Data Sanitization Climbs “Slope of Enlightenment” on Gartner Hype Cycle

“Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications. They also show how they are potentially relevant to solving real business problems and exploiting new opportunities.”¹ Below, we share what recent Gartner Hype Cycles say about data sanitization.

Farah Mithani A tech-focused writer and editor, Farah covered topics related to cloud security, software, and hardware while working at a Fortune 500 company. She then joined Blancco as content marketing specialist. In that role, she authored data management, data erasure, and IT asset lifecycle content while supporting Blancco’s social media and email channels.

In addressing data sanitization in the Gartner Hype Cycle™ for Privacy, 2022,² and Hype Cycle for Endpoint Security, 2021,³ Gartner analysts have provided the following definition:

“[D]ata sanitization is the disciplined process of deliberately, permanently, and irreversibly removing or destroying data stored on a memory device to make it unrecoverable.”

They have also noted “growing concerns about data privacy and security, leakage, regulatory compliance, and the ever-expanding capacity of storage media and volume of edge computing and IoT devices are making robust data sanitization a core C-level requirement for all IT organizations.”

Let’s dive into their analysis, some background on the current technology landscape, as well as Blancco’s perspective.

Gartner Notes Data Sanitization Has Reached Mainstream Maturity

According to the IBM Cost of a Data Breach Report 2022, “the average cost of a data breach reached a record high in 2022, increasing by USD 0.11 million to USD 4.35 million in 2022, the highest it’s been in the history of the report.”

With the European Union’s General Data Protection Regulation (GDPR) in effect for more than four years now, “many organizations are struggling to maintain regulatory compliance while European regulators move toward more stricter enforcement actions.”

GDPR enforcement has continued to result in large (and highly publicized) breach-related fines.

All of this is causing organizations to look more closely than ever at their data management practices, including handling data at end of life.

Gartner has updated its evaluation of data sanitization in its Hype Cycle for Privacy, 2022 and Hype Cycle for Endpoint Security, 2021 reports.

We believe their analysis confirms what we’ve seen in the marketplace: Data sanitization is no longer viewed as a “nice-to-have” data management practice. It’s a necessity.

Data regulations have increased compliance requirements, particularly for deleting data when it’s no longer needed or when consumers request that their data be removed.

Hoarded data is also vulnerable to hacking, posing an unnecessary and potentially costly risk.

Government organizations and private enterprises are revisiting their data protection policies. They’re seeking ways to increase data security, follow data privacy regulations, and get rid of redundant, old, or trivial (ROT) data.

And they must do it in a secure, permanent, and verified way.

According to Gartner, “Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities.”¹

This evolution goes through five phases of a technology’s lifecycle: Innovation Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment, and Plateau of Productivity.

Currently, Gartner analysts place data sanitization well within the upward “Slope of Enlightenment” in two of its reports, the Hype Cycle for Privacy, 2022, and Hype Cycle for Endpoint Security, 2021 (Gartner subscription required). Gartner video on Hype Cycle describes this fourth phase as “when early adopters see initial benefits and others start to understand how to adapt the innovation to their organizations.”

Data Sanitization: “Climbing the Slope” of the Gartner Hype Cycles

Data sanitization starts with C-level buy-in

In each report, Rob Schafer, Gartner Senior Director Analyst, and Christopher Dixon, Gartner Sr. Principal Analyst, state, “growing concerns about data privacy and security, leakage, regulatory compliance, and the ever-expanding capacity of storage media and volume of edge computing and IoT devices are making robust data sanitization a core C-level requirement for all IT organizations.”

