Managing Data Erasure in the Enterprise: Automated Processes for Optimal Efficiency

Transcription

1 Managing Data Erasure in the Enterprise: Automated Processes for Optimal Efficiency Blancco White Paper Published 30 June 2014

2 Table of contents Introduction...2 Threats from improperly disposed IT equipment...4 Pros and cons of data protection technologies... 4 Ongoing challenges in data security management... 6 Mounting regulations faced by enterprises... 6 US initiatives... 6 EU s data protection directive... 6 Fully auditable erasure process... 7 BYOD here to stay... 7 Importance of managing erasure throughout the asset lifecycle...9 Protecting data during the retirement phase... 9 Targeting data on active systems... 9 Importance of on-site erasure...10 Benefits of a certified, process-oriented data erasure solution...10 Managing the process...11 Conclusion...12 References

3 Introduction Chief information officers (CIOs), corporate security officers (CSOs), and information technology (IT) asset managers face a number of concerns that make an already demanding job even more complex. Tasked with handling an enterprise s IT and computer operations, these executives and administrators help support some of the most critical and relied upon elements within a company or government entity. Shrinking staffs and tighter budgets are just some of the challenging elements in IT management. Meeting existing goals and benchmarks while operating efficiently and cost-effectively with fewer resources and less money has created a situation in which CIOs and their IT departments must tackle an unprecedented level of challenges. An important piece of any IT policy for these groups involves the ability to employ and manage a solid and proven data security policy particularly in light of the continued proliferation of data breaches and identity theft around the world. A key aspect of such a policy involves defining as well as implementing data erasure procedures for IT equipment that is scheduled for reuse, donation or final disposal. This includes implementing a solution that detects a range of hardware, from smartphones to high-end servers, and addresses daily data erasure management as well as the erasure needs throughout an asset s entire lifecycle. Such an approach must also track and report what was erased and who handled the erasure. While data erasure is a critical best practice in overall data security efforts, IT managers still struggle with reduced budgets and resources on an everyday basis. To help efficiently and effectively implement data erasure, advanced data erasure solutions providing centralized management offer a fast, automated and secure way to protect data while helping to reduce associated costs and resource requirements. Automated features expedite erasure and allow customization of erasure and reporting processes to meet an organization s most pressing needs. 3

4 Unknown Improper Disposal Human/System Error Web/Network Exposure Malware 3% 6% 11% 5% 10% 6% 10% Hard Copy Theft/Loss Portable Media Theft/Loss By cause: number of incidents as % of total for 2010 (January-June) Malicious Insider 21% 12% 16% 1% PC Theft PC Loss Source: KPMG International, October 2010 Hacking Threats from improperly disposed IT equipment While companies often associate the threat of data loss with stolen laptops or other portable media, many are less aware of a more subtle culprit their own improper disposal of IT assets. In fact, insecure disposal of IT assets is the cause of data loss in 10 percent of cases, according to a 2010 KPMG International report, 1 with serious implications for corporate reputation and from costly fines initiated by increasingly stringent data protection regulations. Some reports show that around 40 percent of hard drives reach the secondhand market still containing sensitive data, including a 2009 study by Kessler International. 2 Data erasure offers a software-based approach for overwriting and fully eliminating all electronic information much of it sensitive or confidential in nature that resides on a hard drive or other digital media set for disposal or reuse. This data clearing or wiping goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and allow recovery of data with common software tools. In the case of data erasure, though, all information is removed while leaving the disk operable. Erasure reports with detailed hardware specifics are provided as proof of data removal. Pros and cons of data protection technologies Many data protection and destruction technologies exist, including physical destruction of devices, degaussing, encryption, re-formatting, and less comprehensive software overwriting approaches, but each has its drawbacks. Physical destruction and degaussing, for example, render a drive inoperable, preventing the opportunity to recover any value through resale or reuse and reducing the ability to operate in a sustainable, environmentally friendly manner. Also, with physical destruction, recovery of data from fragmented digital media remains possible. And, 4

