Quis custodiet ipsos custodes?
Or, in this case, who protects you from the person who protects your data? According to a recent study by the Ponemon Institute, Trends in Security of Data Recovery Operations, the very third-party data recovery services that can help you get your data back might be helping themselves to your data, too.
We surveyed 769 IT security and IT support practitioners who are involved in their organization’s data security or data recovery operations. According to the findings, 85 percent of these respondents report their organizations have used or will continue to use a third-party data recovery service provider to recover lost data. This is an increase from 79 percent in the previous study. We also learned that organizations are frequently using a third party when a device crashes. In fact, 37 percent use multiple third parties and 39 percent say they use third parties at least once each week or more. However, the vetting of these data recovery service providers is considered fair by 30 percent of respondents and 9 percent say it is poor.”
This sort of problem isn’t new, and isn’t limited to corporations, but the problem is getting worse, Ponemon says:
A large percentage of respondents in this study report their organization has had at least one data breach (87 percent) in the past two years. (This is consistent with other Ponemon Institute studies about the prevalence of data breaches). Of the 87 percent who say their organization had a data breach, 21 percent say the breach occurred when a drive was in the possession of a third-party data recovery service provider. This is an increase from 19 percent in the previous study. In many cases, respondents point to the data recovery service provider’s lack of security that led to the data breach.”
Note, too, that this doesn’t mean the third-party data recovery service itself hires crooks, but that the security at the service itself might be lacking and serve as an enticing honeypot for criminal hackers. For example, in May 2011, Co-operative Life Planning’s funeral planning division discovered that the personal data of 83,000 customers was leaked after a data recovery firm was called in after a hard disk failure. Although the work was successful, the data was retained on the servers of the data recovery company, and their servers were then hacked into. (But no doubt it’s the owner of the data, not the recovery company, that has to deal with notifying the users involved.)
So, what to do? The Ponemon report offers some suggestions on how to pick a reputable firm, and DriveSavers offers a (somewhat dated, 2009) white paper with similar suggestions.
The important thing, Ponemon says, is that organizations need to consider security as a primary factor in selecting such companies. Notes the study:
The majority of respondents in our study either report to the Chief Information Officer or Chief Information Security Officer. Fifty-nine percent are at or above the supervisory level. These individuals believe that their organizations are making decisions about who will handle the data recovery process based on the speed of service, successful rate of recovery and overall quality of service rather than data security. As a result, only 28 percent see data security as a main criterion for determining the adequacy of third-party data recovery service providers.”
To give you an idea of IBM’s accomplishment of storing one bit of data in 12 atoms, or one byte of data in 96 atoms, of iron on a surface of copper nitride, the equivalent would be a 10, 416-terabyte drive in the size of a 1 TB drive today.* That’s because, according to the New York Times, “Until now, the most advanced magnetic storage systems have needed about one million atoms** to store a digital 1 or 0.”
This was all done at IBM’s Almaden Research Center in San Jose, Calif., which took five years to do it. Which means, because it was IBM, the scientists then used the teeny weeny storage device — where each atom has to be manipulated by hand using a device the size of a room — to spell out IBM’s motto, “Think.” Good thing they didn’t work at Microsoft, where they would have had to painstakingly spell out, “Where do you want to go today?”
Of course, this is one of those “ignore friction” dealies that couldn’t happen in the real world; for one thing, it was performed at close to absolute zero, which is going to be difficult to achieve in an overheated press room at CES, for example. Still, according to the scientists, it could be done at room temperature with just 150 atoms, the New York Times said. Realistically, though, it is likely that the technology could at most produce a drive of 100 TB in the space of 1 TB today.
Something I haven’t seen in the reportage is just how sensitive such a system would be to cosmic rays, sunspots, droppage, and shocks from shuffling on carpeting. “Dude! You just wiped out the Library of Congress!” “Sorry, dude!”
The operative part of the technology was best explained by the Financial Times: “They did this by using an antiferromagnetic, instead of a ferromagnetic, structure – in other words switching the atoms in the structure from pointing towards each other (like in a fridge magnet) to pointing away from each other. This allows for less interference, which is important when storing data in 12-atom blocks.”
