Why are data centres holding on to useless storage?

Organisations are cluttering up their data centres with piles of outdated IT storage, despite it putting them at risk of security breaches and compliance violations, according to new research

Organisations can’t wait to get their hands on the latest tech, but they — like the rest of humanity — have a developed a worrying habit of hoarding their possessions. But there are two reasons why an “if it ain’t broke don’t throw it away” mentality towards IT storage just doesn’t pass the mustard anymore.

First, in an age of unparalleled cyber threats firms are swelling their attack vector by clinging on to redundant hard drives. Second, a growing number of international data protection laws explicitly prohibit storing data past its retention date.

Firms who fall foul of HIPAA face fines of up to $1.5 million (£1.14m), with that number multiplied by the number of years each violation has been allowed to persist.

To get a sense of the level of hoarding present in organisations around the world, Blancco surveyed 600 data centre experts from APAC, Europe and North America. Its research revealed that two in five organisations that store data on-premise spend more than $100,000 (£76,000) storing useless IT hardware.

Half of those companies had already been called out by regulators or governing bodies for noncompliance with data protection laws.

74 percent of UK organisations admitted that at least 26 percent of all RMA drives stored onsite were only there because they aren’t willing to return them to the manufacturer. A quarter also confessed that more than half (51 percent) of their RMA drives sit uselessly idle in their data centres for the same reason.

So why are organisations so hellbent on clinging on to their old hardware?

Paralysed by fear

Blancco says the main reason firms won’t dispose of old IT storage is because they are terrified that sensitive data might be breached or misused. Companies much prefer to spend eye-watering amounts of cash storing these devices (and running the risk of regulatory violation), than entrusting them to specialist asset disposal teams for wiping before re-use.

“Global organisations are unnecessarily wasting vast sums of money from noncompliance and onsite storage fees – charges that could be easily mitigated,” said Fredrik Forslund,

“This points to a huge lack of education within the sector about what to do with hardware that is faulty or has reached end-of-life,” he added.

Worryingly, the survey revealed that in-house IT teams lack the skills to competently sanitize data. Over half of the respondents (57 percent) thought that a quick or full reformat would suffice to permanently erase data. 62 percent of organisations are using free, unverified and uncertified online tools to delete their data.

The survey also revealed that UK teams are most worried about how GDPR will affect the data centre, followed by increasing automation across the data centre.

Read the full The High Cost of Cluttered Data Centres report here.