate words, those not normally seen in spam, that randomly insert these words into e-mail to attempt to classify spam as a legitimate e-mail. For primary and secondary physical storage, legal data encryption, LUN masking, zone settings, remote vaults and replication technologies all improve the data-protection capability by limiting access rights and many good solutions are available.
Estimates suggest that 70% of all companies go out of business after a major data loss and about 20% of all businesses experience a major disaster that affects IT every five years. Approximately 35% of disaster-recovery plans work when tested, leaving a significant opportunity for improvement. As stated earlier, only about 45% of businesses are using an intrusion detection system. As the value of data increases daily, the threat to data security is also increasing and as a result, the overall security market is expected to grow from $17 billion in 2001 to nearly $45 billion in 2006 making it larger than the worldwide disk and tape markets combined. The damaged data dilemma mounts for the IT industry as we accelerate into the information age. CIOs and senior IT decision makers have no choice but to develop data protection strategies that go well beyond recovery for device and network failures. Even with the tools that are becoming available, can this growing security threat to digital data be averted?