Data breaches continue to dominate the IT newscape, with bigger and uglier data breaches being announced on a weekly basis. Just in the past couple of days (since April 10, 2008), perhaps 50 thousand or more records were breached in four separate events. In one single breach on April 11, 2008, New York Presbyterian Hospital reported that employees may have stolen 40,000 records containing the names, phone numbers and, in some cases, social security numbers of some of its patients. You can track the on-going data breach avalanche at Privacy Rights Clearinghouse web site if you so choose. All of the public data breaches since the beginning of 2005 are chronicled there.
Of course, the proper response is to implement a comprehensive data protection plan that includes proper security, authorization, encryption, auditing, and backup. But you should also consider the benefits that can accrue by adopting a comprehensive database archiving strategy for your data.
Database Archiving is the process of removing selected data records from operational databases that are not expected to be referenced again and storing them in an archive data store where they can be retrieved if needed.
But how can database archiving help combat data breaches? Well, let’s think about this. Operational systems are more prone to attack than archived ones. This is so because operational systems are more visible and active. Once data is archived it typically is not accessible using the operational transactions and reports.
Archiving inactive data that must be retained reduces the temptation of internal breach because the data is not as readily available. Likewise, database archiving can reduce the possibility of external breach because archived data is not usually exposed to large numbers of users over vast networks.
Further protection can be bestowed upon your archive by using digital signatures and encryption. Encryption techniques on archived data are less problematic than operational data because response time and performance is not as critical for the archive.
Obviously data breaches are a big, lingering problem. And data breaches can be very costly; we’ve discussed the cost of a data breach in this blog previously (click here for more details).
The bottom line is that archiving your data as soon as it is no longer required for operational purposes will minimize the risk of a breach. Of course, this is not the primary reason to archive data (that is to preserve your data for long periods of time in a storage construct that is designed for long-term retention and preservation of data).
So, to combat the risk of data breaches, consider developing a comprehensive database archiving plan to protect your valuable data assets.