Opinion Piece: Metadata - playing a vital role in backup and recovery
Metadata is data about data. It tells us who authored a document, when, what the document contains and where the file ‘fits’ in relation to other data. Metadata is important because it is a key enabler of data storage, retrieval and/or restoration – a vital requirement for any business in this era of exponential data growth. However, could metadata also be a security risk, giving hosted and outsourced storage providers inappropriate access to sensitive data?
Metadata is generated automatically by the applications used to create documents and files. These applications use standard protocols and data policies to generate basic information about the data. The created data files are then stored within the data structure of an organisation, and structural metadata is created. Whether the data is stored in-house, offsite or in the cloud, metadata is what allows stored data to be classified and identified. It’s a unique set of data that indicates where the data comes from and where it must go, and how it should be ordered, labelled and sorted. It also facilitates backup and restoration of files. Clearly it’s vital information to have to successfully manage data. The question asked repeatedly, however, is whether this information – on its own – poses a security risk.
The short answer is ‘no’. Just because the metadata can be read does not mean that the underlying data is available for reading. Any simple encryption tool should protect the underlying data. Furthermore, when data is backed up, it should be done over a secure connection with the data itself being encrypted and compressed before being stored on appliances or in a database. The metadata is used by the backend system to catalogue the backup, identifying and classifying the information being backed up. Like the ISBN number of a book which may tell us about the book but it does not expose the contents of the book, metadata acts as a list of contents (file and directory names, file sizes and file types) for the storage solution or service provider – it is not the actual data itself.
There are also many layers of security around backed up company data. It is usually stored within an environment accessible only to the customer organisation.Metadata may be requested by a client organisation user, but is usually only made available once the user has been authenticated and the connection (usually a Secure Socket Layer or SSL connection) is verified to be from a legitimate user. SSL provides protection against masquerading and eavesdropping. If data packets are sent to the user, they are likely to be encrypted, with SSL ensuring that no data modification occurs.
So is metadata a security risk? Metadata is useful. It is important and it needs to be safeguarded. However, it is merely an identifier. The right authorisation and security clearance is needed to access the data itself. While general users are unlikely to ever have to deal with metadata outside of a search for documents, it is beneficial to be aware of how important this data can be for backup and retrieval of files.
Four people, including a woman, escaped unhurt after...
On Sunday, the whole of South Africa cheered...
Having initially focused on the budget motoring section...
I have spent four days recently at the International Boys' School Coalition Conference in Cape Town...
DebtSafe advises consumers to save on monthly expenses. The company, specialising in Debt Review, recently released its results of a survey about spending and saving habits of consumers in South Africa.
Male sexual enhancement pills are considered to be one of the most counterfeited drugs in the world and according to the latest statistics, South Africans are among the biggest consumers of black market aphrodisiacs.
The hospitality industry has often suffered criticism for being slow on the technology uptake...
Democratic Alliance (DA) Shadow Minister of Environmental Affairs, Thomas Hadebe, has said that party will launch an investigation with the Green Scorpions into the flowing of raw sewage water into the Swartkops River, which has amounted to “192 mega litres” since a pipe burst 15 weeks ago.
An application by various media houses to have Parliament show uninterrupted proceedings of events taking place in the Chamber, has been rejected by the Western Cape High Court.
- Police intercept drugs worth R1.5 million destined for Eastern Cape, two men and woman arrested
- Three men expected in court for Uitenhage house robbery
- Police investigating after PE doctor robbed at gunpoint at his surgery
- SOPA 2017: Premier Masualle must put province on path to prosperity - DA
- 21-year-old woman fatally stabs 40-year-old brother alleging he raped her since age 7