Home Features The Importance of Data Erasure to Safeguard Data Security

The Importance of Data Erasure to Safeguard Data Security

Data Erasure, Privacy

By Sunil Chandna, Co-Founder and CEO, Stellar 

Data is growing at an incredible pace and this trend is expected to go steeper in the coming years. As per a recently published industry study, 2.5 quintillion bytes of data are created every day in the world and 90 percent of this entire data was created in the preceding two years alone! Further, the Data Age 2025 report predicted that the global data sphere will grow from 33 Zettabytes (ZB) in 2018 to 175 ZB by 2025, indicating a 430 percent growth in 7 years.

Rise of ‘digital social’ culture, high-speed Internet, technologies such as IoT, AI and resultant industry shifts such as digital transformation underpin this stupendous growth of data.

Today, enterprises in virtually every industry including Banking & Finance, Healthcare, Online Commerce, and Entertainment collect and store customer data; this data is used for designing personalized user/customer experiences or is stored as a part of the documentation.

Notably, this data–stored on servers, external hard drives desktop/laptop, etc.–grows in a sizable chunk with time. Dedicated IT asset managers are hired for managing these IT assets through their lifecycle & end-of-life. Storage space and IT management costs add up to a sizable expense for a business.

One thing stands out in this story: much of this company/customer data–collected, stored or transacted online—is ‘sensitive & confidential’, meaning, its unwanted exposure or leakage can result in loss of business, customers, money, reputation, and even litigation!

Data protection laws across the globe such as GDPR, SOX, and GBLA have placed a great onus on organizations to secure their “data-bearing” devices from a privacy standpoint. Failing to comply with these statutory regulations can result in huge penalties and long-term impact on business. For instance, violation of HIPPA can result in fines of up to US$50,000 per violation for willful neglect, with a maximum USD1.5 million per year for violations of an identical provision. Similarly, failure to comply with EU-GDPR provisions can result in fines of up to 20 million euros, or in the case of an undertaking, 4 percent of annual global turnover.

Privacy, a top priority

Given the sensitivity of the data, securing data privacy has become a top priority for companies.

While businesses spend millions of dollars and follow rigorous protocols to secure data on actively used devices, they are yet to observe the same rigor for securing devices that have reached the end of their primary use life term.

Despite the growing urgency around data privacy, awareness is surprisingly low on the fact that data stored on devices continues to face significant threats even beyond their intended use term. These threats at the IT asset disposal stage persists on account of ‘residual data’ that gets retained on the outbound media due to inadequate sanitization prior to disposal.

When servers, laptops, smartphones, etc. are lined up for any secondary transaction such as returning leased IT assets, hardware refresh, reselling, donation, etc. they must be sanitized to permanently remove all traces of data and thereby safeguard data security.

Stellar Data Recovery Inc. conducted the world’s largest study to ascertain the awareness levels amongst device owners, regarding usage of secure data wiping methods at the time of selling old storage devices. It also aimed to create awareness about data privacy risks when file deletion or drive formatting is used with an incorrect assumption as a permanent data removal action.

This investigation study of 311 used devices including hard drives, smartphones, and memory cards has revealed that 7 out of 10 devices contain residual data in the form of PII (Personal Identifiable Information) and confidential data. Surprisingly, 45 percent of these vulnerable devices were disposed of without any sort of sanitization; the data was present ‘as is’ that could be accessed by connecting the devices to a host machine! The remaining 25 percent (or 1 in 4) of the unsecured devices were disposed of after deletion or formatting. Data from these devices could be easily recovered by using any D-I-Y data recovery software.

This study further accentuates the need for taking effective data sanitization methods at the time of disposal of legacy IT assets to safeguard data security and avoid the huge risks associated with leakage of residual data both for organizations and individuals alike.

Data Erasure: The masterstroke for effective media sanitization

The most common media sanitization methods used by organizations are data erasure tools or trusting the ITADS (IT Asset Disposition Vendors) for wiping the data. The ITAD route is more common for various reasons. For instance, Hardware Asset Disposal is a specialized job, and it requires infrastructure and capacity, may offer more choices for sanitization, and is an established line of service for managing used or end-of-life assets.

However, in contrast to numerous choices of ITADs, there are compelling arguments in favor of ‘Data Erasure’ software as a key enabler for IT Asset Managers, namely:

  1. On-premises media sanitization: Data erasure software, sometimes called disk wipe software; enables organizations to sanitize their storage media on-premises, which is a powerful proposition to enforce the data security protocols for regulatory compliance within the office. Use of data erasure software is an emerging practice in the media sanitization realm, which complements the prevalent media sanitization practices such as shredding, degaussing (which doesn’t work on SSDs) and the likes. Software-based data erasure ensures foolproof data security, regardless of the physical state and circumstances of a storage media in the chain of custody.
  1. Secure data destruction with strong regulatory compliance: Modern data erasure software sanitizes media effectively and in line with global erasure standards. This helps organizations attain compliance with data security and privacy regulations such as SOX, GLB, HIPAA, ISO27001, EU-GDPR, and PCI-DSS. Further, data erasure software generates automated erasure reports and certificates that are tamper-proof and therefore serve as trusted audit trails at any given point in time for compliance requirements.
  1. Reduces TCO (Total Cost of Ownership), Ecofriendly, and Socially Responsible: Data erasure software allows recycling, re-allocation, or redistribution of devices. It helps to increase efficiency and decrease costs.

Clearly, data erasure software is an eco-friendly solution to fill the white spaces in media sanitization and complement the status quo, so as to empower IT asset managers for their evolved needs and roles.

To sum up, data erasure software is available on-premises, reduces TCO, drives compliance, and is simpler to use, and a great solution to protect our mother earth from e-waste pollution. It has all the ingredients needed for the making of a data privacy champion!

Sunil Chandna, Co-Founder and CEO, Stellar Data Recovery is a corporate professional with a career spanning over 25 years in diverse roles. Sunil has been steering the company up the growth ladder since 1993, he is responsible for defining and delivering the business strategy and providing overall leadership for Stellar’s operations in India and abroad. 

Stellar is a global Data Care Corporation, with expertise in Data Recovery, Data Erasure, Mailbox Conversion, and File Repair software and services. BitRaser is a product from Stellar, which helps in permanent erasure of data from all types of storage media, with no traces of data left behind. The product is compliant with global data erasure standards and helps safeguard data privacy. 

Disclaimer: CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.