Chain of Custody

Tuesday, December 13, 2016

Chain of custody (CoC), refers to the act, manner, handling, supervision and/or control of media or information (usually, but not always, tape). The ultimate goal of successful chain of custody is to preserve the integrity of the resource (tape, video etc.) while providing a detailed audit log of who has touched it, when and where. Chain of Custody is usually offered by remote vaulting providers like Iron Mountain and requires implementation of several best practices described below:

Tracking: Media should be tracked by unique bar codes and reports should be generated detailing the current location of the media. If the media is stored across cloud providers, a best practice is to report on a regular cadence on what media reside on which clouds.

Security/Encryption: The off-site location and the process used to access the media should be analyzed for security practices. Media should be placed in locked containers before leaving the data center and subsequent tracking done at the tape container level. For cloud-based vaulting, similar measures need to be in place. End to end encryption is a must and data must not be left unencrypted at any time.

En-Route Security / In-Flight: Whether it’s you or the physical media recipient who handles the arrangement, make sure the transportation is sufficiently secure. This includes bonding and background checks on the drivers and other personnel, using reasonably secure vehicles and making sure that the media will be carefully tracked through the entire transportation process. Ideally, the tapes will be locked in secure containers and the keys will be held securely at the other end of the trip. Just like security policies need to be in place while media is being vaulted from the data center to remote location, encryption of data before it leaves the premises and revalidation of the data needs to happen once data is vaulted in the cloud.

Verification: On a regular cadence, rotating media need to be rotated and verified to ensure they can be read. With physical tapes, it is impossible to verify all the tapes that are vaulted on a regular cadence. The agility and elasticity of the cloud provides an advantage allowing customers the option to verify all their tapes.

Movement of Media: Tracking should be performed by scanning bar codes every time the media container is moved, including at data centers and at off-site locations. Media containers should be signed for and never left exposed for someone to take. For cloud based vaulting, similar measures need to be in place. Media needs to be tracked as they are moved between tiers of cloud or between cloud providers.

WORM: Option should be available make data immutable. One should be able to read the data but not accidentally erase or overwrite it. Physical tapes have a tab which is broken to make the tape read-only.

Guard against Malicious Intent: Safety rails need to be in place for protecting against malicious intent. Detailed logs should be available of where and when things happened and under whose control.

Audit Logs: Detailed audit logs need to be provided tracking every step of chain of custody irrespective of where the media is vaulted at a remote site or on the cloud.

End of Life & Shredding: Once the media has reached obsolescence or can no longer be relied upon for its integrity, the media must be appropriately destroyed. The destruction of magnetic media is usually accomplished by applying some destruction process to the cartridge, either scrambling the data on the tape or destroying the tape altogether, rendering it useless. For cloud-based solutions, all copies of data need to be shredded.

CloudLanes is the leading provider of digitally archived media in the cloud with ‘Chain of Custody’ and enables implementation of several best practices described above.

-Vijay Ramaswamy @ Team at CloudLanes