Incorrect beliefs about data sanitization will keep you from completely removing PII, proprietary information and confidential files at end-of-life.
In “Which Common Data Sanitization Myths Do You Believe? Part I of II,” we covered data destruction myths that often form fundamental parts of enterprise data protection strategies when data or storage devices reach end-of-life. These include misplaced confidence in formatting, shredding, degaussing, Crypto Erase and other methods as complete data sanitization techniques.
Below, we cover five more widely believed data sanitization myths that may tempt you to use inadequate data protection methods at data end-of-life.
5 (More) Common Data Sanitization Myths
The following beliefs influence how enterprises approach their data sanitization policies, often leading to sensitive data being retained past its mandated life, either in storage or live environments:
- Myth 6 – Advanced SSDs Pose Security Issues
- Myth 7 – T2 Macs are “Erasure Proof”
- Myth 8 – Data Sanitization is Only for Physical Drives
- Myth 9 – Sanitizing Servers Means Lengthy Downtime
- Myth 10 – Data Erasure is Costly
Myth 6 – Advanced SSDs Pose Security Issues
NVMe drives are known for their better hardware interface, shorter hardware data path, simplified data stack and amazing speed. These and other SSDs can cause security issues when it comes time for data erasure or destruction, leaving many organizations to either hoard drives for fear of inadequate sanitization or apply inadequate methodologies, some of which we discussed in Which Common Data Sanitization Myths Do You Believe? Part I of II.
Secure sanitization is possible, though: Secure SSD erasure overcomes manufacturers’ BIOS freeze locks, overwrites the data as many times as required, erases the data all the way down into the over-provisioned cells and provides verification that complete sanitization has occurred. The tricky part is knowing how to address different requirements and firmware specifications for each type of SSD from different manufacturers. To address the specific requirements of the wide range of SSDs that exist, read the white paper, How to Securely Erase Different SSDs: NVMe, PCIe and More.
Myth 7 – T2 Macs are “Erasure Proof”
Newer Mac notebooks, desktops and other devices use a proprietary T2 chip designed for increased security and performance enhancement. You may have heard that data erasure software won’t work on these Macs, unsure of how to sanitize your outgoing devices without physically destroying them.
The truth is that these Macs do have unique requirements. Devices with the Mac T2 chip operate in full security mode by default, allowing only the current OS or signed OS software trusted by Apple to run. In most cases, this will preclude using third-party erasure software. However, there’s a solution, and it allows you to fully release your T2 Macs to their next destination without fear of data being recovered.
Read “Need to Erase Mac T2 Devices? Blancco Has You Covered” to learn more.
Myth 8 – Data Sanitization is Only for Physical Drives
Old, redundant or otherwise decommissioned hard disk drives (HDDs) and solid-state drives (SSDs) across a variety of hardware should certainly be sanitized before they leave your organization. But adding complete, secure data sanitization of individual files and folders into your active environment helps you comply with data erasure needs across the entire data lifecycle.
Automating the process mitigates the potential of end users holding onto local copies of customer information or proprietary business files. Regularly scheduling data erasure in live environments also keeps your organization from hoarding data that could render you liable in case of a data breach. Through integration and automation, cleansing redundant, old or trivial data from your local and cloud systems lessens your attack surface and reduces the amount of harm you could face if breached.
You can read more about harnessing data erasure in live environments here: Managing the Data Lifecycle of Your Organization’s Assets.
Myth 9 – Sanitizing Servers Means Lengthy Downtime
Erasing data on tens, hundreds or even thousands of servers to top standards like DoD or NIST goes more quickly than you may think. That’s whether you’re erasing in live environments or decommissioning several servers at once.
Not only do secure data erasure solutions minimize downtime, but policy-driven automation and onsite hardware solutions reduce the amount of staff time and resources needed to remove files from across your system. Particularly for organizations that rely on highly manual processes, secure data erasure can expedite data sanitization several times over.
Need proof? Read our case study to learn how a top technology company erased 4,000 servers simultaneously.
Myth 10 – Data Erasure is Costly
The 2019 False Sense of Security research study mentioned at the beginning of Part I revealed that one-third of the world’s largest enterprises use inadequate data removal methods to prevent data breaches at end-of-life. One-third.
From using incorrect (and wholly inadequate) data removal methods, trusting physical destruction to be bulletproof, or storing retired—but data-laden—devices in a locked room for protection has the potential to cost untold millions in fines, loss of reputation and market share and more should data be exposed. Several organizations have felt the financial sting of redundant or long-past-retention-requirements data being accessed. So, while budget concerns may be the first objections raised by financial teams, the risk of not having adequate data sanitization measures in place far outweighs the cost of implementing a solution that completely removes end-of-life data beyond recovery.
Not only that, but many organizations lose money out of concern that they don’t have adequate data sanitization practices in place. They forego refunds on RMA drives, reduce their technology ROI though limited reuse and incur storage costs to guard old, inactive drives and devices they don’t want to physically release (Download our research study, The High Cost of Cluttered Data Centers, to learn how much some enterprises are losing).
When it comes to storing data storage devices onsite or storing abundant, but no longer used, data in the cloud, the following calculators can estimate your potential savings:
- Cloud Data Storage vs. Data Erasure ROI Calculator
- Data Erasure vs. Physical Destruction Calculator
- RMA Drive Savings: Data Erasure vs. Onsite Storage Calculator
Next Steps: Dismantle Your Data Sanitization Myths for Greater Data Security
The resources outlined in this two-part series will educate you and your teams on achieving effective, cost-efficient and secure sanitization for end-of-life data.
To see how data erasure works in practice, sign up for your free Enterprise Data Erasure trial. You’ll be able to see data sanitization at work in your environment and choose from more than 22 data erasure standards from around the world, including NIST Clear and Purge, DoD 5220.22-M, BSI-GS/GSE, HMG Infosec Standard 5 and others.