Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security Source: Lynda C. Martel, Director, Government & Enterprise Business RelationsDriveSavers Data Recovery, Inc. and Gary R. Gordon, Ed.D., Managing Partner – Bluewater International If a data storage device has failed, resulting in lost or corrupted digital data, few corporations have the internal resources to recover that data, especially in the case of a mechanical failure. The device must be sent to a data recovery vendor. These devices often hold critical IP, financial databases, accounting files, email exchanges, customer records and PHI. Therefore, data recovery organizations must be classified as high-risk vendors. However, most of the data recovery industry does not meet best practice standards to ensure data security. If a corporation does not perform due diligence before engaging the services of a data recovery vendor, it runs the risk of a data breach that will result in major financial and reputational damage. The good news is that changes to internal policies and procedures, combined with contractual changes with third-party businesses handling the corporation’s data, will mitigate the risk posed by this security gap. This white paper outlines 5 steps to mitigate the risk of using data recovery vendors. Download White Paper
Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security Source: American National Standards Institute The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security explores the reputational, financial, legal, operational and clinical repercussions of a protected health information (PHI) breach on an organization, and provides a 5-step method—PHI Value Estimator (PHIve)—to assess specific security risks and build a business case for enhanced PHI security. It also offers information about the stakeholders involved in the health care ecosystem, the evolution of laws, rules and regulations designed to protect PHI, the causes and increasing number of data breaches, the most common threats and vulnerabilities to the security of PHI, safeguards and controls that organizations can put in place to mitigate the risk of a breach, and current industry practices and attitudes for protecting PHI, based on a survey. Download the ANSI Study
Trends in the Security of Data Recovery Operations Source: Ponemon Institute This is the second national study conducted among IT security professionals and IT support practitioners on the security of data recovery operations for business and government organizations. Drive failures are increasing, the use of third-party data recovery vendors is on the rise, and more data breaches are occurring as a result. Find out why. Download White Paper
NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems Source: National Institute of Standards of Technology—U.S. Department of Commerce This NIST publication provides instructions, recommendations and considerations for federal information system contingency planning. Paragraph #5 of Section 5.1.3 (Protection of Resources) notes that: “Organizations should consider the security risk of having their data handled by an outside (data recovery) company and ensure that proper security vetting of the service provider is conducted before turning over equipment.” NIST added this language three months after learning about the risk of using third-party data recovery service providers that do not have proper data privacy and data security protocols in place. Read Guideline
HEIT Thought Leadership Paper: “Data Recovery Sleeper Risk” Source: Paul Reymann, Chief Risk Officer at HEIT and co-author of the Gramm-Leach Bliley Act Data Protection Rule Reymann comments on the risks of using data recovery vendors who have not been properly vetted. This white paper cites new regulatory and industry guidelines created to help organizations mitigate the risk, and best practices for engaging third-party data recovery vendors. Download White Paper
GCN Article: “Closing An Overlooked Vulnerability” Source: Henry Kenyon, GCN Magazine An interview with Marianne Swanson, NIST’s senior advisor for information systems security, about the importance of vetting third-party data recovery vendors. Read Case Study
Security of Data Recovery Operations Source: Ponemon Institute This is the first national study conducted among IT security professionals and IT support practitioners on the security of data recovery operations for business and government organizations. By following these recommended protocols, organizations can quickly gain control over a practice that is putting sensitive and confidential data at risk. Download White Paper
Checklist of Security Protocols for Data Recovery Service Providers Source: Ponemon Institute The National Institute of Standards and Technology recommends that third-party data recovery service providers be properly vetted before turning over data storage equipment to them for recovery. This vetting checklist was recommended by InfoSec professionals participating in the Ponemon Institute’s study on the “Security of Data Recovery Operations”. View Checklist
Third-Party Data Recovery: A Sleeper Risk in Most Information Security Programs Source: Paul Reymann, CEO of the Reymann Group Reymann, one of the nation’s foremost experts on regulatory compliance and information risk-management, comments on the growing market of data recovery service providers, and the risk of sending data storage devices out to such vendors before vetting their data security protocols. Read Article
Is Your Data Recovery Solution a Data Security Problem Source: DriveSavers CISO, Michael Hall Data breach must be a consideration anywhere critical data can be accessed. If your data recovery service provider’s network is hacked, and critical customer data is accessed your company could be liable. This document outlines data security standards and protocols that should be adhered to by the data recovery provider. Download White Paper
Virtual Machine Data Recovery on RAID and SAN An entire U.S. school district’s data was lost when twelve virtual machines running on an enterprise class SAN with multiple redundant layers went down. After significant engineering effort, DriveSavers enterprise recovery engineers were able to get the SAN back on line, the cluster rebuilt and perform twelve individual recoveries to verify the data on each of the virtual machines. Within a remarkable two-day time span, DriveSavers recovered all the lost data. Read Case Study
Mat Honan’s Epic Hack Wired.com’s senior writer, Mat Honan, lost more than a year’s worth of documents, emails and irreplaceable pictures. Read how DriveSavers engineers have taken the leading edge in SSD and NAND flash-based storage device recoveries. Read Case Study
Mad Media Case Study 8TB of irreplaceable X Games footage was lost due to a series of power surges during the Southern California wildfires. Learn how DriveSavers turned a gut-wrenching loss into an extreme recovery. Read Case Study
BLAST Research Project Case Study Six years of research was almost lost to Antarctica’s harsh tundra. Learn how DriveSavers saved the day, and the project. Read Case Study
United States Air Force Case Study Crucial data from Shaw Air Force Base was lost when a RAID crashed. Read Case Study
Salvation Army Case Study Drives containing accounting files for 40 offices were submerged in chemical-laden waters. Read Case Study
Free Shipping · Free Evaluation No Data, No Charge!
Top 5 Reasons to Choose DriveSavers
30 Years Experience
We've helped hundreds of thousands of customers who have lost data.
Your data is safe at DriveSavers. Annual audits and inspections from independent third-parties confirm we are the most secure.
ISO Class 5 Cleanroom
DriveSavers invested over $2 million to build the world's most advanced Cleanroom, and meet manufacturer standards. This dust and static free environment helps us maintain the highest success rate in the industry.