Information security's new look

A computer backup once meant sticking a floppy disk in the desk drawer.

But as the Gulf Coast natural disasters have reinforced, that's not enough these days.

The new norm calls for redundant servers in at least two places,with off-site storage of encrypted data not merely in town, but far away, says Ira Victor,managing partner of DataClone, Inc.

Finally, he says,when DataClone installs an automated backup system, the data backup is encrypted before being sent via the Internet to a vault.

The DataClone customer is the sole keeper of a 30-plus character password.Without the password for retrieval, the info is eternally gibberish.

If the password is lost, DataClone cannot provide it.

It belongs solely to the client.

Even with all this, says Victor,"Anyone who promises 100 percent security is either dumb or a liar." Founded in 2004, the Reno-based DataClone employs six, along with Yuval Brash, its managing partner.

E-mail is a weak spot in data backup, says Victor.

"Email has become the new file server.

Vital business information is sent and stored in email.

But backup is typically inadequate or non-existent."

Laptops are another weak spot for many in a mobile workforce.

"Hard drives wear out like sneakers do only you can't see it wearing out.

It goes suddenly," says Victor.

Fax and printer security? "You can hack a network through a printer," says Victor.

Plus, a hacker can access info stored in the print queue.

A fax machine can be hacked, too.

Manufacturers added a secret back door to printer technology, so techs can remotely access it for repair.

Plus, some information technology people, whose job is to make things work, leave the access open for their convenience.

Gulf Coast hurricanes should bring more attention to the question of computer security, Victor says.

"Now that the business records of an entire city have vanished, nobody can dispute that there are sound practical reasons for offsite backup of critical data," he says."Many businesses, health care providers and government entities are woefully unprepared for a major disaster that destroys their critical information assets."

But organizations searching for a datasecurity firm are likely to be stymied when they ask for references.

"Good security people do not reveal their clients," says Victor."You want to have a low profile."

A better way to choose a security provider: check its security credentials with groups such the International Council for Computer Communication; Certified Information Systems Security Professionals; the Disaster Recovery Institute or and SANS Institute.

Finally, ask if the company is ISO 17799 compliant.

That means it meets requirements set by an international standards organization.

The future of data backup? "We are in an early growth phase because awareness of liability is just beginning," says Victor."The laws and lawsuits are just beginning.

What we've seen so far is like the first dandelion of spring; you just have no idea what your lawn will look like come summer." Homeland Security in Reno to discuss information security Speakers from the Federal Department of Homeland Security visit Reno Oct.

20 to speak at the monthly meeting of InfraGard.

The speakers will outline efforts to combat cyber crime and protect the nation's critical infrastructure: water, power, and the financial grid.

Information Technology workers from business, government, and utilities are invited to attend; the general public is also welcome.

The session is from 11:30 a.m.

to 2 p.m.

at the Sierra Pacific Power Company on Neil Road.

Lunch is provided.

Ira Victor, the program director for the Sierra Nevada Chapter of InfraGard, with about 125 members, says InfraGard is an FBI program begun in 1996 to gain support from the IT industry for FBI investigative efforts in the cyber arena.

Information is at the Web site www.infragard.net.