5 because expensive equipment is needed to destroy hard drives, this activity is generally outsourced, which increases the chance of data loss during transport to a third-party facility. Other data protection strategies also have disadvantages. For example, while effective in certain situations, software-based encryption is a time consuming, processor intensive operation that does not provide a completely safe or verifiable method of securing data, especially for inactive equipment. Cryptographic sanitization at end of life provides no verification mechanism, compounding the dangers of poor implementation and denying a visible audit trail. Both active or inactive systems that employ encryption are subject to attack if not continually updated, leaving data available to those who are able to discover the key, crack the encryption or exploit implementation weaknesses. Similarly, re-formatting a disk will still leave data intact, while less advanced overwriting technology may not Data erasure management with advanced erasure technology is the ultimate first line of defense in ridding devices of sensitive information. perform enough overwriting passes or provide erasure reports to meet regulatory obligations. For example, overwriting freeware does not provide a detailed, auditable report, and the software s effectiveness has not been independently verified. On the other hand, data erasure management with advanced erasure technology is the ultimate first line of defense in ridding devices of sensitive information. By automating complete removal of data with technology that offers proof in a detailed report, organizations are assured that data is protected, without impacting the productivity of resources and overall operations. Del and Format method Data Erasure 5

6 Ongoing challenges in data security management IT organizations seemingly face a growing list of challenges each day. While they are required to do more with less given shrinking budgets and resulting staff limitations, their networks continue to witness a growing amount of traffic from an increasingly sophisticated base of users. From 2005 to 2010, the volume of digital data traversing networks of all kinds increased nearly 10 fold, according to a 2011 EMC/IDC Digital Universe study, 3 and there are no signs of traffic abating. Figures doubled between 2010 and 2012 and are set to more than double again by Mounting regulations faced by enterprises A number of stringent industry-specific standards and regulations have emerged around the world with the aim of reducing the risk of exposing confidential data, including rules related to health care, finance and credit information. Existing regulations that specifically require deletion of data include the Health Insurance Portability and Accountability Act (HIPAA), The Fair and Accurate Credit Transactions Act of 2003 (FACTA), and the Payment Card Industry Data Security Standard (PCI DSS), as well as the UK Data Protection Act Also, comprehensive regulations with data removal requirements are under review in the US with the Consumer Privacy Bill of Rights and in Europe with EU legislation on data protection reform. Legislation and regulatory requirements surrounding the protection of data have emerged and present enterprises with an additional set of demands that must be addressed. US initiatives Legislation and regulatory requirements surrounding the protection of data have emerged and present enterprises with an additional set of demands that must be addressed. President Obama in the US issued in February 2012 a framework for protecting privacy and promoting innovation in the global digital economy. While the report addressed consumer data privacy, it underscores the trends, issues and concerns facing digital data on a larger scale. The report notes how a previously existing framework lacked a clear statement of basic privacy principles that apply to the commercial world, and a sustained commitment of all stakeholders to address consumer data privacy issues as they arise from advances in technologies and business models. To address these issues, the Obama Administration introduced the Consumer Privacy Bill of Rights,4 which embraces a dynamic model of how to enable ongoing innovation in new information technologies while offering strong privacy protection, including a requirement for deletion of data. This new framework was designed to provide a clear statement of basic privacy principles that apply to the commercial world, and a sustained commitment of all stakeholders to address consumer data privacy issues as they arise from advances in technologies and business models. EU s data protection directive Meanwhile, in Europe, changes in data protection have been proposed to not only revisit rules that have been in place since 1995, but to provide more consistency 6

