Drive Control Headaches and Disposal Costs
In an effort to avoid data breaches and the
ensuing customer notifications required by data
privacy laws, corporations have tried a myriad of
ways to erase the data on retired drives before
they leave the premises and potentially fall into
the wrong hands. Current retirement practices
designed to make data unreadable rely on
significant human involvement in the process,
and are thus subject to both technical and human
failure.
The drawbacks of today’s drive retirement
practices are both numerous and far-reaching:
•
Overwriting drive data is expensive, tying
up valuable system resources for days. No
notification of completion is generated by the
drive, and overwriting won’t cover reallocated
sectors, leaving that data exposed.
•
Degaussing or physically shredding a drive
are both costly. It’s difficult to ensure the
degauss strength is optimized for the drive
type, potentially leaving readable data on
the drive. Physically shredding the drive
is environmentally hazardous, and neither
practice allows the drive to be returned for
warranty or expired lease.
•
Some corporations have concluded the only
way to securely retire drives is to keep them
in their control, storing them indefinitely in
warehouses. But this is not truly secure, as
a large volume of drives coupled with human
involvement inevitably leads to some drives
being lost or stolen.
•
Other companies choose to hire professional
disposal services, an expensive option which
entails the cost of reconciling the services as
well as internal reports and auditing. More
troubling, transporting a drive to the service
puts the drive’s data at risk. Just one lost drive
could cost a company millions of dollars in
remedies for the breached data.
With these shortcomings in mind, it’s no surprise
that an IBM study found that 90 percent of the
drives returned to IBM were still readable. The key
lesson here? It’s not just the drive that’s exiting
the data center, it’s also the data stored within.
Encryption
Every day, thousands of terabytes of data leave
data centers as old systems are retired. But what
if all those hard drives had been automatically
and transparently encrypting that data, enabling
it to be instantly and securely erased? A majority
of U.S. states now have data privacy laws that
exempt encrypted data from mandatory reports
of data breaches. And make no mistake, the
cost of data exposure is high—US$6.6 million on
average
1
.
Challenges with performance, scalability and
complexity have led IT departments to push
back against security policies that require the
use of encryption. In addition, encryption has
been viewed as risky by those unfamiliar with key
management, a process for ensuring a company
can always decrypt its own data. Self-Encrypting
Drives comprehensively resolve these issues,
making encryption for drive retirement both easy
and affordable.
We’ll discuss two security scenarios:
•
SEDs that provide instant secure erase without
the need to manage keys
•
Auto-locking SEDs that help secure active data
against theft with key lifecycle management
Self-Encrypting Drives for
Servers, NAS and SAN Arrays
2
1 2008 Annual Study: Cost of a Data Breach, Ponemon Institute, February 2009
