NeoScale Tackles IT Security Hole With European Entry of Cryptostor Storage Security Appliance

Storage Security Firm Helps Companies Meet Strict Data Privacy Directives By Shoring Up Distributed Portable Tape Backup

London, England – InfoSecurity Europe – (April 29, 2003) – NeoScale Systems, Inc., a leading provider of enterprise storage security solutions for the networked storage and data storage management markets, today launched its CryptoStor(tm) for Tape appliance to the European market. CryptoStor for Tape delivers seamless backup compatibility, integrity and secure recovery to authenticate, encrypt and compress data on tape libraries and virtual tape systems. By offering this level of protection to backup procedures, NeoScale is helping European businesses adhere to EU E-Privacy Directive (Directive 2002/58/EC) compliance regarding the security of sensitive data stored on portable, distributed media.

NeoScale is demonstrating its solution at stand 94, InfoSecurity Europe, Olympia, London. Additionally, the company has opened its European sales desk to be responsive to regional systems integrator and end user inquiries.

“Privacy is a fundamental trust, if not legal requirement, for most business transactions. Unauthorised access to sensitive transactional and stored data significantly damages relationships built between a company and its employees, partners and customers,” said Daniel Walsh, director of Total-Trust Limited, the UK-based IT security and Data Protection consultancy. “While organisations have implemented network access controls and defences, their efforts do not usually extend to backup media, even though EU Directives set out that data must be stored securely. NeoScale’s appliance approach to securing backup can be used by organisations and service providers as a step to comply with privacy legislation as well as reduce or eliminate this risk.”

Backup Media Access Risk
Tape backup underpins many firms’ operational resilience, but in reality, is often overlooked as a security exposure. The portable media can now contain as much as a half terabyte of trusted, valued or regulated information. Any storage media that is accessible internally, handled by many staff, and often sent outside the confines of the data centre can be vulnerable to unauthorised data access, theft or corruption. The economic benefit of pooling stored data and the use of managed storage services, such as web applications, vaulting and disaster recovery, may also contribute to privacy risk. Since breach discovery is often “after-the-fact”, it can adversely affect business recovery and liability.

Appropriate Privacy Measures
Directive 2002/58/EC of the European Parliament concerns privacy and electronic communications of data; in which organisations must use appropriate technical and organisational measures to protect against unauthorised or unlawful processing of data and only permits transmission outside the European Economic Area (EEA) with adequate protection for only authorised and necessary access. Breach of the Directive can have dire consequences ranging from fines, public incident disclosure, and possible prosecution of corporate officers attributable to such negligence. More information is available from: http://europa.eu.int/comm/internal_market/privacy/index_en.htm).

One question to be raised, to both organisational IT and those providing managed services, is whether enough reasonable / adequate defences have been applied to securing portable tape media and whether it can meet the standard of “adequate”. If so, the company should document and be able to present the policy and standards which demonstrate protecting sensitive data in every stage of media lifecycle management. Complexity will vary according to:
– the amount of media being managed and the proximity of control
– the level of heterogeneous systems and applications within the backup environment
– how backup applications can secure the data on the tape
– how distributed the media becomes and what distribution exposures exist
– under what circumstances can the media can be accessed for recovery purposes
– the degree of pooling of business critical information from different sources
– the means to record access to such media both physically and electronically
– how security might affect available backup / recovery windows and processes

“Clearly storage tape media has inherent access and theft exposures in every stage of media lifecycle management – provisioning, archiving, transporting, vaulting, retrieval, rotation and retirement,” said Scott Gordon, vice president of marketing, NeoScale Systems. “Physical security measures only scales so far and may not fully negate privacy liability. NeoScale CryptoStor offers companies the means to protect stored data which can reduce business risks and contribute to adhering to privacy defence standards.”

CryptoStor for Tape
CryptoStor for Tape is a readily deployable, high-speed tape media protection appliance that employs block-based AES and 3DES standards encryption without disrupting backup performance. It seamlessly integrates with widely used backup applications and processes and dynamically compresses data to keep tape management costs in check. It also enables secure media recovery and integrity regardless of tape location without using software agents or hard-coded encryption keys. Multiple backup privacy policies can be centrally / remotely managed to shield pooled, distributed, unattended, virtualised and vaulted tape applications.

The appliance, which comes in both Fibre Channel and SCSI configurations, is now available starting at $15,000 USD / EUR13,604 EUR per unit.

NeoScale’s solutions will be made available through storage and security systems integration channels throughout Europe. To obtain immediate sales information, regional systems integrators and end users can contact NeoScale’s European sales desk at +44 (0)1978 368 064 or eurosales@neoscale.com.

About NeoScale:
Founded in June 2000, NeoScale Systems Inc. is a leading provider of enterprise storage security solutions that provide robust data protection for networked and distributed storage. NeoScale CryptoStor is a family of wire-speed, policy-based storage security appliances that delivers network storage and media privacy. NeoScale’s solutions lower the cost of protecting highly accessible, distributed storage infrastructures, while also enabling greater efficiencies for the management of storage capacity, consolidation, continuity and availability. For more information, visit www.neoscale.com.