Corporate Security

Physical Security

IT Security

Personnel

Information Security

Reputation

Special Sections

Home » Data Protection » Data in danger: protection, recovery and secure destruction of business information

Data in danger: protection, recovery and secure destruction of business information

by Jane Symonds | ASM | Jul/Aug 2008

Kroll Ontrack’s Asia Pacific General Manager Adrian Briscoe speaks to ASM's Jane Symonds on data security.

ASM: We’re hearing more and more of terms like ‘computer forensics’ and ‘electronic discovery’. Can you briefly describe these concepts, and what your company is doing in these areas?

Briscoe: Computer forensics is generally the investigation of a single hard drive to find a ‘needle in a haystack’, a document that is incriminating or that fits in a timeline, in a situation where we can prove that at this point, an event happened.

E-discovery is about building the haystack.

It’s bringing together all the data sources you can find, and allowing clients, typically lawyers and paralegals, to look through them to find something that will help them with an investigation.

Kroll is seen as a world leader in computer forensics as well as data recovery, which is about recovering data present on a type of media.

ASM: What range of services and solutions does Kroll Ontrack offer in Australia and the Asia-Pacific?

Briscoe: Kroll, the parent company, provides business investigations for commercial enterprises – for example, if they’re suspicious about a particular member of staff.

Kroll Ontrack is the technology side of Kroll.

Data recovery is the core service in Asia Pacific, but we also offer computer forensics and electronic discovery.

There are different levels in the market – Kroll Ontrack is a global player in the data recovery and electronic discovery side, and then underneath that you have the local competitors.

There are probably not any global players of the size of Ontrack in Australia and Asia Pacific; we’re very strong in Europe and the US and becoming much stronger in Asia Pacific.

ASM: Kroll Ontrack offers both software and in-house services. What are the differences between these two areas of the business, and what does each offer end-users?

Briscoe: What we have in-house is the ability to physically fix a piece of media.

If a hard drive has a mechanical fault we can take it apart and repair it so that people can get information off it.

For instance, one of our success stories has been with NASA.

When the Columbia Space Shuttle came back down and crashed to earth, we managed to recover data from one of the hard drives.

On the other hand, if a hard drive or a piece of media is still working, what we can offer is do-it-yourself software.

For example, we now have PowerControls software which allows you to recover email from archives without having to do a rebuild of a server.

ASM: How are computer forensics and electronic discovery applicable to the security industry?

Briscoe: Electronic data security is a huge topic at the moment. We’ve seen cases in the UK and Hong Kong of data being compromised – in the UK there was the case with two hard drives, containing millions of addresses of people receiving welfare benefits, that were put in the mail and lost.

The physical security of data is very important. Kroll Ontrack provides services for safely shipping data, and we also provide services for degaussing hard drives – degaussing permanently erases all data from the drive and ensures it will never work again.

Last year we bought up five PCs from eBay and did a data recovery.

Every PC had had some data erasing done on it, but we still managed to recover 70 gigs of usable data.

They had probably come through a leasing company or vendor who was refurbishing them to put them back on the market.

In the security industry, there’s always talk of security breaches with the internet – but once you lose physical control of computer media that can certainly impact you. Companies should look for ways to manage that risk.

If a PC has failed in the business, then what do you do?

Do you ship the whole drive back to a service provider and hope that nothing is divulged from the hard drive?

Or do you degausse the drive?

ASM: Kroll Ontrack has just announced the Australian availability of the Degausser DG.02 hardware eraser solution. What benefits/impact do you see for Australian businesses?

Briscoe: If you have a large banking corporation in Sydney, and they have staff who are going out on location with a notebook computer, and one day the laptop doesn’t work, they run the risk that if they send it off to a repairer, the drive could be recovered and sensitive information retrieved from it.

If they degausse the hard drive before it leaves the location, they know data will never be recovered.

I’ve come across corporations with a policy not to release failed hard drives back to the provider, so they end up with a store room full of hard drives and they keep building up.

Degaussed hard drives cannot be reused, but can be recycled – hard drives are now so cheap that they are typically replaced and recycled as they cost more to fix than to produce a new one.

ASM: Are businesses in Australia and Asia-Pacific embracing these services? How would you rate the level of knowledge and awareness at the current point in time?

Briscoe: The Singapore and Hong Kong markets, for instance, have a lot more understanding of data erasing. Australia tends to be a little bit more complacent.

Large corporations have enough knowledge now that they need to erase hard drives before releasing media.