*Yes, yes, I know, technically a terabyte has 1099511627776 bytes. Hush. You get the point. Incidentally, CNET said it would be 83,000 disk drives, because CNET forgot to divide by 8.
**The New York Times‘ story originally referred to “copper nitride atoms” until people made fun of them in the comments and “atoms” was deleted. Science is hard. Noted one commenter, “ I have been both enlightened, and entertained. I also now know there is no such thing as a copper nitride atom, whereas previously, I had never wondered whether there was a copper nitride atom. Now I do, I’m not sure what to do with that.”
Think getting your backup right is a case of life and death? Here’s an incident where it really is.
In a criminal case in Miami in 2009, a man named Randy Chaviano was convicted of second-degree murder committed in 2005 and sentenced to life in prison. As usual, a court stenographer was taking notes at the trial. But then there was a string of coincidences worthy of a Law & Order script.
- The stenographer didn’t have enough paper for her machine — a mistake she’d apparently made before
- Consequently, the notes she took were recorded only in the machine’s internal memory
- She transferred the stenography machine’s records to her own PC
- She deleted the records from the stenography machine
- She didn’t do a backup of the PC
- A virus hit the PC and deleted what was by then the only record of the trial, leaving only a pretrial hearing and closing arguments; it wasn’t clear when this happened
This was all discovered recently, when the case was appealed, and it was discovered that the notes no longer existed — meaning that the case will have to be re-tried from scratch, according to the Miami-Herald. The paper didn’t say how much re-trying the case would cost.
The court stenographer has since been fired — in fact, courts in Miami are now moving toward using digital recorders and no stenographers at all. Moreover, cost-cutting may have caused the problem in the first place, noted the Herald:
Court reporters in criminal court have also complained that plunging rates paid by the state have driven away experienced stenographers and forced firms to hang on to aging equipment.
“It seems very sloppy to allow the only record of a trial’s proceedings to be held on an individual’s PC – it’s like asking for trouble if it isn’t at the very least held securely as a backup elsewhere,” noted Graham Cluley in the security blog Sophos. You think?
No word on the fate of the IT person who should have been responsible for doing backups on the PCs.
It’s as much a New Year’s tradition as champagne and confetti: Computer industry predictions for the upcoming year, and storage is no exception.
(Of course, the e-discovery crowd had their e-discovery 2012 predictions all going in November, but they’re overachievers.)
As with e-discovery, a certain number of these predictions fall into the no-s***-Sherlock school of Mom-and-apple-pie obviousness: Data is going to grow! Use of the cloud is going to increase! People will use more mobile devices! But there are some predictions that have more nuance to them.
1. Symform, for example, a cloud storage vendor, included in its list of 2012 predictions, “The “green” data center for cloud computing will be debunked.”
While the cloud is heralded as “green,” data center sprawl is creeping in as companies like Facebook, Google and Amazon build out massive global infrastructures to power their cloud-based services. Recent reports show Google continuously exerts 250 million watts of energy from the servers behind its cloud. That is enough to power all of Salt Lake City or any other city with approximately 200,000 households. Today, data centers account for 14 percent of all carbon emissions, and the EPA estimates that data centers and servers account for two percent of power in the U.S. By 2020, Symform predicts that if left unchecked, more than 25 percent of the nation’s power will be required to power data centers, unless businesses can identify new means for storing data without building additional data centers.
25% is a lot. So, to that prediction, I’ll add: We’ll be seeing more companies investing in alternative energy, such as Google’s investment in wind and solar, locating data centers in cool places like Finland and Oregon to use natural air for cooling, and incorporating alternative energy into the data center itself, like Granite Block’s wind turbines and artesian wells. And this won’t just be because it’s the right thing to do, but simply because data centers may not be able to count on getting power any other way.
2. As predicted by Toshiba, flash storage will grow. But this isn’t just the rah-rah-everything-grows prediction (and even Toshiba hedges its bets by saying that traditional spinning disks will still be the mainstay, due to their capacity). Floods in Thailand knocked out some hard-disk manufacturing — including at Toshiba — which not only made hard disk drives harder to get, but increased their prices, up to the point where flash storage is more competitive than it has been.
