Data Storage Systems at Risk: Symantec, EMC Acknowledge, Correct Product Flaws

In a sign that virtually all bastions of business data security are vulnerable to attack, the vendors of two data storage systems -- a product type often implemented to provide an added layer of defense against hackers, have each just admitted to security flaws in separate high-profile products and have issued correctional patches.

EMC Corporation of Hopkinton, Massachusetts, has issued separate patches for it Legato NetWorker system versions 7.2.1, 7.14 and 7.3, while Symantec Corp. of Cupertino, California, has issued patches for its VERITAS NetBackup Enterprise Server/Server 5.0 and 5.1 products. The patches and details of the security vulnerabilities on the products are available online at each company's support web site.

The potential vulnerabilities could have meant dire consequences in both product lines. Both vendors said that, prior to the fixes, their products in question were vulnerable to attacks that could result in a denial of service and enable hackers to “execute arbitrary code” within their victims’ systems.

EMC has reported no break-ins yet for any of its customers and there have been no reports of any breaches for Symantec Legato clients, but the incidents underscore a growing concern about the lack of data security. SANS Institute, the Bethesda, Maryland-based Internet security watchdog and training group that first reported the EMC product vulnerabilities, late last year issued an industry wide report that found it’s almost impossible to protect data from truly dedicated hackers. It further found that, unlike Symantec and EMC this month, software vendors are typically slow to respond with patches.

To be sure, the Symantec and EMC products in question are typically used by enterprises too large to be clients of rank-and-file CPAs. But the matter is noteworthy to all practitioners because data storage is becoming a critical issue to businesses of all sizes, and it’s a growing concern for the data-intensive accounting profession itself.

As accounting profession consultant and publisher Rick Telberg noted in a recent advisory on Hewlett-Packard’s Web site, data storage, or vaulting, is becoming as significant to businesses as vaulting money is to banks because most businesses are “extremely or entirely dependent on their computer-based information systems,”

SANS, in its report last year, said that unlike other technologies, data security is getting weaker, not stronger. “The bottom line is that security has been set back six years in the past 18 months,” Alan Paller, SANS research director, said in a Washington Post story about the report. While vendors used to “automatically” issue patches for product vulnerabilities, he lamented, “Now the attackers are targeting popular applications and the vendors of those applications do not do automated patching.”

That report noted among other things that the cyber-space monitoring unit of the Department of Homeland Security found that products for backing up data are drawing intense attention from online criminals. The report incidentally also found a security flaw in another Symantec storage product, Veritas Backup Exec. Symantec responded that its policy is to quickly develop remedies and issue client alerts when it learns of product vulnerability.
~JC

You may like these other stories...

OECD calls for coordinated fight against corporate tax avoidanceDavid Jolly of the New York Times reported that dozens of countries with the most advanced economies have agreed on principles for concrete action to prevent...
Plan ahead before you buy some shares in a stock mutual fund near yearend, when the fund is about to pay a dividend. It might be better to wait until after the fund goes "ex-dividend," that is, wait until after the...
AgFeed agrees to pay $18 million to settle SEC accounting fraud caseMichael Rapoport of the Wall Street Journal reported on Monday that AgFeed Industries Inc. has agreed to pay $18 million to settle US Securities and...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.