What they cannot preclude, however, is the creation of a fraudulent record generated by an authorised person and therefore it is critical to have other physical and electronic checks within the overall system. An archive strategy seeking to address the issue of authenticity should therefore use a combination of WORM recording, media identification and digital signatures.
Disaster prevention and recovery
Archive data is often protected by short-term back-up and on-going duplication or system replication. But much is dependent on the criticality of the archive to the operation of the business, which implies how quickly the data needs to be accessed.
With disk archives, it is possible to have multiple disk failures that can result in significant loss of large pools of archive data and the only way to protect against this is to have some form of short-term backup or replication to cover lost data. Being forced to implement a backup strategy for a disk archive, however, negates any financial benefit, imposing additional cost, complexity and security exposure.
With tape there is also a high risk of massive data loss, since damage to just one tape can cause the loss of hundreds of gigabytes of archive data. Optical technology provides the most stable of all three storage backup technologies, since it is a non-magnetic, non-contact media that has a high tolerance to environmental conditions and requires no ongoing maintenance.
A replication strategy is also vital for any disaster recover plan, providing offsite data copies to preserve the archive in the even of a major site failure. There are pros and cons for replication with all three technologies.
Destruction of archive records can be as critical to system security as their preservation. Emails are a good example of this, since generally speaking they represent a greater liability than asset and most organisations would prefer to destroy them as soon as their statutory retention period has expired. There are two main methods for data destruction: logical and physical. Either method may be acceptable, but complete destruction of the file, which leaves no residual or shadow image that could be recovered is often a business necessity. This type of dynamic physical destruction is not possible with tape media, is a time consuming and awkward process with disk but can be achieved quickly and easily through UDO.
Companies that cannot prove that they have managed their records as part of a well-controlled process will undermine their ability to comply with regulations. As a result, all secure environments must have the ability to track and audit the management of their archive data. This should include how the data is committed to archive, who has accessed the data, changes to the status of the data throughout its lifecycle and the authorisation of data destruction at end-of-life.
It is also vital to remember that an archive cannot be considered ‘secure’ if the data is, for whatever reason, no long accessible.
Because archived data is retained for many years, the longevity of the storage media plays an important role in the lifecycle of the data. If records must be preserved for decades, it will be necessary to repeatedly migrate the data to new technologies over time. What is important is that within a normal obsolescence cycle, the integrity of the data on the media remains secure. The important factors to consider are that disks will need ongoing maintenance and upgrades, while tapes are extremely fragile and must be monitored and refreshed. Optical storage provides the longest and most stable media life of the available technology options.
Summing-up, it is apparent that choosing an appropriate storage technology can have a major impact on security, as well as the cost and operation of the archive. Disk, tape and optical can all be used, but each introduces weaknesses that must be accounted for within an overall risk assessment and may impact upon the overall business risk profile.