3. It’s the end of cloud storage as we know it! trumpets storage vendor Drobo. And surely the fact that it manufactures on-site storage solutions for small businesses has nothing to do with it. In fact, Drobo cites research — which it conducted itself! — saying that “96 percent of SMBs (up to 500 employees) report they will store at least 50 percent of their data on-site for a minimum of the next three years. Factors cited included cloud performance, security and reliability concerns.” Sarcasm aside, Drobo has a point. Widely publicized cloud failures, of which Amazon’s was only one example, will likely give users pause about putting too many of their computing eggs into one cloud basket. If not, it should.
See you next year.
Fall River, Massachusetts: Textile mills. Lizzie Borden. Disaster recovery.
Yep. A new data center, Granite Block Global Data Center Inc., which is intended to provide application hosting, colocation and disaster recovery services to businesses in the financial services, healthcare and high technology industries, has opened up in a former textile mill in the venerable Massachusetts city.
And “Granite Block” isn’t just a colorful New England name. The walls of the facility are made of four-foot-thick solid granite, which the company says is virtually impenetrable.
Repurposing former industrial facilities into data centers has been an increasing trend in the past few years. Companies and cities looking for data center facilities are realizing that their business-convenient downtowns are often already the home of large, frequently empty, buildings. And not only do the buildings typically have a great deal of power capacity but companies can often get tax breaks for investing in what are considered distressed urban areas. Around the world, data centers are now moving into paper mills, tanneries, department stores, warehouses, and even churches and bomb shelters.
Now a 163,000-sq. ft. former textile mill in Fall River — a city previously famous for being the home of accused ax murderer Lizzie Borden — is joining them, with Granite Block investing $5 million in the project, amid hopes that other abandoned textile mills in the New England area could serve the same purpose. Open Cape, a fiber company, has already said it intends to move into the facility — which will also give other tenants an additional connectivity option.
In addition to making use of the large power capacity the building already has, Granite Block intends to install wind turbines for energy and 400-foot artisan wells for geothermal cooling. The company has also added two 2-megawatt generators and says it has enough fuel on-site to run them for six days.
The facility is starting with 20 jobs, but could bring up to 70 jobs to the area, as well as visitors. A similar data center in Boston, which is just 40,000 square feet, brings in 500 to 700 visitors monthly, meaning the Fall River site could see three times that amount, said Granite Block President Roland Patenaude.
The Thailand flooding that’s boosted the price of hard disk drives may have an unintended benefit — at least if you’re a manufacturer or user of solid-state flash drives.
This nuance came out earlier this month in connection to Intel issuing an earnings warning.
“[Intel CFO Stacy] Smith, meanwhile, said the average selling price for chips should be higher in the period as low-end PCs, which have the least expensive chips, take the biggest hit from the hard-disk drive shortages. He added that solid-state drives, which use flash memory, should see an increase in demand,” said the Wall Street Journal.
Analysts such as Oakshire Financial delved into the issue in more detail, noting that this could be an investment opportunity.
If you believe the comments of Intel’s CFO and think that solid-state drives are the future, consider the following: In addition to Intel, OCZ Technology Group (NASDAQ:OCZ) is one of the primary (read: overly hyped) makers of solid-state drives. Seagate (NASDAQ:STX), Western Digital and SanDisk all manufacture solid-state drives as well.
In fact, while hard disk drive prices have been going up, the prices of solid-state drives have been going down, notes Idealo. Moreover, regardless of the flood, solid-state drives are on track to match the price of hard disk drives in less than a year, the site notes. Previous predictions had been it would take two years for prices to equalize, the site added.
Maybe people like to hear about losers? That’s the conclusion after Nasuni Corp. released its State of Cloud Storage Providers Industry Benchmark Report. Over a period of 26 months, the company stress-tested a total of 16 cloud storage vendors to find out how well their services performed under pressure.
Of the 16, only 6 passed, according to Nasuni — Amazon S3, AT&T Synaptic Storage as a Service (powered by EMC Atmos), Microsoft Windows Azure, Nirvanix, Peer1 Hosting (powered by EMC Atmos), and Rackspace Cloud.
