Every few months, there's another horror story about lost tapes or stolen laptops, and we're left wondering if the information stored on the missing media will be put to some nefarious use, thereby adding personal injury to a public relations insult.

The importance of protecting these media has become a no-brainer. But managers are often hampered in their efforts because they buy into one or more of the following six myths of movable media:

Myth 1: Tapes are obsolete

The humble magnetic tape, a seeming relic of the mainframe and batch-processing era, has given way in some instances to disk-to-disk back ups to remote sites over networks. But for rapid and efficient back up, archiving and restoration of large quantities of data, there's no beating tape.

Iron Mountain offers both data back up over a network connection and tape storage at its sites. "In a disaster scenario, when time is of the essence, there is nothing more efficient than putting a collection of tapes in a vehicle and driving it to a recovery site," says Ken Rubin, a senior vice president at the information protection and storage company. "And the bandwidth limitations on transporting terabytes or petabytes of data over the line make that impractical."

Still, some users want to move on. "We are trying to get out of the tape business because of the threat of physical loss," says Christopher Leach, chief information security officer at Affiliated Computer Services. He says ACS is setting up a service to send encrypted data back ups to clients via a Web browser if the files aren't too big.

Myth 2: Protecting tapes and laptops is a job for technical people

The protection of information technology is, of course, a job for IT. But there is a big and often overlooked role for others in the organization as well.

New York State CIO Melodie Mayberry-Stewart draws on a 12-person legal team to research best security practices, especially in the financial industry. Some of those people specialize in areas such as encryption and telecommunications, she says.

In addition, she has a separate team of technologists who specialize in security and risk management. Mayberry-Stewart says the lawyers negotiate "painstakingly detailed" contracts and "memoranda of understanding on service levels" with companies such as Iron Mountain that transport and store the state's tapes - some 4,000 per month - from four mainframe datacenters.

At Sun Microsystems, tapes are created at seven datacenters around the world. While each center manages its own data-retention processes, "they don't get to make up all their own rules," says Leslie Lambert, Sun's chief information security officer. So where do the rules, policies and procedures come from? "We have a very vigilant legal team, a privacy team, a business conduct team, internal auditors, external auditors and an information protection law group - all working together," she says.

Leach says keeping up with state and federal regulations on data protection and retention demands human expertise, but it's such a daunting task that he gets automated help via risk and compliance management software from Relational Security.

Related Articles

• Are You Ready for a Disaster?
• Why CIOs Are Turning To Storage Virtualization
• Data Backup: Keep it Secure
• Store Or Throw?
• How to Survive a Merger or Acquisition

Latest Articles

• The Quiet Threat: Cyber Spies are Already in your Systems
• Responding to Security Questions Successfully
• Security Secrets the Bad Guys Don't Want You to Know
• Don't Wait for Adobe Sandboxing to Secure PDF Viewing
• The 4 Tiers of a Secure B2B Framework