Data Storage Systems at Risk: Symantec, EMC Acknowledge, Correct Product Flaws

In a sign that virtually all bastions of business data security are vulnerable to attack, the vendors of two data storage systems -- a product type often implemented to provide an added layer of defense against hackers, have each just admitted to security flaws in separate high-profile products and have issued correctional patches.

EMC Corporation of Hopkinton, Massachusetts, has issued separate patches for it Legato NetWorker system versions 7.2.1, 7.14 and 7.3, while Symantec Corp. of Cupertino, California, has issued patches for its VERITAS NetBackup Enterprise Server/Server 5.0 and 5.1 products. The patches and details of the security vulnerabilities on the products are available online at each company's support web site.

The potential vulnerabilities could have meant dire consequences in both product lines. Both vendors said that, prior to the fixes, their products in question were vulnerable to attacks that could result in a denial of service and enable hackers to “execute arbitrary code” within their victims’ systems.

EMC has reported no break-ins yet for any of its customers and there have been no reports of any breaches for Symantec Legato clients, but the incidents underscore a growing concern about the lack of data security. SANS Institute, the Bethesda, Maryland-based Internet security watchdog and training group that first reported the EMC product vulnerabilities, late last year issued an industry wide report that found it’s almost impossible to protect data from truly dedicated hackers. It further found that, unlike Symantec and EMC this month, software vendors are typically slow to respond with patches.

To be sure, the Symantec and EMC products in question are typically used by enterprises too large to be clients of rank-and-file CPAs. But the matter is noteworthy to all practitioners because data storage is becoming a critical issue to businesses of all sizes, and it’s a growing concern for the data-intensive accounting profession itself.

As accounting profession consultant and publisher Rick Telberg noted in a recent advisory on Hewlett-Packard’s Web site, data storage, or vaulting, is becoming as significant to businesses as vaulting money is to banks because most businesses are “extremely or entirely dependent on their computer-based information systems,”

SANS, in its report last year, said that unlike other technologies, data security is getting weaker, not stronger. “The bottom line is that security has been set back six years in the past 18 months,” Alan Paller, SANS research director, said in a Washington Post story about the report. While vendors used to “automatically” issue patches for product vulnerabilities, he lamented, “Now the attackers are targeting popular applications and the vendors of those applications do not do automated patching.”

That report noted among other things that the cyber-space monitoring unit of the Department of Homeland Security found that products for backing up data are drawing intense attention from online criminals. The report incidentally also found a security flaw in another Symantec storage product, Veritas Backup Exec. Symantec responded that its policy is to quickly develop remedies and issue client alerts when it learns of product vulnerability.
~JC

You may like these other stories...

School tax breaks get House support as Democrats objectRichard Rubin of Bloomberg reported that the House of Representatives on Thursday voted to expand and simplify tax breaks for education as Republicans continue to pass...
Many senior US tax professionals believe that a streamlined audit process will be the top benefit resulting from the IRS Transfer Pricing Audit Roadmap, a new toolkit organized around a notional 24-month audit timeline,...
Tax accounting to be simplified for money-market fundsThe US Securities and Exchange Commission (SEC) voted 3-2 on Wednesday for sweeping changes to institutional money-market funds, Emily Chasan, senior editor of...

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.