Blancco Technology Group Study Finds 70 Percent of Organizations Rely on Encryption to Protect Valuable Data on Solid State Drives and 35 Percent Reformat Drives
Atlanta and London, January 31, 2017 – In recent years, a growing number of data breaches have resulted from the improper data removal and insecure storage of drives. To educate businesses on the importance of proper data management and security, Blancco Technology Group (AIM: BLTG) today released the findings of the Security Limitations of SSDs research study, which revealed that organizations face a myriad of internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from solid state drives (SSDs).
According to over 300 IT professionals surveyed in the United States, Canada, Mexico, United Kingdom, France, Germany, India, Japan and China, 62 percent of organizations believe encryption is sufficient to protect data from being accessed or breached. On top of this, 70 percent said they rely on encryption to prevent data loss/theft from SSDs and 35 percent reformat the drives. Moreover, when IT assets containing SSDs hit their end-of-life and are ready to be disposed of, recycled or resold, over half (56 percent) of organizations either send them to IT asset disposition vendors/recyclers to erase the data or outsource the task to an IT security consultant.
Key findings from the study include:
- SSDs contain a myriad of sensitive personal and business information. 47 percent of organizations store both personal information (from employees) and business data on SSDs
- Despite recent data breaches, loss/theft of drives and employees leaking data for personal gain rank low on the list of SSD security challenges. Loss or theft of hard drives (8 percent) and employees leaking data for monetary gains/personal benefits (5 percent) were at the bottom of SSD security challenges for organizations.
- Organizations prioritize efficiency and cost over data security when selecting IT asset disposition vendors/recyclers. 49 percent of organizations consider efficiency and cost to be the most important factors when selecting an IT asset disposition vendor. Yet, only 16 percent factor in the vendor’s ability to permanently remove all data and 13 percent prioritize certifications and recommendations from governing bodies and institutions into their decision-making process.
- Although confidence in SSD security practices is high, monitoring of ITAD vendors/recyclers is a low priority. Although 89 percent of the survey’s respondents are either ‘very confident’ or ‘confident’ that data cannot be accessed or breached after SSDs have been discarded, recycled or resold, 27 percent admitted they don’t have any formal process for monitoring how ITAD vendors/recyclers erase data from SSDs.
“Our study’s findings underscore the difficulty many organizations face with managing, storing and protecting data on SSDs and are symptomatic of a larger data security problem,” said Richard Stiennon, Chief Strategy Officer of Blancco Technology Group. “Many organizations and individuals place a great deal of their trust and reliance in encryption and reformatting to prevent data loss/theft from SSDs and minimize their exposure to a potential data breach. But there are certain data security challenges with encryption that are often overlooked when it comes to protecting data stored on SSDs. And we know from our own analysis of 200 used drives purchased from eBay and Craigslist that reformatting of SSDs could result in various types and amounts of personal and corporate information being left exposed and recovered. Organizations cannot afford to be lax in how they manage and erase SSDs – or they could find themselves hit by a data breach.”
One such example is the recent data breach that hit health insurer Centene. In January 2016, the health insurer lost six hard drives that were part of a data project using laboratory results to improve the health outcomes of members. The missing drives contained the health information for 950,000 beneficiaries and included individuals’ names, dates of birth, social security numbers and member ID numbers.
The purpose of the study is to understand the data security challenges and limitations organizations face with data storage and management of solid state drives (SSDs). Over 300 IT professionals in the United States, Canada, Mexico, United Kingdom, France, Germany, Indian, Japan and China completed the survey in December 2016.
About Blancco Technology Group
Blancco Technology Group (AIM: BLTG) is the de facto standard in data erasure and mobile device diagnostics. The Blancco Data Eraser solutions provide thousands of organizations with an absolute line of defense against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail. Our data erasure solutions have been tested, certified, approved and recommended by 18 governing bodies around the world. No other security firm can boast this level of compliance with the most rigorous requirements set by government agencies, legal authorities and independent testing laboratories.
The Blancco Mobile Diagnostics solutions enable mobile network operators, retailers and insurers to easily, quickly and accurately identify and resolve performance issues on their customers’ mobile devices. As a result, mobile service providers can spend less time dealing with technical issues and, in turn, reduce the quantity of NTF returns, save on operational costs and increase customer satisfaction.
For more information, visit our website at www.blancco.com.
SHIFT Communications for Blancco Technology Group (US)
David Heffernan, Account Manager
T: (617) 779-1839
SAY Communications for Blancco Technology Group (Europe)
Robert Hickling, Senior Account Manager
T: 44 (0) 20 8971 6427
The Hoffman Agency for Blancco Technology Group (APAC)
Miyuki Washino, Senior Consultant
T: 81 3 5159 5750
Blancco Technology Group
Ragini Bhalla, Senior Director of Global Communications