Historically, enterprises within the private sector have only really thought about erasing data when infrastructure is being decommissioned. Servers which have reached the end of their useful life are retired, and the information stored on their hard drives is securely wiped prior to the kit leaving the data center. This makes sense; you don’t want old kit appearing on eBay or found in Agbogbloshie with a copy of your HR database still intact.
Over the last decade, there has been a veritable avalanche of global legislation that makes securely disposing of this data more important than ever. Many of these laws have penalties for noncompliance, ranging in severity; so, all organizations are now expected to ensure tight oversight of their data throughout its lifecycle—not only when the data is retired.
Here are some of the many scenarios in which data sanitization should be undertaken and why.
1. Customer Demand
The EU’s General Data Protection Regulation (GDPR), which goes live in May 2018, has a fundamental tenant for the individual’s ‘Right to be Forgotten.’ This allows EU citizens to request removal of their data from company system(s) at any time. As a high-level requirement, seems easy enough to achieve; however, only if you’re thinking about structured data (data within a database). That’s not enough. You must also consider any artifacts that reside in unstructured data (emails and attachments, spreadsheets, word documents etc.) When you consider that these must also be removed, the task doesn’t sound so achievable—especially when the secure data removal must be verified and certified to achieve data sanitization.
2. Employee Onboarding & Departures
While your company may be very diligent about controlling and recording its physical assets when employees join or leave the organization, you must also consider the risks to data from both physical and logical access. This access may still be achievable through devices that have not been securely erased prior to a rebuild and re-issue. An organization’s policies should mandate secure erasure to provide necessary protection from data breaches that can occur at transition points in your hardware’s chain of custody and use.
3. Tech Refresh and Asset Decommissioning
All old IT equipment presents a potential data breach risk if it’s storage is not securely wiped prior to reuse, resale or disposal. Corporate policies should mandate data erasure as part of the project lifecycle with evidence of completion to fully address the risk.
4. Cloud Exit
With more enterprises adopting cloud processing and storage for critical applications, it’s imperative that your cloud provider has a data sanitization plan when you wish to exit its services.
Does your cloud service provider proactively sanitize your data, or does it just reallocate its storage and wait for the data to be overwritten?
5. Data Migration
Regardless of whether your data is residing within your own data center, a 3rd party data center or the Cloud, when data is moved from one location to another, from an old server to a new one, or virtual machine to another – the original data location must be erased.
If your data was originally located within an environment under your control, there is a common attitude that this does not present a risk. Many businesses believe this data can be left until the asset is reused, at which point it would eventually be overwritten. However, taking this approach presents an issue, as this data would effectively become ‘dark data’ and would still be subject to the GDPR’s right to be forgotten.
6. Disaster Recovery Exercises
Many organizations use 3rd party facilities for their disaster recovery plans. While this is an excellent choice for many reasons, cost being the primary driver, it also brings potential complications with data once the DR exercise has completed. In fact, it is highly likely that the recovery disks used are immediately tagged as available for reuse. This means that for a certain period of time, the data used during the recovery process is out of the owner’s control and, therefore, vulnerable. The simple step of sanitizing all the disks after use mitigates any such risk and should be the default action regardless of where the DR testing is performed.
7. Data End-of-Life
Data should never be retained indefinitely. This isn’t only good practice to reduce the data storage burden, but also to reduce corporate risk—provided the data is securely erased. Company policies should outline retention timeframes to meet business and regulatory requirements; they should also mandate the destruction of the data once it reaches the end of its useful life. The data that is no longer needed should be securely erased from any storage device, virtual machine and files or folders using automated routines.
Corporate policies should also consider what happens to media if it becomes faulty. While it may be possible to have a selective policy/process based on the known contents of a drive, it is a much better risk position to take to ensure that no faulty device is removed from your data center without either being securely erased. Or if secure deletion is not possible due to the particular fault, physically destroyed.