Whenever your computer or server crashes, you contact your IT support. But they tell you that you have to call a third-party data recovery provider. What are they going to do with your confidential and time sensitive data you let them recover? Can you trust them? Most people don’t, that’s what research suggests.
A survey conducted by Ponemon Institute found that people don’t know much about the third-party data recovery. About 67% of the IT professionals surveyed believed that the encryption protected their organizations from data breach during the recovery process. But mostly encryption keys are given to the data recovery provider during the recovery process.
Of those professionals whose organizations have witnessed data breach, more than 21 percent of respondents said that the data breach occurred while the drive was with data recovery providers. For survey respondents, security of data took a back seat as most people said that success and speed of data recovery were the most important factors.
Mostly, the data recovery providers are picked by the IT support and helpdesk managers, and IT security remained away from the issue, according to the survey. Ponemon Institute said that less than 50 percent respondents said they ask the data recovery providers to stick to certain security guidelines. Some of the most important security guidelines are encryption for data files, ISO approved handling procedures, cleanroom, demanding evidences of safe handling, non-disclosure agreement, and perhaps the most important of them – chain of custody documentation.
Ponemon Institute also wanted to know people’s opinion on cloud service providers. Over 55 percent respondents said their companies don’t use cloud service providers. But 81 percent of people said they have no confidence in the cloud service provider’s data recovery services. And they don’t think that the cloud service provider will ever let them know if it engages a third-party data recovery provider.