CTC Cloud Service Data Erasure | Blancco Case Study

Employee records, customer information and intellectual property are just a few examples of the types of sensitive data being stored in both data center and cloud environments. Whilst IT professionals are aware of the security dangers with storing such large amounts of data, there is little understanding of the most secure ways of erasing files. A common misconception is that performing typical file-deletion commands, such as factory resets and quick formats, can wipe data. The truth is that these methods only remove the pointers to the disk sectors where data resides and so “deleted” data can still be recovered with common software tools. Ineffective erasure methods leave organizations vulnerable to the huge reputational and financial implications of falling victim to a data breach.

CTC is the second largest corporation in Japan, that trades internationally in a wide range of goods and services. Based on its long-standing track record of building and managing a private cloud in the enterprise field, CTC has standardized various services so that user companies can now outsource anything from infrastructure building to opera on just by selecting the necessary menu. Part of this service is Cloudage ElasticCUVIC, a monthly outsourcing service that offers everything from IT infrastructure environment building to systems operation and management.

Highlights

  • In 2016, the average annual cyber security incident loss per company worldwide was $9.5 million.*
  • 57% of IT professionals in data centers made undocumented changes**
  • 39% of undocumented changes were root cause of some security breach or other**

* https://www.hpe.com/h20195/V2/getpdf.aspx/4AA6-7930ENW.pdf
** 2014 State of IT Changes Study

Challenge

The Cloudage ElasticCUVIC service, which forms part of CTC, is used by companies across a wide range of different sectors. Many of their users need a system with extremely high security management as it will be used to handle personal information or perform financial processing. There are also a lot of customers who have security concerns about using the cloud due to the reported associated security risks. In order to meet the expectations and address the concerns of their customers, CTC needed a solution that could enhance server and network security for its Cloudage ElasticCUVIC service by completely erasing customer data as well as issue proof of erasure once a contract had been cancelled.

Solution

For CTC, data protection through physical destruction was never an option, as equipment is sometimes shared by multiple tenants. It was also vital to be able to wipe data without having to interrupt systems. As the smallest unit of data that Cloudage ElasticCUVIC provides to customers is a LUN, they needed compatible data erasure software. This is where Blancco LUN Eraser checked all of the boxes, providing secure erasure to end customers across all types of active hosting environments. The solution also allows CTC to perform simultaneous erasure and shredding of multiple units, in active storage environments, which can be connected to both physical and virtual machines. What is more, they can now create detailed, 100% certified reporting on all erasures.

Results

Increased trust among end users. 100% certified tamper-proof audit trail. Mitigated risk of high-value data leaks.

“If you just wanted to delete data, you could always use free software. However, in order to reassure customers, we needed to delete data and issue certificates in a way that met internationally recognized standards.”

Hiroyuki Kambara, Section Chief of IT Infrastructure Service Planning and Development, ITOCHU Techno-Solutions Corporation

About Blancco

As the de facto standard in data erasure, Blancco provides thousands of organizations with an absolute line of defense against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail. Our data erasure solutions have been tested, certified, approved and recommended by 18 governing bodies around the world. No other security firm can boast this level of compliance with the most rigorous requirements set by government agencies, legal authorities and independent testing laboratories.