Top five recommendations for avoiding data loss

Stephen Withers
Monday, 24 August 2009 13:58

Business IT - Technology

An industry expert shares with iTWire readers his top five tips for avoiding embarrassing or costly data loss. It's largely a matter of getting the basics right.

Eric Hibbard - a member of the SNIA Technical Council and a participant in various other industry bodies as well as being CTO of security and privacy at Hitachi Data Systems - is visiting Australia for the Security 2009 conference.

iTWire asked Hibbard for his top five suggestions to help avoid catastrophic data loss. (That's 'loss' in the sense of unauthorised access, not the corruption of or damage to storage devices.)

None of them are rocket science, and most are within the capabilities of even the smallest organisation. Hibbard's point is that they need to be done thoroughly.

1. Guard against basic mismanagement of identity

This covers basic steps such as ensuring that all default passwords are changed, and guarding against users sharing credentials or using the same credential (eg username and password) on multiple systems.

It's not enough to set the rules and expect users and administrators to comply: "you've got to check on [this]," he said.

2. Pay attention to applications and services, not just the operating system

"Attackers are moving up the stack," warns Hibbard. As operating systems are becoming increasingly hardened, attackers are increasingly likely to target web servers and other software.

Remote access and management software is a particular problem, he says, as it may be used to obtain access to data that is supposed to be protected.

Please read on for tips 3 to 5.