Jump to Article Content:
Data management is a cornerstone of any business. Sensitive data that is not protected becomes open to being exploited by outside forces. And this could cripple any business.
Governments and public sectors that hold the immense responsibility of dealing with people’s private information are at risk of suffering a data breach if they fail to manage their data appropriately.
Data protection legislation exist to direct all businesses on how data ought to be managed and protected, even with end-of-life equipment.
Regulations on Data Security Compliance
71 percent of countries globally have adopted data protection legislation. This is largely due to the rising recognition that data protection is essential. These laws exist to direct all businesses on how data ought to be managed and protected, even with end-of-life equipment.
In a recent study carried out by Blancco, researchers spoke to 596 public sector workers across nine countries. The results showed that the majority knew of the data protection laws and sanitisation guidelines by which they are governed.
However, there is a distinct ignorance surrounding the specific requirements of data protection methods and processes. People may unknowingly handle classified information poorly as they are not aware of the more secure sanitisation options available.
Destroying Classified Data on a Drive
There is a lack of awareness surrounding the more sustainable and cost-saving ways of data protection. Both public and private sector organisations store data on hard disk drives (HDDs) or solid-state drives (SSDs). Many of these organisations often choose physical destruction as a means of safeguarding data.
Studies have shown that internal government policies often call for end-of-life assets to be physically destroyed to render sensitive data unrecoverable, as opposed to wiping and reusing the hard drives.
Software-based data erasure methods of sanitising assets is both financially and environmentally beneficial when compared to physical destruction of a device. In view of how many organisations are now making positive strides towards becoming sustainable, it is important to keep abreast of these non-destructive alternatives.
Physical Destruction And Replacement of Assets - How Much Does it Cost?
Millions of dollars is spent each year on the physical destruction of IT equipment. At least twice that amount is spent on purchasing new equipment to replace the old ones. This disallows the equipment from being reused or resold. This consequently brings a further loss to an organisation.
The Blancco survey carried out with 36 government employees of Singapore revealed that the average yearly cost of SSD destruction is between US $0.7M to $0.9M. The cost of purchasing new SSDs come up to US $1.8M. This brings the total cost of destroying and replacing the equipment to anywhere between $2.5M to $2.7M.
Many of these equipment are still in working condition and can be refurbished for further use. To reduce material costs and the environmental impact associated with asset destruction, organisations must start exploring sustainable alternatives to destroying data.
To reduce material costs and the environmental impact associated with asset destruction, organisations must start exploring sustainable alternatives to destroying data.
Secure & Sustainable Data Destruction
With global electronic waste (e-waste) being termed the “world’s fastest-growing domestic waste stream,” it comes as no surprise that 93% of the Blancco participants had defined plans to minimise the environmental impact left behind by the physical destruction of assets.
Singapore, at 7%, had one of the lowest percentages of participants in the implementation stage. 69% had a plan in place that was not implemented. Singapore also had the highest percentage with no plans to shift to a sustainable system.
More than half of Singaporeans were unaware that sanitising and reusing SSDs was better for the environment than physical destruction. Although there is some awareness regarding the correlation between data management practices and their effects on the environment, there is still a need to expand this understanding.
Where SSDs are concerned, physical destruction is typically considered an unsuitable way to destroy classified data.
Destructive Data Sanitisation is Not the Only Option
Too many misguidedly believe that physical destruction is the most secure way of rendering data irrecoverable. In Singapore alone, 53 percent of the participants consider physical destruction the most secure way of achieving data sanitisation.
The Blancco survey further revealed that physical destruction is often used as it is mandatory for classified data under internal policies. 8 percent were of the belief that asset destruction is the cheapest option. 22 percent were unaware of other sanitisation options.
Perhaps the most surprising discovery of all - some believed that physical destruction is better for the environment. 35 percent were not aware that there are certified vendors to provide holistic solutions for secure data destruction. This was most prevalent in Singapore.
Secure data destruction entails permanently ridding IT equipment of all classified data contained within. Where SSDs are concerned, physical destruction is typically considered an unsuitable way to destroy data. It is difficult to shred these chips into small enough pieces to render them ‘securely’ destroyed. The possibility of sensitive data being left behind is high.
Using free or paid software tools to overwrite data, without certification or physical destruction, and with no audit trail, is unsafe.
Proper Use of Data Sanitisation Methods
Organisations must understand that proper application of sanitisation methods, be it physical destruction, encryption or data erasure, is needed to obtain secure data destruction.
Encryption
Encryption is one method that is effective when properly applied from start to finish. However, decryption technology continues to grow stronger and more sophisticated with time. It is imperative that the encryption be sophisticated enough to guarantee longer shelf life. Users must therefore be diligent in executing encryption processes.
Data Erasure
Data erasure is the software-based system of securely erasing data. This involves overwriting stored data as many times as needed to make it unreadable. Where data erasure is concerned, it is critical to use accepted industry standards. A certified vendor would ensure that data is securely overwritten, following which a certificate and an auditable report will be made available.
The Verification Process
Using free or paid software tools to overwrite data, without certification or physical destruction, and with no audit trail, is unsafe. The verification process is particularly important if the drive is to be reused or resold.
Half of the Blancco study participants admitted to not sanitising their SSDs before destroying them. Even where physical destruction is concerned, extreme care and diligence should be exercised.
Reformatting Does Not Sanitise a Device
Another concerning find from the study - 78 percent revealed that they reformat their drives to sanitise them. It is possible that this could mean a combination of methods with physical destruction. Reformatting on its own does not erase classified data from a drive. These data can very easily be recovered using forensic tools online.
Non-Destructive Sanitisation is Best to Ensure Data Security
Data sanitisation technology today allows for sustainable and cost-saving alternatives to physical destruction. Policies are in need of reform to accommodate these advancements. People need to be better informed of these alternative options, as it has become more than apparent that not enough is known.
Physical destruction fosters an increased production of e-waste and creates unnecessary costs. Extending the lifecycle of IT assets serves to benefit both the organisation and the environment.
Organisations will be able to move towards a circular economy, the paradigm for economic sustainability, by adopting non-destructive sanitisation techniques. And at the same time, reduce the cost of data management in the organisation.
We Have Your Back
Our secure IT asset disposal services provides the dependable solution you need for your e-waste and end-of-life asset needs. Our team applies safe and sustainable steps that are regulatory-compliant at every stage of the process.
From the point of collection, auditing, shredding and/or wiping to remarketing and/or donating your IT assets, you can be sure with our end-to-end services that we take your security seriously.
We have coverage against the loss of or damage to your goods during transportation. This includes marine cargo shipment from the ports to the warehouses
Our professional team of asset removers ensure your devices are packed safely into our vehicles which are also equipped with GPS-tracking systems. We have armed our warehouses with fingerprint-only access complete with security alarms and 24/7 CCTVs in place
Our reach spans across the globe through our networks of partners and vendors. Wherever your business is based, you can leverage our worldwide network and we would be happy to assist you throughout your ITAD journey
SPW is Asia's go-to solutions provider for data destruction, data erasure, IT asset remarketing, and environmentally-responsible IT asset disposals. Contact us and learn how you can incorporate an ITAD strategy into your business today.
