An article run by ComputerWorld describes how medical records owned by the University of Miami that were being transported off-site (for redundant disaster recovery in the case of hurricanes or other natural disasters) were stolen while in-transit.  The company hired by the University to transfer the tapes was Archive America.  The tapes contained names, addresses, and social security numbers (among other things, including financial data for at least 47,000 people) of all patients of the University's medical services since Jan. 1, 1999.

Naturally, University officials have spun the event, and are discounting the event as noteworthy by claiming that the data on the tapes was encrypted and compressed.  They said that they hired a computer forensics company to try and recover data from similar tapes.  The forensics company claims that they "tried for days" to recover data from the tapes, but was unable to.  This lead University officials to conclude that "it's very difficult to extract that information."

If you use tapes to store backup data, and if you transport that data offsite, your data is vulnerable to theft.  You can hedge your bet by using proprietary tools to encrypt, encode, and compress the data.  But the University of Miami shouldn't allow itself to feel comfortable about that data being missing just because one forensics company was unable to break the encryption "for days".  (Note that the article was published a week after the announcement of the incident by the University, which was a month after the incident.  At most, the forensics company only tried for 3-4 weeks, but more likely less.)

The records of two million  people!  How many resources, and how many days (weeks, months, or even years!) would a criminal organization be willing to spend in order to crack that data?  The fact is that their data is at the disposal of a criminal, who is currently free to throw as many resources at the project as they can muster, for as long as they want, until they are satisfied.  Even if it took them a couple of years to do it, once the data is recovered, it's a serious problem.  And the University of Miami has no idea how long and how hard the criminals are going to try!

But assume for a second that the "proprietary compression and encoding tools" the University used actually provide sufficient protection against a breach.  Apply this situation to the typical small business - what small business has the resources to find (or create) a proprietary tool to encode and compress data on tape?  Most small business who even back their data up at all are using very well-known off-the-shelf tools like Backup Exec from Veritas/Symantec or or ArcServe from Computer Associates.  Their data typically sits on tapes in an unsecure server closet.  Those who do take them offsite do not use armored services - they often just throw them in a briefcase.  In either case, their data is vastly more accessible than the two million patient records stolen from the University of Miami.

Using a network-based offsite data backup strategy would have prevented this problem from occurring.  In the past,  such solutions lacked elegance, infrastructure, and affordability to be useful to small businesses.  Today, solutions abound that are a great fit for small businesses.

My Guaranteed Data(tm) from Armor Data Systems(tm) is one such solution, but with a twist: A Rock Solid Guarantee.  We not only back your data up, but we guarantee that it will be there when you need it.  Our offsite data backup is stored in a hardened building that has three levels of authentication just to be able to get to the hardware where the data is stored: an electronic signature that must be sent from a fob (in two different locations), a biometric authentication process that only a few people on earth could pass, and a physical access barrier.  On the hardware, the data itself is strongly encrypted using encryption techniques that are known to be improbably difficult to break. (I would say "impossibly difficult", but the mathematician in me knows better.  All current encryption algorithms can be broken, given enough time and computing power; the strongest algorithms on earth would take all of the known computing power in the universe more than 4 billion years to crack... it's improbable that anyone will every break them with current computing power, but it's TECHNICALLY not impossible:)  The data encryption that we use is the same that is in use by the U.S. government and its military, and by banks and other financial institutions all over the world.  With My Guaranteed Data(tm), your data is about as safe as it can be!

As you consider your disaster recovery strategy, you should consider these two things:

1. The need to store your data offsite
2. The need for your offsite data to be safe 

Using tapes clearly isn't the best solution...

Click here to register for your Guaranteed Data Backup!