{"id":7809,"date":"2021-02-04T10:52:18","date_gmt":"2021-02-04T15:52:18","guid":{"rendered":"https:\/\/www.itadsummit.com\/?page_id=7809"},"modified":"2021-02-04T10:52:18","modified_gmt":"2021-02-04T15:52:18","slug":"itad-blog-a-guide-to-secure-data-sanitization-in-the-data-center","status":"publish","type":"page","link":"https:\/\/www.itadsummit.com\/index.php\/itad-blog-a-guide-to-secure-data-sanitization-in-the-data-center\/","title":{"rendered":"ITAD Blog: A Guide To Secure Data Sanitization In The Data Center"},"content":{"rendered":"

\n\t\tITAD Blog\n\t<\/h1>\n

\n\t\tA Guide To Secure Data Sanitization In The Data Center\n\t<\/h6>\n\t\t\t\t\t\t\t\t\t\t\"1\"\n\t

ITAD Blog<\/h1>\n

A GUIDE TO SECURE DATA SANITIZATION IN THE DATA CENTER<\/strong><\/h3>\n\t

In an age of corporate hacks and insider attacks, data sanitization\u2014the process of securely and comprehensively removing data from IT hardware\u2014is more important than ever. Following a data breach of any form, a company\u2019s reputation can hang in the balance.<\/p>\n

Here\u2019s our guide to the critical role that data sanitization plays in preserving information security across the increasingly complex landscape that is enterprise computing, focusing on the data center.<\/p>\n

Playing Corporate Cat And Mouse<\/h2>\n

Given the sensitivity of data and the increasing value, companies derive from it, securing data is an issue that\u2019s rapidly moved up the corporate ladder in most organizations nowadays, from the IT function all the way to the C-suite.<\/p>\n

Keeping data digitally secure is\u00a0a huge challenge for the enterprise, particularly with the sharp uptick in work-from-home arrangements as companies adjust to the\u00a0realities of COVID-19. As hackers\u2019 digital tools get more sophisticated, IT\u2019s digital countermeasures seek to rise to the task.<\/p>\n

Compounding these challenges, companies must also take into consideration the physical security of their data.<\/p>\n

Whether in a cloud data center, on-premise, in remote locations, or anywhere in-between, data is contained on a variety of hardware, from flash storage to\u00a0spinning hard drives through the tape and optical media. It can persist in memory and is increasingly entwined with the fabric of the data center itself.<\/p>\n

Meanwhile, organizations must account for their employees\u2019 devices, such as laptops, smartphones, and other mobile devices. IT asset management is a head-spinning proposition\u00a0at the best of times.<\/p>\n

Developing A Data Governance Framework<\/h2>\n

Any effective approach to information security must place data sanitization at its heart. But, in order to sanitize media, an IT team needs a granular understanding of where the company\u2019s data lives: its data topography.<\/p>\n

This is where an organization\u2019s data governance framework, its overarching approach to data management, helps. In developing their approach to data governance, companies identify what kind of data they routinely generate and how to organize and store this information, dependent on business needs.<\/p>\n

Within the data governance framework should be guidance on data retention\u2014how long to hold on to certain kinds of information and when to delete. As a rule, the longer a company holds on to data, the greater the risk of that data becoming subject to discovery in the event of legal action or a security breach.<\/p>\n

The\u00a0principle of defensible disposition\u00a0advises organizations only to hold on to data for as long as commercially necessary or legally required, although the reality is that companies tend to retain data whether they mean to or not.<\/p>\n

 <\/p>\n

A Process For Data Sanitization<\/h2>\n

Setting the rules within the data governance framework is one thing: maintaining and enforcing them is another. This is where the process kicks in\u2014a process based on a governance framework that is widely understood across an organization and centrally owned.<\/p>\n

Because when it comes to data sanitization, the existence of clear policies and processes is key to preserving information security.<\/p>\n

Even with the increasing adoption of AI-driven solutions able to automate the administration of policies, the management of storage media for data sanitization purposes requires human oversight: exactly which drives to wipe and how to handle the physical asset once out of deployment.<\/p>\n

Pulling Drives<\/h2>\n

Deciding when to pull storage media from active use depends on several variables. Drive failure is a primary factor: each drive comes with an average life expectancy\u2014the mean time between failures\u2014calculated on the actual performance of that model drive in deployment.<\/p>\n

