Over the last few years “security” has increasingly been
associated with the term “privacy”. It wasn’t always the
case though. At the turn of the millennium the first thing
that would have jumped in to an IT managers mind if you
mentioned the word “security” would probably have been something
to do with Website defacements. Half a decade before that,
the word association upon mentioning “security” probably would
have been “password” or even “encryption” (depending upon which
side of the IT world they had evolved from). The point
being that not only does security mean different things to
different people, but it also means different things at
different times.
Not too long ago, (unless you’ve already condemned your memory
of floppy disks and magnetic tapes to an inconvenient ancient
history) “security” would have been strongly associated with
data storage (i.e. how do I keep my important company records
secure for years?). A lot of IT security discussions at
the time typically revolved around who had the keys to the safe
containing the data tape backups along with evaluations of just
how secure the offsite transport and storage company was.
Data Recovery
Anyhow this got me thinking about the topic of secure data
storage. Or, in particular, given all those tape backups
that were made in the last 10 years, how easily could you
restore the data upon them?
Taking in to account how rapidly the data backup market has
changed – the iterative releases of new software, this company
buying that one, all the different tape formats and capacity
changes, and changing strategies for data encryption – how do
companies manage?
As you’d expect, different companies have adopted different
strategies ranging from keeping a veritable Noah’s Ark of pairs
of old tape readers and original backup software installations,
through to reducing the data retention policies to such a level
that the technology changes become a mute point as “legacy” data
backups are simply thrown away by the time the backup technology
has changed.
Data Retention
That said, what do you do if you have to keep all the electronic
data you’re generating today and still be assured access it in a
decade’s time? What about 20 years? How about 100
years?
While Search companies are now talking about adopting retention
policies for personal data of only 18 months, most companies are
required to keep certain types of data for quite a bit longer.
However, for some industries the requirement to keep today’s
data for decades is fundamental to their business. Most
notably the Insurance industry – they often have to keep policy
and claim records for the lifetime of the policy holder (and a
little bit beyond that), so it’s not uncommon for them to have
to refer to data that’s 100 years old.
I guess you’re probably thinking that that’s not too much of a
problem. They probably have vaults with all the original
paperwork and all they have to do is go down there and dig it
out when needed. But what about their new customer’s
creating policies today? Are they similarly adding new
isles of document storage to overflowing basements, or have they
embraced the digital age?
Since we’ve already observed the problems with evolutionary
developments in data formats and backup media, what storage
medium do you think these organizations have adopted to see them
through the next hundred years?
Cutting-edge Storage
If you’re thinking that the insurance have adopted some
super-secret cutting-edge indestructible next generation HD-DVD
storage medium, think again.
The solution is
Microfiche. Yes, you read it right, those acetate
pages with microscopic writing that can only be read with a big
magnifying glass and a strong light – the same things you used
to have to use at the library to look up book information, etc.
Instead of trying to store the electronic data in proprietary
document formats that change every two-three years, or copy data
onto the latest digital media, they’ve opted to print copies of
all their documents directly on to microfiche film (in fact some
organizations have been doing this for decades now).
I remember being rather surprised at the time but, you know
what, it sounds like a pretty good long-term storage medium with
a well proven document recovery processes.
Off-topic
I wonder how many of the big data breaches we’ve observed so far
this year would have been foiled (no pun intended) if those
organizations had migrated their old data on to slithers of
plastic microfiche sheet instead?
Getting back on topic though – “security”.
As threats continue to evolve, we can expect to see the everyday
word association for “security” to likewise change. If I
had to hedge my bets, I’d guess that the most common name
association in a couple of years time would probably be either
“identity” or “leakage” – governed to a large extent by how
future threats evolve within the mobile handset and RFID fields,
and how personal these attacks eventually become.
Moving beyond a couple of years… no idea… (but plenty of
guesses).