When self-driving car engineer Andrew Levandowski left Google to work for Uber, he claimed it took him several weeks to notice five hard drives full of source code and design and engineering documents in his closet. Taking the drives to be shredded might have seemed like a good way of disposing of them securely, but paying cash and allegedly forgetting to take the receipt proved embarrassing when Waymo sued Uber and claimed that he had stolen the files. (The companies came to a surprise settlement after only five days in court.)
Data centers should have better processes in place for dealing with old hard drives that could have confidential company or customer data. But a recent survey by data erasure experts Blancco suggests that far too many organizations are failing to dispose of decommissioned drives correctly, running the risk of fines for exposing customer and employee information – or wasting hundreds of thousands of dollars storing hardware they could have put through a Return Merchandize Authorization process.
A quarter of the organizations in the study spend at least $50,000 a year storing drives they could return under RMA for replacement or a refund, and another 39 percent spend more than $100,000 a year. More than half of them have been cited at least once in the last two years for failing to comply with data protection laws, so fines could be ramping up the cost of clutter.
Even worse, a disturbingly high number of the 600 data center professionals around the world who took part in the survey seemed to be unaware that the way they handled hard drives wasn’t secure and didn’t comply with regulations like Europe’s General Data Protection Regulation or California’s digital privacy law that goes into effect in January 2020.
Companies not following the proper procedures is nothing new. But the potential consequences are now different. “Organizations need effective data retention and disposal policies and procedures,” Pat Walshe, managing director of data protection consultancy Privacy Matters, said. “This isn’t new and has been a key aspect of ethical and compliant data management for decades. RMA drives are no different. What is different is the liabilities that can accrue from failing to process personal data in ways that safeguard people’s data.”
Manual and Expensive
Despite listing data security, privacy, compliance, and efficiency as top priorities, few respondents had efficient processes for deleting data and sanitizing drives for reuse or return to the manufacturer – or for auditing to make sure this is done. Only a third have automated, remote tools for erasing securely; the others manually remove servers from racks and drives from servers, with half erasing them manually one by one and the other half storing the drives on site.
Ironically, it’s because they are aware of the risk of data leaks. “They stockpile old hardware wherever they have some free space, and that’s driving up costs”, Fredrik Forslund, VP of enterprise and cloud erasure solutions at Blancco, told Data Center Knowledge in an interview. “You cannot recover any residual value from the equipment, you're spending valuable resources managing that space, and under most contracts you have a penalty from the suppliers” for not returning the drives.
Wherever the drives end up, more than half of organizations erase manually with free online tools like DBAN. “They just download something from the internet and run it as part of their process, which is extremely scary.” DBAN is only free for personal use, he pointed out; “that means they have a licencing issue, as well as no audit trail or SSD support”.
SSDs also cause trouble if you decide to physically destroy disks; “data has been found on SSDs even after destruction,” Forslund noted. Although hyperscale clouds like Microsoft Azure and Google Cloud Platform use shredders to dispose of drives (Google automates this using robots), those are rare in traditional enterprpise data centers. And unless you film the shredding and showing the serial number on each drive, you don’t have an audit trail. Instead, organizations that are particularly worried about security use degaussers with strong magnets to erase data without damaging the drive. But modern drive enclosures can block magnetism; and SSDs aren’t affected by magnets.
Third-party services can offer effective physical shredding with an audit trail, but then you have the cost of securing the drive in transit. “You need secure transport by the service provider to their facility,” Forslund said. “A lot of security teams will not allow that kind of transportation.” And if they do allow it, they’ll have tough requirements like transporting the drives in armed vehicles, which can get expensive. “That’s part of why you see old RMA drives piling up and driving costs: because it’s a cumbersome operation.”
Get Ready to Encrypt Everything
Encrypting drives and erasing them cryptographically by simply deleting the key is increasingly popular because it’s fast and simple. Sixty-four percent of organizations in the study use cryptographic erasure, and the figure is even higher in regulated industries like healthcare and pharmaceuticals.
That’s not fool-proof, Forslund cautioned: “You need to know that encryption has been turned on on the device all of the time, because if it’s been off at any point, you could potentially have a data leak. You need to have a good system in place to manage your encryption keys, so you don’t have to worry about losing keys that could potentially be used to recover data.”
Verifying and auditing erasure is important even when hard drives have been removed because management tools marked them as failing. Forslund estimated that failing drives can be erased to an auditable level in 70 to 80 percent of cases – which means that data could also be recovered from them with the right tools.
There have been few wide-scale studies of how effective hard drive decommissioning is, but Moor Insights & Strategy senior analyst Steve McDowell told us that the problem is usually process rather than policy. “Most IT organizations do have policies around this, but proper scrubbing and recycling of hard drives and other devices is hit-or-miss, even when a policy is in place,” he said. “Most organizations are savvy enough to remove drives before scrapping computers, but the disposition of those drives is often little more than the electronic recycling equivalent of a landfill.”
The problem of secure disposal will go beyond hard drives in the future, he warned, as data becomes persistent across more devices. “Systems are beginning to be built with multiple levels of persistent cache, which will only accelerate as the industry starts deploying technologies such as server-class memory – Intel Optane, for example – where encryption-at-rest may not be an option.”
These new devices won’t be ready for returning or recycling for some time, but high capacity and higher prices will make it even more important that they are properly integrated into asset management systems that cover the entire storage lifecycle.