7 over today s implementation of legislation. Technological advances, including the introduction of social networking sites, cloud computing, location-based services and smart cards, have also served as the impetus to update EU data protection legislation.5 An existing draft of these updates is under review by all member states of the EU. In it are requirements for deletion of online data and use of auditable procedures for companies processing personal data, as well as encouragement for the use of certified tools and processes. Also, sanctions for violations of the new EU requirements are predicted to range from Euro 250,000 up to 0.5% of global annual turnover for lesser offenses and Euro 1 million up to 2% of turnover for more serious ones. Companies with cloud services must comply with this legislation if they process data belonging to EU citizens, regardless of whether their servers are located in the EU or not. In addition to the rapid rise in data protection legislation and industry standards, the fragmentation and everexpanding range of devices and platforms used to store data mean IT departments must manage security on more diverse equipment. Workstations and laptops, servers and storage appliances, mobile devices like smartphones, virtual machines, and complex data center equipment are just some of the many IT asset types that contain potentially sensitive information. With the volumes of confidential data, organizations must be prepared from a legal, moral, and fiduciary perspective to erase data on a range of device types. Fully auditable erasure process Successful erasure alone is not enough, because proof of erasure is necessary for auditing purposes. Detailed, auditable proof of the erasure is mandatory for compliance, regulatory and legal requirements. A comprehensive audit also provides important documentation about an asset s lifecycle. Tamperproof and verifiable reporting is an essential part of regulatory compliance and legal audits. A data erasure solution should generate comprehensive erasure reports to provide critical information for the auditing process such as condition of the hardware, relevant serial numbers and asset tags, software details for license harvesting, the erasure method employed and who performed the erasure. Companies with cloud services must comply with this legislation if they process data belonging to EU citizens, regardless of whether their servers are located in the EU or not. BYOD here to stay Organizations also face challenges associated with Bring Your Own Device (BYOD). With over 150 million employee-owned devices used in the workplace, 6 a recent report by Juniper Research indicates BYOD is here to stay, particularly as the number of smartphones in the enterprise could eclipse 350 million by Mobile devices hold a wealth of information despite their small size, with some smartphones and tablets having internal memory up to 64 GB. As these memory rich devices become smarter, helping people become more productive in both work and personal tasks, they are more likely to contain s, customer data, passwords and other sensitive information that could lead to data breaches if disposed of without first erasing the information. A 2009 survey showed that 99% of people use their phones for some type of business use. Seventy-seven percent of those in the survey used their phones to hold business names and addresses, 23% stored customer data, and 17% downloaded corporate information like documents and spreadsheets. 8 7

8 While data threats from mobile devices like smartphones and tablets are often thought of in terms of malware, phishing, and spyware attacks, improper decommissioning of used devices may present an even bigger security issue. Governing bodies like the European Network and Information Security Agency (ENISA), for example, find that improper decommissioning of smartphones without a full data wipe poses one of the highest risks to information safety, yet those devices are not subject to many of the erasure processes now in place for used hard drives. 9 This is especially troubling in light of analyst predictions that more than 100 million mobile phones per year are now recycled. 10 Simply using the internal factory reset command is not enough to secure data, as it can still be recovered with widely available tools. To support a robust security policy for mobile devices, adhere to regulatory requirements, To support a robust security policy for mobile devices and protect against data breaches, businesses should implement data erasure management with advanced erasure technology that provides verifiable proof of data removal. and protect against data breaches, businesses should implement data erasure management with advanced erasure technology that provides verifiable proof of data removal, or find a reputable third-party IT asset disposal (ITAD) partner who uses such a process. Backed by knowledge and the right technology or technology provider, IT managers can tailor policies for both business- and employee-owned mobile devices. 8

