Data Recovery Service Providers
The Low Profile, High Impact Risk to Enterprise Security
Robust risk management is a must in today’s challenging environment of mounting digital attacks on vital corporate assets and the regulated data they are entrusted to protect. Most corporations have a dynamic layered security practice, which incorporates multiple security controls to protect this sensitive data. The reputational and financial consequences of lost or corrupted data require it. This white paper addresses an often undetected or unattended internal and contractual risk — data recovery — that appears to be an exception in an otherwise strong-layered security practice.
If a device fails, resulting in lost or corrupted digital data, few corporations have the internal resources to recover that data, especially in the case of a physical or electromechanical failure. The device must be sent to a data recovery vendor. These devices often hold critical IP, financial databases, accounting files, e-mail exchanges, customer records, PCI, PII and PHI. Therefore, data recovery organizations must be classified as high-risk vendors. However, most of the data recovery industry does not meet best practice standards to ensure data security. If a corporation does not perform due diligence before engaging the services of a data recovery vendor, it runs the risk of a data breach that will result in major financial and reputational damage.