Moreover, the company is not releasing the names of the ten vendors that failed. According to Bloomberg Business Week:
Which 10 failed? Nasuni spared those names, and for good reason. It wants them to get better, not go away.
Well, okay, though if people gravitate toward the six winners Nasuni did publicize, that’s not exactly going to be good news for the 10 losers anyway. (Do they, themselves, even know who they are? If not, how can they get better?) And, without knowing what Nasuni considers as a cloud storage provider, an awful lot of vendors stand to be tarred with the “loser” brush, notes Charles Babcock of Information Week.
There’s also the question of Nasuni’s own motivation. Bloomberg continues:
The Natick, Massachusetts-based startup provides storage technology and services built on top of existing cloud infrastructure. So the more providers in the market the better the competition and the more prices likely fall for Nasuni, which buys cloud storage and bundles in its proprietary technology to then sell to customers.
A company is ranking providers in a market in the hopes of being able to get a good deal from one of them? I’m sure Nasuni’s motivations are nothing but honorable, but the perception is that there easily could be some quid pro quo going on — “Sure, I’ll give you a good ranking, in return for a good deal.”
It’s great that someone is providing such testing, and the report and its methodology is interesting reading, including details about which service performs which functions the best. Still, it would be better if the tester wasn’t a company that stood to benefit from the results.
This past summer, we started hearing about developments that would make it possible to have a 1-terabyte drive on a laptop.
The heck with that. How about a 1-terabyte thumb drive?
Not quite yet, but soon. Intel and Micron, which just finished putting out a 20nm 64-gigabit NAND flash device not so long ago, has now developed a 20nm 128-gigabit NAND flash device, which means a 128-gigabyte solid state drive can be put together with eight of the things, in the size of a fingertip, according to the Wall Street Journal.
The announcement is another indication that companies keep packing more transistors on chips–roughly in keeping with the pace that industry pioneer Gordon Moore described in what Silicon Valley denizens call his law. The new chips are built from circuitry measured at just 20 nanometers–a level of miniaturization that some experts once projected would be too small for NAND flash technology to keep working.
The companies were able to do this in two ways, they say.
The companies also revealed that the key to their success with 20nm process technology is due to an innovative new cell structure that enables more aggressive cell scaling than conventional architectures. Their 20nm NAND uses a planar cell structure – the first in the industry – to overcome the inherent difficulties that accompany advanced process technology, enabling performance and reliability on par with the previous generation. The planar cell structure successfully breaks the scaling constraints of the standard NAND floating gate cell by integrating the first Hi-K/metal gate stack on NAND production.
The chips are expected to be shipped in sample quantities to system makers in January and reach mass production in mid-2012. They are expected to be used in mobile devices, portable gaming systems, and solid-state drives.
A Republican presidential candidate, a former Governor, is being slammed in the press due to accusations that, when he left the governor’s office, he ordered information from computers in his office destroyed.
No, not Mike Huckabee. It was Massachusetts Governor Mitt Romney, who added a new wrinkle: 11 staffers purchased 17 hard disks from government computers when departing. A spokeswoman for the campaign told the Boston Globe, which broke the story, that the former aides did nothing wrong and had “complied with the law and longtime executive branch practice” — at which point the Globe interviewed several past governors who said that, no, their staffers had never purchased state hard drives and in fact had never heard of such a thing.
Moreover, in September 2006, the Governor’s office began submitting requests to the Records Conservation Board to destroy some documents, such as “vendor invoices, intern files, and accounting records – and those involving topics such as “travel expense records,’’ “pardon/commutation records,’’ and “individual appointment requests,”” the Globe reported. The upshot is that no records are available of email sent during Romney’s four-year term.
Now, it’s certainly true that e-Discovery experts advise that their clients have a regular program of destroying files as they reach a certain age, partly to prevent a legal fishing expedition should the company go to court. But typically, public servants are held to transparency laws that require them to save and archive such messages — President George W. Bush, for example, was required to have his office search for email messages when millions of them were found to have been deleted.
