“Can you trust your data recovery vendor?”

---

Can you trust your data recovery vendor? Posted: 04 Sep 2010 04:57 AM PDT Can you trust your data recovery vendor? NIST guidelines seek to shore up lax vetting practices that can leave agencies vulnerable Many government and private-sector organizations consider recovering data from damaged laptop PC hard drives to be a minor budget item that third-party vendors can best handle. But a seemingly inexpensive fix could lead to compromised or stolen data, network breaches and other security nightmares because organizations typically do not vet data recovery vendors. The National Institute of Standards and Technology has issued new guidelines to resolve that problem, but it will be at least a year before agencies are required to fully comply with it. When recovering intellectual property or sensitive documents stored in damaged equipment, major security problems can arise if agencies or companies have not paid attention to vetting data recovery vendors, experts say. The NIST guidance, which appeared as part of the institute's Special Publication 800-34 Rev 1, "Contingency Planning Guide for Federal Information Systems," represents a small part of the publication that covers the entire breadth of data recovery procedures for federal agencies, said Marianne Swanson, NIST's senior adviser for information systems security. Related coverage: What customers want from data recovery companies — besides their data back Cloud computing is not always helpful in data recovery The section about vetting data recovery vendors consists of a few sentences that state: "Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non-disclosure agreements, be properly bonded and adhere to organization-specific security policies." NIST published the document, a revision to an older version, in June, and agencies have as long as a year to begin implementing its guidelines, Swanson said.  This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

You are subscribed to email updates from Content Keyword RSS To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610