Current data sanitisation processes are “archaic, inefficient and desperately in need of automation”
“A man has looked at the box of cables he’s had for more than fifteen years and decided to hang on to them”, began a recent story on satirical website Newsthump.
“The cables, which have lived under his desk since he put them there in 2002, might come in handy someday…”
If a recent survey by Blancco Technology Group is any guide, satire is also alive and well in the data centre, where piles of redundant drives and servers gather dust. Not, however, because they are likely to come in handy someday, but because security-conscious and time-poor users are disinclined to dispose of them.
The US-based company, which specialises in data erasure, surveyed 600 data centre experts from APAC, Europe and North America earlier this year.
It found that two in five organizations that store their data in-house spend more than $100,000 (£76,000) storing hardware that could pose a security or compliance risk.
Strikingly, more 54 percent have been fined at least once or twice by regulators or governing bodies for noncompliance with international data protection laws.
(In the US, fines of up to $1.5 million can be issued for HIPAA violations due to storing data past its retention date, with that number multiplied by the number of years each violation has been allowed to persist.)
Fredrik Forslund, VP, Enterprise and Cloud Erasure Solutions at Blancco said: “This points to a huge lack of education within the sector about what to do with hardware that is faulty or has reached end-of-life. Organizations are letting this hardware pile up in fear of data leakage, resulting in loss of efficiency, increasing capital costs, possible noncompliance and potential security risks.”
British Data Center Hoarders: Secure Hardware Disposal a Concern.
For the UK, 74 percent of organisations admitted that at least 26 percent of all return material authorisation (RMA) drives stored onsite were only there because they aren’t willing to return them to the manufacturer.
A quarter also confessed more than half (51 percent) of their RMA drives sit uselessly idle in their data centres for the same reason.
Why so? A striking 73 percent of UK respondents cited the burden of the job, blaming “manual/time-consuming processes”.
Perhaps, more importantly, 49 percent noted external security/privacy concerns, the highest percentage points from all the countries surveyed.
While some countries had their own priorities, the U.K. was most worried about GDPR, (43 percent), followed closely by increasing automation across the data center (41 percent).
Forslund added: “It’s not surprising that more than half of all respondents rated the RMA return process as ‘quite’ or ‘extremely’ difficult.”
“Current processes being followed are archaic, inefficient and desperately in need of automation. In some cases, organizations feel compelled to waste more resource wiping each drive individually,”
He concluded: “Organisations are sitting on IT assets that are having an extremely damaging impact on their business – even if most organizations consider themselves to be mitigating risk by holding on to them.”
His company provides data sanitisation services from end-of-life drives and servers, to active files, virtual machines and logical storage area networks, with software-based data erasure that lets hundreds of drives be erased simultaneously and managed remotely from via a console. It also provides on-site erasure.