The respective lifetimes of different model drives can vary significantly\u2014it\u2019s difficult to predict at the outset which model drives (and from which manufacturers) will prove to be the hardiest workhorses.<\/p>\n

The best guide is the actual performance in deployment, and for that, we have good data. Every quarter, data storage leader Backblaze provides an excellent\u00a0analysis of the performance of the approximately 115,000 hard drives from the three HDD manufacturers\u2014Seagate, Western Digital, and Toshiba\u2014that it has operated in its data centers.<\/p>\n

Detecting HDD Failure<\/h2>\n

A\u00a0number of factors, often mechanical, can contribute to hard drive failures: the trusty HDD, since its earliest incarnation in the 1950s, has contained its fair share of moving parts. Even the smallest shock to the hard drive can result in a range of annoying, sometimes fatal errors\u2014 those platters spin fast.<\/p>\n

Recognizing a hard drive issue is generally straightforward for a disk deployed on its own. For server-grade HDDs in random arrays of independent disks (RAIDs), however, the RAID controller is configured to isolate hard drive failures within the storage array. The RAID level deployed and the extent of the hardware failure will determine how recoverable\u2014and rebuildable\u2014the data is, or not as the case may be.<\/p>\n

Once a faulty hard drive is pulled, technicians will identify the fault and determine whether the disk is capable of repair. At that point, decisions around internal reuse or external remarketing can be taken according to pre-set criteria.<\/p>\n

In either scenario (and even if the drive is destined for destruction), technicians will wish to sanitize the drive\u2019s data.<\/p>\n

Refresh Cycles And Data Sanitization<\/h2>\n

It\u2019s not only driving failures determining which storage media get pulled: refresh cycles play a role, as data center managers seek to expand storage by introducing higher capacity drives into the available Rackspace.<\/p>\n

The calculus over when to run a refresh cycle is complex: while hardware refreshes support IT modernization, they carry a direct cost that leads many enterprises to delay. According to\u00a0a Dell EMC survey\u00a0conducted by Forrester Research, companies often prefer to avoid short-term expenditures even if it costs them operationally in the longer term.<\/p>\n

\u201cOn average, 40% of server hardware deployed at company data centers is more than three years old,\u201d the Forrester authors state. \u201cCompanies are adding capacity to support emerging workloads, but they retain aging hardware for four years on average, which is longer than ideal.\u201d<\/p>\n

It\u2019s true that companies don\u2019t always have the appetite for regular hardware refreshes. At the same time, it\u2019s hardly the case that companies aren\u2019t investing in new equipment. A\u00a02019 survey from Spiceworks\u00a0revealed that more than a third of organizations intended to invest in new server hardware in the ensuing 12 months, although the shock of COVID-19 will likely push firms to do more with what they already have for the foreseeable future.<\/p>\n

In any event, there is always some level of storage media that needs pulling and replacing, and the accompanying question of what to do\u00a0with the retired drives\u00a0once sanitized, from redeploying the equipment within the same organization to reselling within the secondary market.<\/p>\n

The Case For Internal Reuse<\/h2>\n

Although often overlooked, the internal reuse of HDDs is a win-win for most organizations.<\/p>\n

Financially, companies stand to benefit by reducing capital requirements for new media. From a performance perspective, older drives may no longer meet the needs of increasingly sophisticated workloads\u2014but they will work perfectly fine for less demanding functions.<\/p>\n

Source: iNEMI Value Recovery from Used Electronics Project, Phase 2 (August 2019)<\/p>\n

There\u2019s also the environmental dividend: reusing rather than disposing and destroying keeps the device\u2019s carbon footprint low.<\/p>\n

According to research from industry consortia the\u00a0International Electronics Manufacturing Initiative\u00a0(iNEMI), the carbon savings associated with the reuse of hard disk drives are significant\u2014iNEMI highlights the positive global impacts derived from a variety of recycling use cases for HDD, with reuse clearly topping the list.<\/p>\n

In addition to the environmental and financial upsides, there are operational benefits of internal redeployment. For example, when redeploying HDD internally, the requirements for data sanitization adopted by organizations are generally lower. Of course, it remains important to comprehensively wipe the media of its data, but the outbound checks that a drive earmarked for external remarketing are subject to can often be relaxed.<\/p>\n

Nonetheless, it is important to have a clear protocol for the way redeployed drives transition within the organization:<\/p>\n