9 Importance of managing erasure throughout the asset lifecycle Customers and employees depend on the security of personal and business information. Failure to effectively erase information upon the disposal of an IT asset or storage device may not only result in damage to a brand and a company s image, but could lead to falling stock prices, the loss of customers and business partners, and negative press as well. A carelessly discarded hard drive containing confidential data that has not been erased can easily result in identity theft and expose an organization to bad publicity and costly litigation. It can also impact employee turnover and day-to-day business operations and internal information security. There are other instances where data erasure is important. Application or system software that remains on a hard drive when an asset changes hands may violate site-licensing terms from the software developer. Also, the reallocation of a server to another department or division can breach a software license and can incur costly fines from the vendor. Protecting data during the retirement phase Data security is an obvious practice organizations undertake in an effort to protect information throughout an asset s life. Guarding this confidential data during the asset retirement stage or when a computer is reassigned internally is equally important but often overlooked. With large volumes of confidential information stored on these assets, data must be completely destroyed before IT assets are disposed of, recycled, reused or donated. By employing a data erasure strategy, resale or donation opportunities become possible without worrying about sensitive data housed on devices. Physical destruction also becomes more viable when combined with data erasure, as a higher level of confidence and safety are achieved. This ensures the protection of data in the event that the physical destruction process is unsuccessful or technological developments somehow enable the extraction data from fragments of devices. Targeting data on active systems Data erasure, however, is not just an end-of-lifecycle activity, but may be necessary in the early phases of an asset s use when certain temporary confidential information is no longer needed. Advanced data erasure tools can target the erasure or sanitization of individual files and folders on active systems. This targeted erasure process is an ideal way to remove confidential temporary data such as credit card details, customer information and proprietary office documents. By automating data destruction on a time or event driven basis, advanced erasure secures information on active local or remote servers and computers, as well as any selected file available on the system, making day-to-day data shredding an easy prospect. Also, many enterprises use costly and complex data center configurations like logical units (LUNs) and storage arrays. These configurations and equipment are deployed, managed and run differently from desktops and laptops, so erasure has the potential to impact essential business functions. Servers or storage arrays that are running mission-critical applications cannot be easily powered-down or decommissioned without costly time-consuming procedures to bring them back online, so an advanced erasure tool that can target specific data, LUNs or storage arrays on active systems is a necessity. 9

10 Importance of on-site erasure If asset disposal is to occur with a third-party provider, it is important for an organization to choose one that uses secure erasure processes with full disclosure and reporting. However, on-site data erasure is the most secure option because it ensures sensitive data does not leave the enterprise or even a particular office. The International Association of IT Asset Managers (IAITAM) 11 recommends a combined approach as a best practice, using on-site erasure before transfer to the third-party disposal and erasure provider. Stringent industry regulations, monetary costs, potential damage to a company s reputation due to data breaches, and the risk of data leaks truly underscore the case for ensuring that proper steps are taken to guarantee the complete and secure disposal of sensitive information. Without taking the right measures, an organization can face penalties ranging from tens of thousands of dollars to in excess of $1 million dollars per violation,12 as well as risking exposure of employees to potential prison terms in certain situations. Benefits of a certified, process-oriented data erasure solution While data erasure enables organizations to take the right steps toward disposing of digital assets, working with solutions that have national and international third-party approvals, certifications and recommendations is a major consideration. By selecting certified software that enables consistent and dependable results, as well as providing a clear audit trail through reporting, enterprises, governments and other entities gain peace of mind and confidence. For example, the internationally recognized Common Data erasure is not just an end-of-lifecycle activity, but may be necessary in the early phases of an asset s use when certain temporary confidential information is no longer needed. Criteria certification verifies that data erasure software has completed a rigorous independent testing process validating its ability to permanently erase data from hard drives and other storage devices. It also verifies that the software conforms to standards sanctioned by the International Standards Organization (ISO-IEC 15408). Also, using a process-oriented, centrally-managed, automated data erasure solution can improve productivity and efficiency. Such a process reduces human error through centralized monitoring and auditing, minimal manual input of data, automatic 10

