Some organisations take considerable risks with the way they sanitise data at end-of-life, it is claimed from a survey by a data erasure software company.
According to Blancco Technology Group, some businesses are using inappropriate data removal methods. One in three, 36 percent reported using data wiping methods such as formatting, overwriting using free software tools or paid software-based tools without certification or physical destruction (both degaussing and shredding) with no audit trail. These methods are not fully secure and can leave businesses open to potential security and compliance issues, Blancco warns. Of particular concern is that 4 percent of these enterprises are not sanitising data at all, leaving them open to attacks.
Most, 80 percent of enterprises admitted having a stockpile of out-of-use equipment sitting in storage and a majority, 57 percent reported taking longer than two weeks to erase devices, adding to the risks of potential internal data breaches and lost data.
Some 17 percent of enterprises report not having an audit trail for the physical destruction process, and 31 percent admitted not capturing the drive serial number. This lack of chain of custody controls means these enterprises are running the risk of data breaches and non-compliance. And 17 percent of global enterprises use physical shredding or degaussing for end-of-life devices, even though shredding does not always provide a true, certified audit trail that spans the full chain of custody lifecycle.
Fredrik Forslund, Vice President, Enterprise and Cloud Erasure Solutions at Blancco said: “Global enterprises are clearly concerned about data when devices reach end-of-life; however, despite knowing the risks involved, many still choose to use an inadequate approach to protect their organisation. This points to a huge and worrying knowledge gap within the sector and among senior leaders about the security and compliance implications of physical destruction and end-of-life equipment lying around.”
About the research
By Coleman Parkes in August 2019, the sample was of 1,850 senior decision makers including Heads of Compliance, CFOs, Financial Directors, ITAMs, CISOs, IT Security VPs, Data Protection Officers and Heads of Operations, from 1850 organisations with 5,000+ employees. The sample was divided between the UK, the United States, Canada, Germany, France, Japan, India, Singapore and Australia.
