Ultimate Data Storage - Microfiche?  
Posted by Gunter Ollmann on September 12, 2007 at 9:22 AM EDT.

Over the last few years “security” has increasingly been associated with the term “privacy”.  It wasn’t always the case though.  At the turn of the millennium the first thing that would have jumped in to an IT managers mind if you mentioned the word “security” would probably have been something to do with Website defacements.  Half a decade before that, the word association upon mentioning “security” probably would have been “password” or even “encryption” (depending upon which side of the IT world they had evolved from).  The point being that not only does security mean different things to different people, but it also means different things at different times.
Not too long ago, (unless you’ve already condemned your memory of floppy disks and magnetic tapes to an inconvenient ancient history) “security” would have been strongly associated with data storage (i.e. how do I keep my important company records secure for years?).  A lot of IT security discussions at the time typically revolved around who had the keys to the safe containing the data tape backups along with evaluations of just how secure the offsite transport and storage company was.

Data Recovery
Anyhow this got me thinking about the topic of secure data storage.  Or, in particular, given all those tape backups that were made in the last 10 years, how easily could you restore the data upon them?
Taking in to account how rapidly the data backup market has changed – the iterative releases of new software, this company buying that one, all the different tape formats and capacity changes, and changing strategies for data encryption – how do companies manage?
As you’d expect, different companies have adopted different strategies ranging from keeping a veritable Noah’s Ark of pairs of old tape readers and original backup software installations, through to reducing the data retention policies to such a level that the technology changes become a mute point as “legacy” data backups are simply thrown away by the time the backup technology has changed.

Data Retention
That said, what do you do if you have to keep all the electronic data you’re generating today and still be assured access it in a decade’s time?  What about 20 years?  How about 100 years?
While Search companies are now talking about adopting retention policies for personal data of only 18 months, most companies are required to keep certain types of data for quite a bit longer.
However, for some industries the requirement to keep today’s data for decades is fundamental to their business.  Most notably the Insurance industry – they often have to keep policy and claim records for the lifetime of the policy holder (and a little bit beyond that), so it’s not uncommon for them to have to refer to data that’s 100 years old.
I guess you’re probably thinking that that’s not too much of a problem.  They probably have vaults with all the original paperwork and all they have to do is go down there and dig it out when needed.  But what about their new customer’s creating policies today?  Are they similarly adding new isles of document storage to overflowing basements, or have they embraced the digital age?
Since we’ve already observed the problems with evolutionary developments in data formats and backup media, what storage medium do you think these organizations have adopted to see them through the next hundred years?

Cutting-edge Storage
If you’re thinking that the insurance have adopted some super-secret cutting-edge indestructible next generation HD-DVD storage medium, think again.
The solution is Microfiche.  Yes, you read it right, those acetate pages with microscopic writing that can only be read with a big magnifying glass and a strong light – the same things you used to have to use at the library to look up book information, etc.
Instead of trying to store the electronic data in proprietary document formats that change every two-three years, or copy data onto the latest digital media, they’ve opted to print copies of all their documents directly on to microfiche film (in fact some organizations have been doing this for decades now).
I remember being rather surprised at the time but, you know what, it sounds like a pretty good long-term storage medium with a well proven document recovery processes.

I wonder how many of the big data breaches we’ve observed so far this year would have been foiled (no pun intended) if those organizations had migrated their old data on to slithers of plastic microfiche sheet instead?
Getting back on topic though – “security”.
As threats continue to evolve, we can expect to see the everyday word association for “security” to likewise change.  If I had to hedge my bets, I’d guess that the most common name association in a couple of years time would probably be either “identity” or “leakage” – governed to a large extent by how future threats evolve within the mobile handset and RFID fields, and how personal these attacks eventually become.
Moving beyond a couple of years… no idea… (but plenty of guesses).

    Copyright 2001-2007 © Gunter Ollmann