Don’t go storing up data problems – destroy them
Wed 18 Jun 2014
Erasing data from storage is not just a matter of pressing a delete button. The erasure process needs to be thorough whatever the IT system and it needs to fully documented and audited. As Ben Jones from specialist data company Bancco says: it must not only be done, it must be shown to have been done.
Stricter regulation and greater awareness of data security risks has made the issue of secure data erasure climb up many a corporate agenda. And when it has it is often found to be a more complex issue than many imagine.
There could be many reasons for wanting to erase data – hardware end of life or changing supplier are two of the commonest – and there could be many different types of storage device involved.
It is because of this complexity that the leading player in the field, Blancco, has redesigned and integrated its technology into a family of products that can handle pretty much any requirement from any type of customer. Ben Jones, Blancoo’s business development manager, said the challenge in creating this comprehensive family has been a big one. “With one customer we might be dealing with hundreds of thousands of drives across the globe with another with a few folders on a PC. But with stricter regulations and tough internal IT procedures, users need to be sure not only that the data has been erased but that they can prove it has,” he said.
Just deleting data, or disposing of the media containing the confidential data, is not acceptable anymore. So when devices come to the end of their life or perhaps a customer wants to move to a different supplier they will have to conform to a range of regulatory and compliance guidelines such as HIPAA, PCI DSS, and ISO 15408 which define requirements for data to be securely erased using a certified solution backed by a comprehensive audit trail.
“By bringing our solutions into one family, customers have access to everything they need when they need it, regardless of the circumstances, on all technical levels,” said Jones. Blancco’s data centre solutions support all common operating systems and various technical platforms, enabling better process efficiency and enhanced security, either as part of an existing package or as an additional service. “We pride ourselves that our software delivers 100% secure data erasure, with detailed reporting and auditability of the entire process.”
One aspect he is particularly proud of is the ability to reliably delete data (and document the process, of course) on solid state memories. “This has been one of our biggest challenges because of how they work – which is very different to traditional magnetic storage,” said Jones. “There is a massive movement in data centres towards flash because of their speed and their lower power consumption. It is essential part of our portfolio that we are able to offer 100% data erasing and a full audit trail on solid state storage devices.”
Additionally, Blancco’s data centre solutions have also led to a significant reduction on the amount of e-waste going into landfill as by using Blancco some hardware does not then necessarily have to be destroyed to securely erase the data and it can be recycled or reused.
Furthermore, Blancco’s data centre solutions not only supports secure erasures of loose drives, entire servers and SANs, said Jones. “Erasing data at logical unit number (LUN) level is critical when assigning dedicated LUNs to end customers, with the need to guarantee data privacy, migration of data, and/or scaling of the storage environment offered, at the end of the contract” he said.
“Erasing at File level where data spillage and leakage can often result in very costly and time consuming procedures to replace the hardware,” he added. “Selected data erasure at the file or folder level could achieve the same end result at a fraction of the cost and time spent.”
And the increasingly virtualised and cloud environment offer distinct challenges for data controllers. “Today, there are 11 times more virtual machines running than normal physical servers,” said Jones. “Our solutions are well integrated and easy to manage to erase virtual servers as well as physical servers”.
He explained how the solutions work in reality using the example of a customer, Daisy Data Centre Solutions (DCS). “Daisy uses a mixture of data centre solutions when decommissioning their customers’ data centre services,” he said.
“If a customer chooses to migrate to another platform or to cease working with them for example, Daisy DCS are able to deploy the relevant Blancco software to securely erase the data for that particular client environment. Many of Daisy’s clients are from the UK government and other organisations with strict IT security policies, so by using Blancco’s data centre solutions Daisy DCS is able to provide customers with an audit trail that enables them to get customer sign off for their decommissioning projects.”
In many respects the erasing of data is the given part of the business – it is the offering clients the ability to prove that is key said Jones. “We offer complete support for all levels of secure data erasure, on all common operating systems and technical environments and our data centre solutions offer approved and certified software with detailed reporting; a mandatory requirement for compliance and auditability,” said Jones.
This article based on one that appeared first in Data Centre Management magazine.