Data Storage Systems at Risk: Symantec, EMC Acknowledge, Correct Product Flaws

In a sign that virtually all bastions of business data security are vulnerable to attack, the vendors of two data storage systems -- a product type often implemented to provide an added layer of defense against hackers, have each just admitted to security flaws in separate high-profile products and have issued correctional patches.

EMC Corporation of Hopkinton, Massachusetts, has issued separate patches for it Legato NetWorker system versions 7.2.1, 7.14 and 7.3, while Symantec Corp. of Cupertino, California, has issued patches for its VERITAS NetBackup Enterprise Server/Server 5.0 and 5.1 products. The patches and details of the security vulnerabilities on the products are available online at each company's support web site.

The potential vulnerabilities could have meant dire consequences in both product lines. Both vendors said that, prior to the fixes, their products in question were vulnerable to attacks that could result in a denial of service and enable hackers to “execute arbitrary code” within their victims’ systems.

EMC has reported no break-ins yet for any of its customers and there have been no reports of any breaches for Symantec Legato clients, but the incidents underscore a growing concern about the lack of data security. SANS Institute, the Bethesda, Maryland-based Internet security watchdog and training group that first reported the EMC product vulnerabilities, late last year issued an industry wide report that found it’s almost impossible to protect data from truly dedicated hackers. It further found that, unlike Symantec and EMC this month, software vendors are typically slow to respond with patches.

To be sure, the Symantec and EMC products in question are typically used by enterprises too large to be clients of rank-and-file CPAs. But the matter is noteworthy to all practitioners because data storage is becoming a critical issue to businesses of all sizes, and it’s a growing concern for the data-intensive accounting profession itself.

As accounting profession consultant and publisher Rick Telberg noted in a recent advisory on Hewlett-Packard’s Web site, data storage, or vaulting, is becoming as significant to businesses as vaulting money is to banks because most businesses are “extremely or entirely dependent on their computer-based information systems,”

SANS, in its report last year, said that unlike other technologies, data security is getting weaker, not stronger. “The bottom line is that security has been set back six years in the past 18 months,” Alan Paller, SANS research director, said in a Washington Post story about the report. While vendors used to “automatically” issue patches for product vulnerabilities, he lamented, “Now the attackers are targeting popular applications and the vendors of those applications do not do automated patching.”

That report noted among other things that the cyber-space monitoring unit of the Department of Homeland Security found that products for backing up data are drawing intense attention from online criminals. The report incidentally also found a security flaw in another Symantec storage product, Veritas Backup Exec. Symantec responded that its policy is to quickly develop remedies and issue client alerts when it learns of product vulnerability.
~JC

You may like these other stories...

As mentioned in today’s “Bramwell’s Lunch Beat” via an article from the USA Today, a new report from the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS doled out $2.8...
London Stock Exchange switches auditing to EYThe London Stock Exchange will drop PwC as its auditor and replace it with EY after completion of the audit for the year ending March 2014, Harriet Agnew of the Financial Times...
With tax season in the past, it's time to think about the tax implications of decisions your clients may be making about their homes in 2014. The rules are complicated and because of the huge amounts involved, the...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.