Why the C-suite must prioritize data sanitization

• Data Leakage, Reputational Damage, and Financial Risk. Recent data leaks and reports of misuse have occurred in tidal waves rather than slow drips. For the most infamous breaches, such as those at Uber, North Face, or Optus, brand damage has been an incalculable hit on top of financial costs.
• Regulatory Compliance and Expanded Tech Capabilities. GDPR triggered a focus on government’s role in data privacy oversight. 5G transmission speeds and smart devices continue to be heavily marketed to consumers. At the same time, data misuse (Facebook) and invasive data collection (e.g., Alexa, TikTok) have hit the headlines. Rapid delivery and widespread data gathering through Internet of Things devices mean unwanted data exposure can happen more quickly. All of this has resulted in more government regulation.
• Environmental Concerns. An increasingly important factor is a growing interest in protecting the environment. Organizations are becoming more motivated to reduce e-waste by reusing and recycling IT assets. Sometimes this is because of national or local requirements. Other times, there are financial or business incentives motivating organizations to launch corporate social responsibility (CSR) or environmental, social, and governance (ESG) initiatives.

But all business stakeholders should be involved

In this context, Gartner identifies data sanitization as having reached mainstream maturity and predict it to reach the Plateau of Productivity in 2-5 years.

Gartner advises “this requirement for comprehensive data sanitization should be applied to all devices with storage components (e.g., enterprise storage and servers, PCs, mobile devices, and increasingly, edge computing and some IoT devices). Lack of robust data sanitization competency is often due to handling asset life cycle stages as isolated events, with little coordination between business boundaries (such as finance, security, procurement and IT).”

The Hype Cycle for Endpoint Security, 2021, provides advice to “collaborate with data sanitization stakeholders (e.g., IT, security, privacy, compliance, legal, IT asset managers) to create appropriate data sanitization standards and processes that provide specific guidance on the end-to-end destruction process, based on data sensitivity for all data bearing devices.”

And include outside data destruction vendors, or ITADs

Such care doesn’t just apply internally, either. Gartner further advises, “as different media require different sanitizing methods, ensure your internal IT organization or external ITAD vendor provides a certificate of data destruction sanitized to your security standards (e.g., NIST 800-88r1).”

Our Summary of Gartner Analysis

The accelerated growth in data privacy regulations, along with widely reported data breaches, have raised concerns for consumers and organizations alike. Add in greater data dependence and demand for convenience, faster data transmissions, and more invasive collection technologies—and you have a recipe for data vulnerability on a scale never before seen.

With growing government, business, and consumer desires to mitigate unauthorized data exposure, we believe these two Gartner Hype Cycle reports confirm a growing adoption of data sanitization practices.

Protect Your Sensitive, End-of-Life Data with Data Sanitization

Want to learn more about how data sanitization can protect your data?

Download our white paper, “Enterprise Data Protection: What You Need to Know to Protect Corporate Data Throughout Its Lifecycle.” You’ll see how data erasure can fit into your data protection policies at every stage: creation, management, sharing and destruction.

Blancco Technology Group has been identified as a Sample Vendor in the Hype Cycle for Privacy, 2022², and Hype Cycle for Endpoint Security, 2021.³ Blancco was named in the Data Sanitization category.

Endnotes

1. Gartner Methodologies, Gartner Hype Cycle, https://www.gartner.com/en/information-technology/research/hype-cycle
2. Gartner Hype Cycle for Privacy, 2022, Bernard Woo, Bart Willemsen, 2 August 2022
3. Gartner Hype Cycle for Endpoint Security, 2021, Chis Silva, 11 August 2021
4. Cost of a Data Breach Report 2022, IBM, https://www.ibm.com/reports/data-breach

GARTNER and HYPE CYCLE are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This article was originally published September 2019 and was updated October 2022 to reflect updates in technology events and newly published Gartner Hype Cycle reports.

You may be interested in:

What is Common Criteria Certification, and Why Is It Important?

Understanding the financial risks of cybersecurity complacency

The New Jersey Privacy Act: What You Need to Know

The newly signed New Jersey Privacy Act impose new obligations on businesses when it comes to handling consumer data. Here is what you need to know to stay in compliance.

IBM® Launches Infrastructure Data Erasure—And These 5 Storage Network Benefits Come With It