Organizations are not taking security considerations in to account when working with third-party data recovery data services, which puts them at risk of a data breach by unscrupulous providers, according to a recent report from the Ponemon Institute.
In the “Trends in Security of Data Recovery Operations” report released Jan. 11, 87 percent of respondents said they’d experienced a data breach in the past two years and 21 percent of that group admitted the breach occurred while the drive containing the data was with a third-party data recovery service, the Ponemon Institute found.
As organizations increase their use of data recovery vendors, the potential for data breach during the recovery process also increases if the provider’s security protocols are not properly vetted, the report found. While 83 percent of the respondents agreed that they should require third-party vendors to ensure that data is securely and permanently destroyed from their systems after the information has been recovered. However, only 9 percent actually do so.
“The consequence of using an unscrupulous data recovery vendor can lead to loss or theft of sensitive and confidential information,” said Michael Hall, the CISO at DriveSavers Data Recovery, a data recovery service provider which commissioned the study. “That could mean a major disruption in business, financial loss and in some cases, closure of the business,” Hall added.
About 81 percent of the respondents said the speed of recovery was the most important factor in choosing a vendor and 75 percent said the ability to successfully recover data was the most important. Security-related concerns were not a priority for these respondents, according to the survey.
“While the need to recover data is often time sensitive, every effort must be made to ensure that the organization’s confidential and sensitive data is protected during the recovery process,” Hall said.
About 54 percent of respondents said they do not require their data recovery vendors to comply with security guidelines from the National Institute of Standards and Technology or International Organization of Standards for Business, Government and Society, the report found.
Organizations that have to comply with industry and regulatory requirements such as Gramm-Leach-Bliley Act Data Security Rule, the Data-At-Rest mandate, the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, have to make sure their service providers are also compliant. Respondents admitted they needed to improve their due diligence for vetting third-party vendors and their data recovery certification, the report found.
Organizations are increasingly using data recovery services after experiencing a server crash or disk failure, especially if intellectual property, financial information and customer or patient data files are affected, the survey found. Of the 769 IT security and IT support professionals surveyed, nearly 85 percent of respondents said their companies have used third-party data recovery services and 39 percent said they used such a service at least once a week. The number is growing, as 79 percent of last year’s survey participants said their companies use a data recovery service.
For organizations who trust their data to a cloud provider, there is another layer of concern. About 55 percent of the respondents said their cloud provider uses a separate data recovery service in case of a server crash, but a little over half of those respondents said they weren’t confident the cloud provider would notify them if a data breach occurred during the recovery process.
Organizations using third-party data recovery services should define security protocols that need to be considered during the vendor selection process and enforce them, the Ponemon Institute recommended. Organizations should vet the service’s security credentials as well as ensure their service level agreements with cloud providers include the need for notification if a data recovery vendor is engaged.
The IT security and IT support practitioners in the survey were based in the United States and came from healthcare, financial services and governmental organizations. Most of the respondents reported to CIOs and CISOs in their organization.

AI success depends on whether enterprise data is ready, reachable, and close enough to the workloads that need it. In this eSpeaks episode, Dell Technologies’ Vrashank Jain explains why fragmented data, weak metadata, slow pipelines, and poor data locality can stall AI projects before models ever reach production.

In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Actualités récentes - Ressources Centres de ressourcesRessources en vedetteLink to The Real AI Power Play: Who Controls Your Enterprise Data Layer?
The Real AI Power Play: Who Controls Your Enterprise Data Layer?IT and data teams were promised that AI would make work easier. Instead, it's created new layers of complexity.Link to Building the Backbone of Agentic AI with Trusted, Context-Rich Data
Building the Backbone of Agentic AI with Trusted, Context-Rich DataIn this 10-minute take video, Reltio Principal Solutions Consultant Guy Vorster explains how organizations can overcome fragmented data challenges to power AI agents.Link to IHG scales real-time, trusted data across global brands
IHG scales real-time, trusted data across global brandsAccelerating time to value while powering data-driven engagementLink to Dell’s Vrashank Jain on Enterprise AI Data Readiness and AI Data Platform Infrastructure
Dell’s Vrashank Jain on Enterprise AI Data Readiness and AI Data Platform InfrastructureAI success depends on whether enterprise data is ready, reachable, and close enough to the workloads that need it. In this eSpeaks episode, Dell Technologies’ Vrashank Jain explains why fragmented data, weak metadata, slow pipelines, and poor data locality can stall AI projects before models ever reach production.
Link to BMC’s Jennifer Margules on Intelligent Enterprise Orchestration
BMC’s Jennifer Margules on Intelligent Enterprise OrchestrationIn this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
Link to Global-First Finance: Building Scalable, Compliant Operations in an Uncertain World
Global-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldeSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Intelligence artificielle -
Vidéo -
Mégadonnées et analyse -
Cloud -
Réseau - Cybersécurité Cybersécurité
- Applications Applications
- Gestion IT Gestion IT
- Stockage Stockage
- Mobile Mobile
- Petites entreprises Petites entreprises
- Développement Développement
- Base de données Base de données
- Serveurs Serveurs
- Android Android
- Apple Apple
- Innovation Innovation
- Matériel informatique Matériel informatique
- Avis Avis
- Moteurs de recherche Moteurs de recherche
- Virtualisation Virtualisation
-
- Blogs Blogs
- Événements Événements