It’s smaller businesses and home users who are not aware that if they have a computer that they sell on to another person, they could effectively be giving them valuable or compromising information.

We see software to erase hard drives as part of the lifecycle of a computer.

You start with a computer with virus software; it runs for three or four years, then you have software that erases data before selling the computer.

ASM: With what kind of clients does Kroll work in this region? Do computer forensics and electronic discovery attract a narrow or a varied customer base?

Briscoe: Corporations certainly have better funding for buying up enterprise software than SMEs.

But small businesses and home users can bring drives in to us for degaussing – it’s not that expensive.

We also have the ability to recycle the hard drive for them.

ASM: How does Australia and the Asia-Pacific region compare to the rest of the world in areas such as computer forensics, electronic discovery and data recovery?

Briscoe: In the US we’re seeing more and more companies becoming aware of degaussing.

Scandinavian companies are traditionally good, for some reason.

There’s a lot of interest in degaussing and erasing in Europe.

In Hong Kong, computer forensics is a hot topic.

There are virtually daily cases of wrongdoing coming in for investigation.

Singapore is also active as there are many US and European corporations located there.

In Australia, there is a steady stream of data captures mainly for Australian, US or European regulatory matters.

We always have some notable companies under investigation.

ASM: How is Kroll driving development and growth in this region?

Briscoe: We’re getting our services known to people.

Kroll in Hong Kong has been there for 20 years, so it’s probably stronger in that region than here in Australia.

It’s really about getting ourselves and our capabilities known.

Kroll Ontrack has the best part of 100 developers working on proprietary software; other companies tend to be using off-the-shelf software to do investigations.

Software can only make a best guess about where data starts and stops, but when you have proprietary tools in the hands of engineers, you have much better results.

We have a department where, if a customer comes in and says ‘I have this problem’, we can then develop tools in time to recover that information.

We’ve seen unique problems which don’t fit into other scenarios, and we can use developers to recover data.

ASM: Is there any R&D in this area coming out of the Australia and Asia-Pacific region?

Briscoe: We do some R&D here.

Certainly there is a lot of experience in the region.

R&D is taking place alongside US and European colleagues - globally, we spend in excess of US$10 million on R&D.

ASM: Kroll Ontrack recently opened new offices in Hong Kong and Singapore, which you are managing. What are your plans for these offices? How will this expansion build on Kroll’s services in this region?

Briscoe: Singapore is an existing office that we acquired in 1996, and we’re moving to a new facility with a state-of-the-art lab, which opened in May this year.

Staff will come in from other locations.

We will train up local staff with our knowledge – it takes a few years to train to the standard we require.

ASM: What has been Kroll Ontrack’s experience with skills shortages and retention? How does the company go about its recruitment and training?

Briscoe: We’ve been very fortunate in the members of the team.

Certain skill sets are in short supply, but typically what Kroll Ontrack do is train a person from scratch.

Data recovery and computer forensics are such unique markets, and we are mostly using proprietary tools, so we look at taking someone straight from university or a customer service background.

We can then mould that person to a ‘Kroll Ontrack person’.

We’re not looking for skill sets as such because really we provide the majority of the training.

ASM: How much competition is there between providers of data recovery and e-discovery services in Australia? Is the market growing?

Briscoe: There are one million hard drives made per day; there are 30 billion emails sent per day.

The market is expanding as more and more data is committed electronically.

We will see more and more companies becoming involved with data recovery.

ASM: How do you see Australian companies endangering their business and their data? What improvements need to be made in terms of data protection?

Briscoe: For some reason in Australia we have a lot of external hard drives come to us.

A lot of small or medium-sized companies and home users are buying up external hard drives, and major retailers are making great prices on these products, so people see them as a great backup solution.

What people have to realise is that they must have more than one backup: if all data is copied to a single hard drive, it becomes a single point of failure.

You have to back up the backup.

ASM: What advice would you give to security managers regarding data recovery and computer forensics?

Briscoe: It’s very important to make sure that the backups being generated are actually working.

We’ve had instances where companies have gone out to a third party and asked them to make sure a backup system is working; they’ve said yes, the lights are on, it’s functioning – but when a disaster came, the system had been running but nothing had actually been backed up and all they found was blank tapes.

You’ve got to test backups and test whether data can be accessed.

Article Added: 14/10/2008

« Back

Related Articles:

1st March, 2011

Balancing Act: Between security risk and impact

29th September, 2010

Security in the new information age

4th August, 2010

Protecting card data

2nd September, 2008

Million-dollar data centre for Sydney