DriveSavers Library

DriveSavers library

Data Security During Data Recovery

  • Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security
    Source: Lynda C. Martel, Director, Government & Enterprise Business RelationsDriveSavers Data Recovery, Inc. and Gary R. Gordon, Ed.D., Managing Partner – Bluewater International
    If a data storage device has failed, resulting in lost or corrupted digital data, few corporations have the internal resources to recover that data, especially in the case of a mechanical failure. The device must be sent to a data recovery vendor. These devices often hold critical IP, financial databases, accounting files, email exchanges, customer records and PHI. Therefore, data recovery organizations must be classified as high-risk vendors. However, most of the data recovery industry does not meet best practice standards to ensure data security. If a corporation does not perform due diligence before engaging the services of a data recovery vendor, it runs the risk of a data breach that will result in major financial and reputational damage. The good news is that changes to internal policies and procedures, combined with contractual changes with third-party businesses handling the corporation’s data, will mitigate the risk posed by this security gap. This white paper outlines 5 steps to mitigate the risk of using data recovery vendors. Download White Paper
  • Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security
    Source: American National Standards Institute
    The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security explores the reputational, financial, legal, operational and clinical repercussions of a protected health information (PHI) breach on an organization, and provides a 5-step method—PHI Value Estimator (PHIve)—to assess specific security risks and build a business case for enhanced PHI security.  It also offers information about the stakeholders involved in the health care ecosystem, the evolution of laws, rules and regulations designed to protect PHI, the causes and increasing number of data breaches, the most common threats and vulnerabilities to the security of PHI, safeguards and controls that organizations can put in place to mitigate the risk of a breach, and current industry practices and attitudes for protecting PHI, based on a survey. Download the ANSI Study
  • Trends in the Security of Data Recovery Operations
    Source: Ponemon Institute
    This is the second national study conducted among IT security professionals and IT support practitioners on the security of data recovery operations for business and government organizations. Drive failures are increasing, the use of third-party data recovery vendors is on the rise, and more data breaches are occurring as a result. Find out why. Download White Paper
  • NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems
    Source: National Institute of Standards of Technology—U.S. Department of Commerce
    This NIST publication provides instructions, recommendations and considerations for federal information system contingency planning. Paragraph #5 of Section 5.1.3 (Protection of Resources) notes that: “Organizations should consider the security risk of having their data handled by an outside (data recovery) company and ensure that proper security vetting of the service provider is conducted before turning over equipment.” NIST added this language three months after learning about the risk of using third-party data recovery service providers that do not have proper data privacy and data security protocols in place. Read Guideline
  • HEIT Thought Leadership Paper: “Data Recovery Sleeper Risk”
    Source: Paul Reymann, Chief Risk Officer at HEIT and co-author of the Gramm-Leach Bliley Act Data Protection Rule
    Reymann comments on the risks of using data recovery vendors who have not been properly vetted. This white paper cites new regulatory and industry guidelines created to help organizations mitigate the risk, and best practices for engaging third-party data recovery vendors. Download White Paper
  • GCN Article: “Closing An Overlooked Vulnerability”
    Source: Henry Kenyon, GCN Magazine
    An interview with Marianne Swanson, NIST’s senior advisor for information systems security, about the importance of vetting third-party data recovery vendors. Read Case Study
  • Security of Data Recovery Operations
    Source: Ponemon Institute
    This is the first national study conducted among IT security professionals and IT support practitioners on the security of data recovery operations for business and government organizations. By following these recommended protocols, organizations can quickly gain control over a practice that is putting sensitive and confidential data at risk. Download White Paper
  • Checklist of Security Protocols for Data Recovery Service Providers
    Source: Ponemon Institute
    The National Institute of Standards and Technology recommends that third-party data recovery service providers be properly vetted before turning over data storage equipment to them for recovery. This vetting checklist was recommended by InfoSec professionals participating in the Ponemon Institute’s study on the “Security of Data Recovery Operations”. View Checklist
  • Third-Party Data Recovery: A Sleeper Risk in Most Information Security Programs
    Source: Paul Reymann, CEO of the Reymann Group
    Reymann, one of the nation’s foremost experts on regulatory compliance and information risk-management, comments on the growing market of data recovery service providers, and the risk of sending data storage devices out to such vendors before vetting their data security protocols. Read Article
  • Is Your Data Recovery Solution a Data Security Problem
    Source: DriveSavers CISO, Michael Hall
    Data breach must be a consideration anywhere critical data can be accessed. If your data recovery service provider’s network is hacked, and critical customer data is accessed your company could be liable. This document outlines data security standards and protocols that should be adhered to by the data recovery provider. Download White Paper

DriveSavers Capabilities

  • DriveSavers Government Solutions
    Learn about our “Defense-in-Depth” data security architecture and certified encryption experts. View Government Solutions
  • DriveSavers RAID Recovery Services
    Find out about our Enterprise Systems Group’s RAID and encrypted data recovery experts. View RAID Recovery Services

Case Studies

  • Virtual Machine Data Recovery on RAID and SAN
    An entire U.S. school district’s data was lost when twelve virtual machines running on an enterprise class SAN with multiple redundant layers went down. After significant engineering effort, DriveSavers enterprise recovery engineers were able to get the SAN back on line, the cluster rebuilt and perform twelve individual recoveries to verify the data on each of the virtual machines. Within a remarkable two-day time span, DriveSavers recovered all the lost data. Read Case Study
  • Mat Honan’s Epic Hack’s senior writer, Mat Honan, lost more than a year’s worth of documents, emails and irreplaceable pictures. Read how DriveSavers engineers have taken the leading edge in SSD and NAND flash-based storage device recoveries. Read Case Study
  • Mad Media Case Study
    8TB of irreplaceable X Games footage was lost due to a series of power surges during the Southern California wildfires. Learn how DriveSavers turned a gut-wrenching loss into an extreme recovery. Read Case Study
  • BLAST Research Project Case Study
    Six years of research was almost lost to Antarctica’s harsh tundra. Learn how DriveSavers saved the day, and the project. Read Case Study
  • United States Air Force Case Study
    Crucial data from Shaw Air Force Base was lost when a RAID crashed. Read Case Study
  • Salvation Army Case Study
    Drives containing accounting files for 40 offices were submerged in chemical-laden waters.
    Read Case Study
Print Friendly, PDF & Email