Key considerations for data storage
Data at end-of-life is a massive challenge for most companies, especially with uncontrolled data growth that has resulted in new corporate policies for data storage and retention. This is largely as a result of new global legislations and regulations such as GDPR and PoPIA.
It is often assumed that once data has been marked for disposal, it no longer requires much attention. However, it is essential for data security and the protection of personal, proprietary and confidential information that data is permanently destroyed, deleted or erased from devices.
Xperien CEO Wale Arewa says there are heaps of hard drives and Solid-State Drives lying around storage rooms and data centres and most of these drives contain sensitive data which needs to be protected or permanently removed – or it could be put the company at risk.
“Whether businesses plan to physically destroy these drives in-house or through professional IT Asset Disposal (ITAD) provider, it needs to be done rather sooner than later. This is also not the only option for securely removing data from electronics, secure data erasure is often a better option – one that can help one achieve data sanitisation and comply with data protection regulations,” he explains.
Physically shredding SSDs can be a challenge due to shred size. Typically, a shred width of 10mm or smaller is needed to break through the small memory chips and securely remove the data. Most industrial shredders can only shred into 20mm particles – leaving lots of information behind.
Physical destruction can also be harmful to the environment considering the shredded assets that are left behind. Why not reuse your assets and save the planet in the process, you’ll also save money you otherwise would have spent on purchasing new storage devices.
Eliminate risk with data erasure, it is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitisation.
Arewa says data erasure can be done on-site or remotely and offers better control than other forms of data sanitisation. “The process can also be automated to save time. Data erasure is always the best method to achieve data sanitisation, largely due to the validation process that ensures the data was successfully overwritten and the auditable reporting is readily available.”
Data erasure also supports environmental initiatives, while allowing organisations to retain the resale value of their storage devices. Blancco Drive Eraser is a form of secure data erasure for solid state drives and hard disk drives that allows organisations to securely erase sensitive data in order to safely resell, re-purpose or dispose of these drives.
“There’s a lot to consider when selecting the right data erasure solution for your business. Like for example the types of data and IT assets that one would like to erase at end-of-life or in active environments. And how does the solution affect your organisation’s internal security policies and compliance requirements from external governing bodies,” he says.
With data erasure, businesses can achieve error-free, certified erasure reporting with a 100% verifiable audit trail. They can also save money by securing erasing and reusing drives instead of physically destroying them.
Companies can save on physical destruction costs with more affordable data erasure software, they can securely erase multiple drives simultaneously, saving time for other business-critical initiatives.
With data erasure, it is easier to stay compliant with regulations such as the General Data Protection Regulation’s (GDPR) that is already in force and the Protection of Personal Information Act (POPIA) that is due to commence shortly.
“Lessons could be learnt through GDPR compliance that can later be applied to POPI compliance. It might make sense to have one compliance project that covers all bases, POPI and the GDPR alike,” he concludes.