Gartner Notes Data Sanitization Has Reached Early Mainstream Maturity
It’s been a whirlwind year for data protection:
The first half of 2019 brought a massive increase in data breaches worldwide, with some reporting a 54 percent increase at midyear from the year before. The European Union’s General Data Protection Regulation (GDPR), in effect for over a year now, set off a tidal wave of data protection legislation—and more questions about the role of government regulation. GDPR enforcement resulted in large (and highly publicized) breach-related fines. All of this is causing organizations to look more closely than ever at their data management practices.
Gartner—the world’s leading research and advisory company—has updated its evaluation of data sanitization in its Hype Cycle for Data Security, 2019, Hype Cycle for Privacy, 2019 and Hype Cycle for Endpoint Security, 2019 reports. We believe that their analysis confirms what we’ve seen in the marketplace: Data sanitization is no longer viewed as a “nice-to-have” data management practice. It’s a necessity.
Data regulations have increased compliance requirements, particularly for deleting data when it’s no longer needed or when consumers request that their data be removed. Hoarded data is also vulnerable to hacking, posing an unnecessary and potentially costly risk. Government organizations and private enterprises are revisiting their data protection policies. They’re seeking ways to increase data security, follow data privacy regulations and get rid of redundant, old or trivial data. And they must do it in a secure, permanent and verified way.
According to Gartner’s website, “Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Gartner Hype Cycle methodology gives you a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals.”4 This evolution goes through five phases of a technology’s lifecycle: Innovation Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment and Plateau of Productivity.
This year, Gartner analysts place data sanitization at the beginning of the upward “Slope of Enlightenment” in three of its reports, the Hype Cycle for Data Security, 2019, Hype Cycle for Privacy, 2019 and Hype Cycle for Endpoint Security, 2019 (Gartner subscription required).
Gartner defines the Slope of Enlightenment as a phase where “Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology’s applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process.”
Data Sanitization: “Climbing the Slope” of the Gartner Hype Cycles
Data sanitization starts with C-level buy-in
In each report, Rob Schafer, Gartner Senior Director Analyst, and Christopher Dixon, Gartner Sr. Principal Analyst, state “growing concerns about data privacy and security, leakage, regulatory compliance, and the ever-expanding capacity of storage media and volume of edge computing and IoT devices are making robust data sanitization a core C-level requirement for all IT organizations.”
Why should data sanitization interest the C-suite?
- Data Leakage, Reputational Damage and Financial Risk. Recent data leaks and reports of misuse have occurred in tidal waves rather than slow drips. For the most infamous breaches, such as those at Equifax, Capital One or British Airways, brand damage has been an incalculable hit on top of financial costs.
- Regulatory Compliance and Expanded Tech Capabilities. GDPR triggered a focus on government’s role in data privacy oversight. 5G transmission speeds and smart devices are being heavily marketed to consumers. At the same time, data misuse (Facebook) and invasive data collection (Alexa, and more recently, Siri) have hit the headlines. Rapid delivery and widespread data gathering through Internet of Things devices mean unwanted data exposure can happen more quickly. And that raises concerns about even greater government regulation.
- Environmental Concerns. A lesser, but still important factor is a growing interest in protecting the environment. Organizations are becoming more motivated to reduce e-waste by reusing and recycling IT assets. Sometimes this is because of local requirements. Other times, organizations voluntarily launch brand-supporting corporate social responsibility (CSR) initiatives.
But all business stakeholders should be involved
In this context, Gartner identifies Data Sanitization as having reached early mainstream maturity and predict it to reach the Plateau of Productivity in 2-5 years. Gartner advises “this requirement for comprehensive data sanitization should be applied to all devices with storage components (e.g., enterprise storage and servers, PCs, mobile devices, and increasingly, edge computing and some IoT devices). Where organizations lack this robust data sanitization competency, it is often due to handling the asset life cycle stages as isolated events, with little coordination between business boundaries (such as finance, security, procurement and IT).”
The report provides advice to “collaborate with data sanitization stakeholders (e.g., security, compliance, legal, IT) to create appropriate data sanitization standards that provide specific guidance on the end-to-end destruction process, based on data sensitivity.”
Including outside data destruction vendors
Such care doesn’t just apply internally, either. Gartner further advises, “ensure your ITAD vendor provides a certificate of data destruction with a serialized inventory of the data-bearing assets they sanitized. Include a clause within your ITAD contract giving you the right to audit the ITAD vendor’s data sanitization processes/standards to ensure their compliance with your security and industry standards (e.g., NIST 800-88). Regularly (e.g., annually) verify that your ITAD vendor consistently meets your data sanitization security specifications and standards.”
Our Summary of Gartner’s Analysis
The accelerated growth in data privacy regulations, along with widely reported data breaches, have raised concerns for consumers and organizations alike. Add in greater data dependence and demand for convenience, faster data transmissions and more invasive collection technologies—and you have a recipe for data vulnerability on a scale never before seen.
With growing government, business, and consumer desires to mitigate unauthorized data exposure, we believe these three Gartner Hype Cycle reports confirm a growing adoption of data sanitization practices.
Protect Your Sensitive, End-of-Life Data with Data Sanitization
Want to learn more about how data sanitization can protect your data?
Download our white paper, “Enterprise Data Protection: What You Need to Know to Protect Corporate Data Throughout Its Lifecycle.” You’ll see how data erasure can fit into your data protection policies at every stage: creation, management, sharing and destruction.
Blancco Technology Group has been identified as a Sample Vendor in the July 2019 Gartner Hype Cycle for Data Security, 2019,1 Hype Cycle for Privacy, 20192 and Hype Cycle for Endpoint Security, 2019.3 Blancco was named in the Data Sanitization category.
- Gartner Hype Cycle for Data Security, 2019, Brian Lowans, 30 July 2019
- Gartner Hype Cycle for Privacy, 2019, Bart Willemsen, 11 July 2019
- Gartner Hype Cycle for Endpoint Security, 2019, Dionisio Zumerle, John Girard, 31 July 2019
- Gartner Methodologies, Gartner Hype Cycle, https://www.gartner.com/en/information-technology/research/hype-cycle
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.