Data Storage Systems at Risk: Symantec, EMC Acknowledge, Correct Product Flaws

In a sign that virtually all bastions of business data security are vulnerable to attack, the vendors of two data storage systems -- a product type often implemented to provide an added layer of defense against hackers, have each just admitted to security flaws in separate high-profile products and have issued correctional patches.

EMC Corporation of Hopkinton, Massachusetts, has issued separate patches for it Legato NetWorker system versions 7.2.1, 7.14 and 7.3, while Symantec Corp. of Cupertino, California, has issued patches for its VERITAS NetBackup Enterprise Server/Server 5.0 and 5.1 products. The patches and details of the security vulnerabilities on the products are available online at each company's support web site.

The potential vulnerabilities could have meant dire consequences in both product lines. Both vendors said that, prior to the fixes, their products in question were vulnerable to attacks that could result in a denial of service and enable hackers to “execute arbitrary code” within their victims’ systems.

EMC has reported no break-ins yet for any of its customers and there have been no reports of any breaches for Symantec Legato clients, but the incidents underscore a growing concern about the lack of data security. SANS Institute, the Bethesda, Maryland-based Internet security watchdog and training group that first reported the EMC product vulnerabilities, late last year issued an industry wide report that found it’s almost impossible to protect data from truly dedicated hackers. It further found that, unlike Symantec and EMC this month, software vendors are typically slow to respond with patches.

To be sure, the Symantec and EMC products in question are typically used by enterprises too large to be clients of rank-and-file CPAs. But the matter is noteworthy to all practitioners because data storage is becoming a critical issue to businesses of all sizes, and it’s a growing concern for the data-intensive accounting profession itself.

As accounting profession consultant and publisher Rick Telberg noted in a recent advisory on Hewlett-Packard’s Web site, data storage, or vaulting, is becoming as significant to businesses as vaulting money is to banks because most businesses are “extremely or entirely dependent on their computer-based information systems,”

SANS, in its report last year, said that unlike other technologies, data security is getting weaker, not stronger. “The bottom line is that security has been set back six years in the past 18 months,” Alan Paller, SANS research director, said in a Washington Post story about the report. While vendors used to “automatically” issue patches for product vulnerabilities, he lamented, “Now the attackers are targeting popular applications and the vendors of those applications do not do automated patching.”

That report noted among other things that the cyber-space monitoring unit of the Department of Homeland Security found that products for backing up data are drawing intense attention from online criminals. The report incidentally also found a security flaw in another Symantec storage product, Veritas Backup Exec. Symantec responded that its policy is to quickly develop remedies and issue client alerts when it learns of product vulnerability.
~JC

You may like these other stories...

IRS audits less than 1 percent of big partnershipsAccording to an April 17 report from the Government Accountability Office (GAO), the IRS audits fewer than 1 percent of large business partnerships, Stephen Ohlemacher of the...
Legislation coming out of Washington just might reduce homeowners' burden for disaster insurance. It's a topic very much on everyone's minds since the mudslide in Oso, Washington. The loss of human life was...
Divorce is hard, and the IRS isn't going to make it any easier. The IRS generally says "no" to tax deductions that might ease the pain of divorce. In certain circumstances, however, you might be able to salvage...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.