Data security experts, you should talk with your IT asset manager about best practices for data security. IT asset disposition is often an area in which a company’s data security policy has some holes. When it can cost millions to recover from a single data breach, the risks are too high to ignore. Your company can’t afford the risk of allowing any IT equipment to leave its control with sensitive data still stored on it.
There are many misconceptions about the right way to do data erasure. Make sure your IT asset manager understands the following five concepts:
1. Freeware is unreliable for data erasure
There is a lot of free software out there that promises to securely erase data from hard drives, but beware; free isn’t always free. When you consider the loss of productivity from using slow, inefficient software, including the time it takes to manually document each wipe, the cost of using free software for data erasure starts to creep up. Besides that, the quality of free data erasure software can be very difficult to verify because the source might be unknown and documentation might be spotty.
2. In-house data erasure is not necessarily cheaper than partnering with a vendor
Data erasure is not an instantaneous process. To do it right involves the erasure itself, verification, and documentation. Your IT technicians have other duties to perform, and the more time they spend with data erasure activities, the less time they have available for other tasks. The old adage is true: Time is money in business. Also consider the costs associated with the space, systems, and software required for proper data erasure. Certified vendors optimize cost, quality and ease for you, and allow your staff to get back to more strategic work.
3. Outsourcing data erasure can be more secure than doing it yourself
In addition to the costs associated with in-house data erasure, there is a data security risk with having people who are not up to speed on the latest best practices or who are distracted by their many other responsibilities performing the erasure. A certified vendor can provide a dedicated staff and systems whose only responsibility is doing data erasure the right way, verifying it, and documenting the process.
4. Choosing certified vendors is the best way to ensure proper data erasure
Certification from a third-party industry organization tells you your data erasure provider has subjected itself to a rigorous auditing process to demonstrate it meets the highest standards for data erasure and its entire process has been documented. In the United States, the leading certification for data erasure (also known as sanitization) is from the National Association for Information Destruction (NAID).
5. Encryption isn’t the same as sanitization
Encrypting the data stored on a drive provides a good level of protection against those who are trying to access the data, but it does not actually remove the data from that drive. New technology and processes are always emerging that can break encryption. In addition, U.S. and international standards do not recognize encryption as a data sanitization method. Once you are done with the data, you need to remove it from the drive.
These five points are expanded on and added to in our recent guide for IT asset managers, “10 Myths About Data Erasure.” Download it for free by clicking on the image below.
