Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » Data Centers: Include Data Erasure in Your Disaster Recovery Plans
Data copies used for disaster recovery operations—whether for testing or in an actual emergency—must be securely erased beyond recoverability when they are no longer needed.
In disaster recovery planning, the big story is how to get operations up and running again quickly after a major adverse event.
Just as in any data center planning activity, data protection must extend beyond guarding against accidental data loss. Security requirements are just as complex and multi-layered in disaster recovery plans as for production systems. Moreover, they have the same requirements as in the primary production environment, in terms of protecting companies and their customers, as well as meeting regulatory requirements.
This is especially true in the highly-regulated financial services industry. And erasing data, when it is no longer needed, is a critical part of protecting it from unauthorized access.
Most data center operators are keenly aware of the need to do more than simply delete data at the end of its lifecycle. Standards are commonly in place to sanitize data beyond the ability of forensic means to retrieve it. However, it is also not uncommon for people to depend on the physical destruction of old drives alone, or stockpile them in a lights-out room or other secure location. And while physical destruction is generally effective, there are other ways to securely remove data that don’t harm the environment or require items to leave your facility. Data erasure is an option that can be used by itself or added as an additional, environmentally-friendly step on top of physical destruction to ensure complete data removal.
Moreover, regular testing of disaster recovery plans requires comprehensive data sets to be staged at the disaster recovery site, and few data center operators are willing to take large numbers of new drives permanently out of service after such brief use. Data erasure allows these drives to be erased and reused, while physical destruction doesn’t.
Software-based data erasure is the basis for best practices to completely remove sensitive data from disaster recovery storage devices. Thorough planning of the scope and methods for doing so is essential to the broader process of disaster recovery planning.
The first step to building data erasure into a disaster recovery plan is to define what data must be erased and when. All sensitive information must be identified as targets for sanitization, and each of these datasets must have a defined lifespan, after which it must be destroyed.
The implications of testing, as well as bringing recovery sites online and shutting them down again, must be accommodated in this planning, with a comprehensive set of timelines, methods and tools identified in advance.
Standards and procedures must align with the rest of the data center environment and with any third parties involved, including disaster recovery vendors, cloud service providers, etc. That complexity makes testing of data erasure methods an important part of the broader task of disaster recovery testing.
Because disaster recovery planning must address data protection throughout the lifecycle, standards and procedures for data erasure are an integral requirement. The following guidance provides a framework for key considerations in this area. These best practices can be used as a starting point for the planning process.
Including a comprehensive data erasure approach is a critical part of planning for disaster recovery. Using the right tools and procedures for data erasure provides data center operators with confidence that all copies of sensitive data made as part of disaster recovery operations are sanitized when they are no longer needed.
This capability helps guard against security breaches associated with that data falling into the wrong hands and simplifies efforts to comply with regulatory requirements.
Visit our data center solutions page.