11 HARDWARE OS VIRUS AND FIREWALL ADMINISTRATION Cost Cost of of data data erasure erasure management management population of hardware and erasure report details, and a network-based report delivery that can expedite auditing processes for regulatory purposes. Along with data erasure and reporting, this process can perform an extensive series of hardware tests in automatic or manual modes, providing information necessary for reuse and remarketing of IT assets. With such a data erasure solution, it is also possible to process more assets in less time compared to traditional disposal methods or less advanced and robust erasure tools. The solution can be tailored to an organization s specific needs and hardware or network environments. Managing the process An extensive and centralized online management approach to automated data erasure covers every stage of the process, from booting through sending a report to a database, and then finishing with a certification of completion and computer shutdown. An intuitive management console also offers remote erasure control with status monitoring, full automation with minimum user effort, and comprehensive data erasure reports and statistics. These features add up to a 25 to 30 percent productivity improvement over alternative methods. For example, with an advanced erasure process, IT personnel can perform simultaneous erasure of up to 200+ hard disks per server. They can also remotely control the erasure of different kinds of IT assets at the same time. The efficiencies gained from centralizing and automating the data erasure process contribute to an overall low investment in such software. Considering the risks and potential fines from data breach, the price of a managed data erasure process is a minimal when compared with overall asset cost, including hardware, software and firewall and virus protection costs. Seamless integration of a data erasure solution with existing IT infrastructure is also crucial from both an operational as well as an economic standpoint. This involves the ability to work with other IT asset management and ERP suites, carry out the simple import and export of data, and use web service interfaces. 11

12 Conclusion The explosion of data security and privacy regulations, the ongoing risk of data leaks and the high costs associated with data breach leave little doubt that a range of steps must be taken to ensure the complete and secure disposal of sensitive information. In many instances, security breaches are not the result of hackers or other covert activities, with studies showing that insecure disposal of IT assets is the cause of data loss in 10 percent of cases 12. Because an organization s IT assets will continue to hold larger and larger volumes of confidential data in the future, protecting data by adopting comprehensive data erasure as a best practice is imperative. Data must be completely destroyed before IT assets are disposed of, recycled, reused or donated. In addition, corporations are in many cases obliged by an increasing number of government and industry standards and regulations to ensure the safe disposal of sensitive information or face penalties for non-compliance. An advanced and centralized data erasure solution provides users with a quick, automated and secure means of saving both time and money while ensuring protection of sensitive data. Data erasure employs a software-based approach to overwriting data and destroying all electronic information on a hard drive or other form of digital media while leaving the disk operable. Advanced erasure tools can even target specific confidential data on active systems. Because of this, data erasure software is not just an end-of-lifecycle purchasing decision, but one that should be considered at the outset of the asset s use. Ultimately, an advanced and centralized data erasure solution provides users with a quick, automated and secure means of saving both time and money while ensuring protection of sensitive data. With automated data erasure features, IT departments gain the fastest and most customized approach possible, with an enhanced and expedited erasure, reporting and auditing process. 12

13 References 1 KPMG International, Data Loss Barometer Insights into Lost and Stolen Information in 2010, Issue 3, Kessler International, Is Your Confidential Information Being Sold on ebay?, February 2009, 3 IDC, sponsored by EMC Corporation, Extracting Value from Chaos, June 2011, 4 Obama Administration, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, February 2012, default/files/privacy-final.pdf 5 European Commission, January 2012, 6 MaaSters Blog, Enterprise Mobility Update: 350 Million BYOD Smartphones by 2014, August 2012, enterprise-mobility-350-million-byodsmartphones-2014/ 7 Juniper Research, August 2012, 8 Government Technology, 4.2 Million Cell Phone Users Leave Sensitive Data Unprotected, March 2009, 9 ENISA, Smartphones: Information Security Risks, Opportunities and Recommendations for Users, December 2010, top-ten-risks/top-ten-smartphone-risks 10 ABI Research, Recycled Handset Shipments to Exceed 100 Million Units in 2012, December 2007, Units+in Dark Reading, $1.5M Fine Marks A New Era In HITECH Enforcement, March 2012, 1-5m-fine-marks-a-new-era-in-hitech-enforcement.html The information contained in this document represents the current view of Blancco Oy Ltd on the issues discussed as of the date of publication. Because of changing market conditions, Blancco cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. Blancco makes no warranties, express or implied, in this document. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Blancco. 13

14 For further information, please visit Blancco US 3901 Roswell Road, Suite 302 Marietta, GA UNITED STATES Tel. (770) Fax. (770)