Routers, Switches & Data Security: Why Automated Network Device Sanitization Can’t Be Overlooked

Apr 29, 2021 Blog Article

Sanitizing network devices such as routers, switches and access points has become increasingly important. Why? As technology has advanced, so has their ability to function as data storage devices. Completely erasing stored data when decommissioning is absolutely critical from a data security standpoint. It’s also important when it comes to network device resale and keeping them out of landfills.

Dhia Haddej - Blancco Author

Dhia Haddej Originally from Brussels, Dhia's career includes being a pro high jumper in Tunisia as well as over a decade in software engineering. As software product manager for Blancco's enterprise and data center solutions, Dhia brings a strong belief in teamwork, innovation and meeting customer needs. He is also fluent in four languages.

How Network Devices Became Secure Erasure Targets

For decades, the trend has been toward putting more intelligence at every point throughout the network, with distributed services for traffic control, security, management and other functions. One result has been that common network devices—led by routers and switches—have become more sophisticated and expensive.

Among other changes to support that increased sophistication, significant local storage has been added to routers and switches. They often store configuration data, machine logs and other information related to network topology, IP addresses, network affiliations and so forth. Much of that data is sensitive, especially from a cybersecurity perspective, and it must be protected at a similar level to data on an enterprise server. Indeed, there are few limits to what an admin might keep in a network device’s local storage; it is possible to use it as a handy place to store anything from project notes to a list of passwords.

So, what should you consider when sanitizing network routers and switches? Using a factory reset function cannot prove that it fully destroys this stored information—there’s no way to check—and the process is quite labor intensive. But the alternative, device physical destruction, eliminates the possibility of resale after decommissioning. As the cost of these devices rises, fewer enterprises and IT asset disposal (ITAD) organizations are willing to sacrifice their resale value if that can be avoided. Some organizations also require network devices to be sanitized of data even before being repurposed internally, which is obviously incompatible with physical destruction.

The Unique Challenges of Sanitizing Network Equipment

A common scenario at equipment end-of-life is for racks of servers to be taken out of service as units, with each unit including a top-of-rack switch. Because shredding an entire network switch is impractical, for example, secure disposal using physical destruction involves significant manual effort, as technicians must open each equipment chassis and remove the storage drives or other media.

Uninstalling storage from network equipment also requires specific technical knowledge to identify the relevant storage device(s), which may consist of multiple pieces, such as both a hard drive and a nonvolatile memory chip. In some cases, the storage will be soldered to a system board, which requires removing the board and either shredding the entire thing or else physically cutting the storage off of the board. These considerations make physical destruction of network equipment highly inefficient from a cost perspective. And, in an era where more and more enterprise customers and investors are prioritizing eco-friendly initiatives, organizations are becoming less willing to indiscriminately destroy usable hardware. Sanitizing network routers and switches in an streamlined, yet eco-friendly way requires a different approach.

Reducing Manual Labor with Automated Router and Switch Sanitization

Blancco Network Device Eraser offers a highly efficient and secure software-based alternative to both physical destruction and manual processing. It provides automated router, switch, and access point sanitization, non-destructively and permanently erasing network devices according to NIST 800-88 Clear and Purge levels. It easily integrates with your WMS, AMS or other existing systems for added flexibility and automated process flow. And, it centrally gathers digitally signed erasure reports within our Blancco Management Console for an easy-to-access, tamper-proof audit trail.

By harnessing software-based operations when decommissioning these used network devices, you can dramatically reduce the amount of labor needed to ensure data protection and compliance with data protection regulations.

To learn more about automated router and switch sanitization, visit our Blancco Network Device Eraser product page.