CA Faces Backup Flaw: Page 2 of 3

CA has several OEM partners for its ARCserve Backup product. The software, for example, is bundled with Iomega's REV SBS Data Protection offering, and has also been integrated with NEC's ExpressCluster solution. (See Iomega Creates Bundle and Iomega Ships With CA .)

Earlier this year, CA snapped up application availability specialist XOsoft for a reported $100 million in an attempt to boost its data protection story. (See CA Buys XOsoft.) The acquisition was partly driven by CA's desire to integrate XOsoft with ARCserve Backup for protecting and recovering critical applications (See Storage Shopping Spree.)

At least one analyst is urging CA to tackle the reported backup flaw as a matter of urgency. "It's something that CA should be addressing and issuing a patch for right away," says Mike Karp, senior analyst at Enterprise Management Associates, adding that the vulnerability represents yet another tape technology challenge.

"To me, it's a symptom of the fundamental problem of transferring data to tape," he told Byte & Switch. "The trail of custody on tapes is always bad," added Karp, highlighting the high-profile storage snafus at Time Warner and Iron Mountain. (See Tape Security Trips Up Users, A Tale of Lost Tapes, and Iron Mountain Keeps Truckin'.)

Until the flaw is fixed, CERT is urging users to focus attention on their firewalls in an attempt to tackle the ARCserve flaw. "Restricting access to port 6502/tcp at the network perimeter may mitigate the impact of this vulnerability," warns the agency in a note on its Web site. The scope of the vulnerability may also extend across different versions of ARCserve Backup, according to CERT.