As with Huckabee’s disk drive destruction, Romney’s office at first claimed the disk drives were purchased because of the sensitive nature of the information on them. In a later interview, however, Romney cited another reason: keeping potentially damaging information out of the hands of his opponents.
In fact, radio station WBUR has since ascertained that Romney’s office had shortened the lease of the computer equipment. “The new lease could be a completely innocuous attempt to give the new governor fresh computers. But it was standard practice to scrub the hard drives once a lease had expired, so changing the lease also allowed Romney’s staff to order the hard drives scrubbed before returning the old computers.”
Romney’s claim is that the Massachusetts public records law does not cover the Governor, but that his office voluntarily donated some 700 boxes of records to the state archives — of course, on paper, which would make them virtually unsearchable by journalists or a court. In fact, they are said to be particularly disorganized.
To add insult to injury, Romney’s office is claiming that this is all a plot cooked up by the current Massachusetts Governor, Democrat Deval Patrick, and the campaign of Democratic President Barack Obama, and is filing its own records request for communication between the two offices.
Two other Republican Governors who are or who have considered running for President, Texas Governor Rick Perry and South Carolina Governor Nikki Haley, have also been observed deleting records from their time in office.
What I said about Huckabee earlier this year is just as valid for Romney now, as well as for any other government official: Regardless of whether the data on the hard drives was incriminating or merely sensitive, the appearance is an issue. As the saying goes, in politics perception is more important than reality, and even if Romney had nothing but the best intentions in mind, his destruction of the disks gives the perception that he was hiding information that should legitimately be available to the people of Massachusetts and the U.S. With legal experts now saying that governments are subject to the same electronic discovery requirements as any corporation, Romney’s actions could be considered suspect or legally liable.
What the hell can one guy know that’s worth half a billion dollars?
That’s Western Digital’s reaction to a decision this week of an arbitrator to a case where a Seagate employee who joined Western Digital is accused of having brought trade secrets with him. Though it was Western Digital’s idea in the first place to keep it secret four years ago when the case first came up, the Irvine, Calif. company has now publicized the award, along with saying it intends to fight the decision — though since it’s binding arbitration, they may be out of luck. To add insult to injury, the award also includes 10% interest per year.
“The case stems from a lawsuit filed by Seagate in Hennepin District Court in October 2006 against Western Digital and former employee Sining Mao, alleging misappropriation of confidential information and trade secrets,” writes the Star Tribune in Minneapolis, where the case was filed because Seagate has a lot of employees there. “Mao, 48, was an engineering manager at Seagate before departing for Western Digital in October 2006, where he’s now a vice president. After the suit was filed, Mao filed for arbitration in June 2007, and a motion to compel arbitration was granted by the court in September 2007, according to a Western Digital securities filing. The arbitration hearing began in May and continued through July of this year,” the Star Tribune continued, adding that Western Digital has more than $3 billion in cash on hand.
According to his LinkedIn profile, Mao was at Seagate for more than 11 years in positions of increased responsibility, and is still at Western Digital. He holds bachelor and masters degrees in physics from Peking University, and a doctorate in physics from the University of Maryland. His research topics cover the advanced nanotechnologies including GMR, TMR and BMR, as well as longitudinal and perpendicular recording, and he has more than 170 scientific papers and 50 conference presentations on magnetic thin film materials and devices, according to his bio for the Silicon Valley Technology Innovation and Entrepreneurship Forum. He also holds 57 patents in the field.
This isn’t the first time Seagate has attempted to keep one of its high-level people from going to Western Digital. In 2004, the company sought an injunction to keep Peter Goglia, executive director of the Recording Head Operation, from joining Western Digital. This attempt failed; according to his LinkedIn profile, he became a vice president of R&D at Western Digital for three years before moving on to two other companies in the field.
This hasn’t been a great year for Western Digital; the company was also affected by the Thai flooding, to the extent that it could lose its first place position in the disk drive market and could cut its revenue by more than half. However, the company also said that the judgment wouldn’t affect its ability to purchase Hitachi GST, announced in March. Analysts quoted by Reuters, however, said misappropriation of trade secrets cases are hard to prove and that it doesn’t affect the company’s ability to compete.