Based on data legislation and breach news from 2019, data privacy and protection regulations are sure to continue increasing in both number and enforcement. Tasked with complying with new mandates as they take on new data center configurations, data center projects can easily become bogged down by inefficient processes and a persistent lack of skilled technology staff. By implementing the efficiencies here, you can increase both compliance and data protection—all while minimizing the project hours needed from your current team.
The new year holds great changes for enterprise data centers:
- Organizations are embracing IoT data collection through edge computing and increasing their ability to handle 5G-facilitated data growth.
- Hybrid approaches are encroaching on cloud-only philosophies, with many enterprises adding more on-premise servers.
- On the other hand, even staunchly cautious industries like financial services have organizations migrating to fully public clouds, showing increased confidence in cloud security.
In many instances, renovations, upgrades and other data migration projects involve decommissioning data-laden servers and other IT assets. Significant decommissioning projects often take days or weeks to complete, taxing IT resources when skilled IT workers are in short supply.
As Data Center Knowledge reported, the 2019 State of the Data Center survey by AFCOM found that 31 percent of respondents had difficulty filling roles for IT security, 28 percent for cloud architects and 22 percent for data center facility technicians, engineers or operators. Couple this with increased regulations around data privacy, and you have a cocktail of risk that can derail migration project deadlines, or worse, leave data vulnerable because of poorly implemented data destruction processes.
Below are three data sanitization changes that will help maximize the staff you already have, more thoroughly protect your data—and meet or exceed regulatory compliance obligations.
Efficiency #1: Automate data clean-up processes within your active environments.
Regularly storing surplus data adds unnecessary operational and storage costs. It also increases the risk of data exposure, burdening your staff with protecting redundant, old or trivial records—as well as requiring more time to maintain additional data storage servers.
Furthermore, the General Data Protection Regulation (GDPR, with the “right to be forgotten”) and the recently implemented California Consumer Privacy Act (CCPA, with the “consumer right to delete”) require organizations to erase certain data in active environments by request—or face stiff penalties or possible litigation.
To streamline live data sanitization, which includes verifying that data is completely unrecoverable, take advantage of erasure software that allows you to create policy-based erasure activities on files and folders in your active environments at any stage of the data lifecycle. Make sure processes can erase logical units in SAN or virtual infrastructures in real time according to recognized data sanitization standards.
By automating file erasure processes this way, you’ll streamline regulatory compliance, reduce storage needs, limit damage in case of a breach and have less data to deal with when you face bulk data migration—all of which allows your teams to work more efficiently.
Efficiency #2: Increase data sanitization scalability during decommissioning projects.
Whether you have private data centers, use colocation services or use a third-party cloud provider to store your corporate information, the data you’ve protected at earlier stages should also be protected when removing storage assets from your secure data center.
To abide by strict data erasure guidelines while speeding up decommissioning, seek out scalable solutions that eliminate time-intensive manual drive pulling. As demonstrated in a recent Blancco case study, erasing large numbers of servers in-rack and managing the process remotely can reduce decommissioning time from weeks to mere hours. It also ensures that any drives destined for destruction are data-free before leaving your facility.
Efficiency #3: Ensure regulation-compliant outsourcing.
Delegating sanitization to a third party can save considerable staff time. But to protect data assets from your secure facility to their final destination, first understand what erasure standards and chain of custody practices you’ll receive. If possible, perform the erasure onsite to avoid liability during transport for offsite handling. Confirm that your IT asset disposition (ITAD) vendor has proper qualifications and efficient processes in place, as well as solid environmental credentials. In accordance with the data regulations required for your organizations, specify the data erasure standard to be used, such as NIST Clear or Purge, based on the confidentiality of the data stored and whether assets are to be reused. Be aware of any subcontractors and demand strong record-keeping practices (shipment records, serial tracking, audit-ready erasure reports) to streamline audits and compliance reporting.
By diligently selecting and regularly auditing your ITAD, you’ll be able to redirect much of your staff’s hands-on time to an oversight role, giving them more time to address other activities.
Increase data protection compliance efficiently.
Globally, data regulations are only set to increase in number and enforcement. This year’s data center projects can easily become bogged down by inefficient processes and a lack of skilled technology staff as companies adjust to new regulations. By implementing the efficiencies above, you can increase compliance and data protection—all while minimizing the project hours needed from your current team.