New White Paper Outlines How Data Recovery Services Are Low Profile, High-Risk Security Gap
Washington, DC November 13, 2012 – Organizations spend an unprecedented amount of money towards the cost of keeping IT systems operating and vital data secure, but what has recently been exposed is that few organizations have policies and procedures in place to handle the aftermath of lost or corrupted data. Today, DriveSavers Inc., and Bluewater International are releasing a White Paper discussing the importance of implementing such policies and procedures while fully vetting the third party vendors tasked with your organizations data recovery.
“Data recovery vendors are being used at least once a week by major corporate institutions, and in most cases, their C-level executives have no idea,” said Lynda Martel, Executive Director, Government and Enterprise Business Relations at DriveSavers Data Recovery. “In fact, hiring a data recovery provider is more often based on cost, turnaround time, and geographic location of the vendor than on the risk exposure. Sending out sensitive corporate information is a security risk if the vendor has not been properly vetted and doesn’t meet the company’s security protocols.”
Bluewater International’s White Paper will provide a better understanding of the importance of implementing policies and procedures for data loss and recovery. Closing this security gap and mitigating the risk is both simple and cost effective. Bluewater International’s Risk management team emphasizes utilizing policy changes pertaining to the organizations management of data loss/recovery, and contractual changes governing how third party business associates handle lost or corrupted data.
The following excerpt from a 5-step plan provided by Bluewater International and DriveSavers is an excellent resource to use as your leadership team reviews current policy:
Step 1 – Conduct gap analysis “Determine if this security gap exists with the organization.” A list of questions to assist in gap analysis is available in the White Paper.
Step 2 – Revise internal and external policies and procedures where needed “If the gap does exist, determine what internal policy, procedures and practices need to be revised.” Refer to the White Paper for an outline of what modifications may be needed.
Step 3 – Develop and operate enforcement mechanisms “Revising the policy, procedures and practices to mitigate the gap is the first step.” Learn what is required to ensure that the new policy, procedures and/or practices are followed in the White Paper.
Step 4 – Modify contracts with third-party vendors to align with internal changes. “See checklist for vetting third-party data recovery service providers in the White Paper.”
Step 5 – Ongoing monitoring of the third-party data recovery vendors. A list of performance-monitoring controls for data recovery service providers is available in the White Paper.
“Changes in regulations are demanding that companies, especially in government, health care and financial markets, monitor and take responsibility for the security of regulated data and the action of their third-party vendors handling the data, but that is not enough,” said Gary Gordon, Ed.D., Managing Partner at Bluewater International. “There are no standards or best practices to follow, therefore the solution to this high impact risk requires policy and procedural changes. This will insure confidentiality, integrity and availability of an organization’s sensitive information during the data recovery process.”
Data recovery service providers will play a greater role in the corporation’s information life cycle, as the number and complexity of devices increase to facilitate the flow of information wherever it resides. Bluewater International and its strategic partners are working together in creating a roadmap for organizations to insure that the confidentiality, integrity, and availability of the organization’s sensitive information are maintained during the recovery process.
Click here to be directed to the full white paper, Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security.
About Bluewater International
Bluewater International delivers strategic knowledge, relationships, and resources to drive measurable growth for their clients while providing all the benefits of a seasoned, successful, executive boardroom, without the recruiting risk or outsized fees. Bluewater International works with select companies, investing their human capital upfront, while aligning their success with their clients. Bluewater International executives possess both operational and executive leadership experience in homeland security, cyber security, information management, and energy.
About DriveSavers Data Recovery
DriveSavers Data Recovery, the worldwide leader in data recovery, provides the fastest, most reliable and only certified secure data recovery service in the industry. All of the company’s services meet security protocols for financial, legal, corporate and healthcare industries and posts proof of its SOC 2 Type II audit report and HIPAA data security and privacy compliance. DriveSavers Data Recovery adheres to US Government security protocols, the Gramm-Leach-Bliley Act Data Security Rule (GLBA), the Data-At-Rest mandate (DAR) and the Sarbanes-Oxley Act (SOX). DriveSavers Data Recovery engineers are trained and certified in all leading encryption and forensics technologies and operate a Certified ISO 5 cleanroom. Satisfied customers include: Bank of America, Google, Lucasfilm, NASA, Harvard University, St. Jude Children’s Research Hospital, U.S. Army and Sandia National Laboratories.
For more information contact Bluewater