NOVATO, Calif.--(BUSINESS WIRE)--Organizations spend unprecedented amounts of money, time and resources ensuring critical data is secure inside the enterprise. But, there is a disconnect between the expectations of C-level executives and corresponding IT practices that creates a potential security gap. If a corporation does not perform due diligence before engaging the services of a data recovery vendor, it risks a data breach that could result in major financial and reputational damage. DriveSavers Data Recovery presents a 5-step roadmap for mitigating the potential risks of using data recovery services. Changes to internal policies and procedures, combined with contractual changes with third-party businesses handling the corporation’s data, will mitigate the risk posed by this security gap.
“In fact, hiring a data recovery provider is more often based on cost, turnaround time and geographic location of the vendor than on the risk exposure. Sending out sensitive corporate information is a security risk if the vendor has not been properly vetted and doesn’t meet the company’s security protocols.”
The gap occurs when essential enterprise or regulated data is lost or corrupted. In this crisis mode, many organizations send storage devices to third-party data recovery vendors without performing the proper due diligence, thus, exposing the organization to a potential breach. Closing this security gap and mitigating the risk is both simple and cost effective. The 5-step plan emphasizes utilizing policy changes pertaining to the organizations management of data loss/recovery and contractual changes governing how third-party business associates handle lost or corrupted data.
Information security expert Gary Gordon, managing partner at Bluewater International, comments, “Changes in regulations are demanding that companies, especially in government, healthcare and financial markets, monitor and take responsibility for the security of regulated data and the action of their third-party vendors handling the data; but that is not enough. There are no standards or best practices to follow; therefore the solution to this high impact risk requires policy and procedural changes. This will ensure confidentiality, integrity and availability of an organization’s sensitive information during the data recovery process.”
“Data recovery vendors are being used at least once a week by major corporate institutions, and in most cases, their C-level executives have no idea that confidential data has left their secure environment,” said Lynda Martel, executive director, government and enterprise business relations. “In fact, hiring a data recovery provider is more often based on cost, turnaround time and geographic location of the vendor than on the risk exposure. Sending out sensitive corporate information is a security risk if the vendor has not been properly vetted and doesn’t meet the company’s security protocols.”
The 5-step plan is outlined in a white paper recently released titled, “Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security.” Developed by DriveSavers Data Recovery and Bluewater International, the white paper is an excellent source for reviewing current policy for keeping data secure while using data recovery vendors. The following includes highlights of the 5-step roadmap:
Step 1 – Conduct gap analysis
Learn how to determine if this security gap exists within the organization.
Step 2 – Revise internal and external policies and procedures where
If the gap does exist, determine what internal policy, procedures and practices need to be revised.
Step 3 – Develop and operate enforcement mechanisms
Learn what is required to ensure the new policy, procedures, and/or practices are followed.
Step 4 – Modify contracts with third-party vendors to align with
See checklist for vetting third-party data recovery service providers in the white paper.
Step 5 – Ongoing monitoring of the third-party data recovery vendors.
Review performance-monitoring controls for data recovery service providers.
Click here to be directed to the white paper, Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security.
About DriveSavers Data Recovery
DriveSavers Data Recovery, the worldwide leader in data recovery, provides the fastest, most reliable and only certified secure data recovery service in the industry. All of the company’s services meet security protocols for financial, legal, corporate and healthcare industries and it is the only company that posts proof of its annual SSAE 16 SOC 2 Type II audit report and HIPAA data security and privacy compliance. DriveSavers Data Recovery adheres to US Government security protocols, the Gramm-Leach-Bliley Act Data Security Rule (GLBA), the Data-At-Rest mandate (DAR) and the Sarbanes-Oxley Act (SOX). DriveSavers Data Recovery engineers are trained and certified in all leading encryption and forensic technologies and operate a Certified ISO 5 cleanroom. Satisfied customers include: Bank of America, Google, Lucasfilm, NASA, Harvard University, St. Jude Children’s Research Hospital, US Army and Sandia National Laboratories.