In a recent webinar, experts dived deep into the crucial yet often overlooked aspect of data management: secure data destruction. The session highlighted the significance of secure disposal of data, shedding light on the various facets that enterprises need to consider when choosing an IT Tech service provider.
John Thangappan, business development manager at Greenbox Group New Zealand, led the discussion and swiftly pivoted to the core topic: the criticality of managing end-of-life data and outdated storage. John raised thought-provoking questions, challenging the prevailing notion of data protection’s emphasis solely on live transactional data. “What’s happening to the old data?” This highlighted the migration from on-premises to cloud and the implications for legacy data. He emphasized the necessity of understanding the significance of managing data residing in end-of-life devices, emphasizing the need for a structured approach to data destruction.
The discussion then delved into the methodologies of data destruction. Annie Wang, Business Development Manager at Greenbox Australia highlighted the need for government-certified software usage by service providers, stressing the importance of obtaining certificates as proof.
Chris Harapas, a keynote speaker from Blancco Technology Group shared an insightful overview of data sanitization methods, emphasizing their strengths and challenges. Harapas highlighted three globally recognized formats of data sanitization: physical destruction, cryptographic erasure, and data erasure through software.
The discussion illuminated the nuances of each method. Physical destruction involves rendering the asset irreparable, often through shredding or degaussing. While globally accepted, it poses environmental concerns and limits hardware repurposing.
Cryptographic erasure, akin to encryption, hides information keys, making data inaccessible. However, it potentially faces challenges with future decryption, especially with advancing computing technologies.
Data erasure through software involves overwriting data to ensure complete removal. While regarded as the best method by experts due to its live environment feasibility, it does consume more time compared to other methods.
Chris delved into challenges inherent in each method, such as the environmental impact of physical destruction and the potential decryption risks associated with cryptographic erasure.
Annie Wang raised the notable case of Morgan Stanley, highlighting the perils of inadequate data destruction practices. The financial institution’s negligence in securely disposing of drives led to a catastrophic breach, exposing sensitive personal information on public platforms like eBay.
Chris underscored the necessity of expert involvement in data disposal, citing the importance of chain of custody, secure logistics, and proper accreditations. He emphasized how the costly mistake made by Morgan Stanley stemmed from overlooking these crucial protocols.
Annie further illustrated the significance of robust data destruction practices through a customer experience with Greenbox. A mishandled pickup notification of a lab’s computer containing confidential research data highlighted the grave repercussions of inadequate service provider oversight.
The discussion was moved to various data breach incidents that have occurred in the ANZ region, emphasizing the repercussions not only in terms of financial penalties but also damage to reputation and loss of trust. Unsecure management of old data lead to breaches at Australian National University, Commonwealth Bank of Australia & NZTA across 2018 to 2020. Question was raised by a participant Sam Murray about the legal mandates around data breaches. While there was no clear legal mandate in ANZ region, there was emphasis on the Global practices & how CISOs are held accountable in the western part of the World. Chris, Annie & John summarised the legal and regulatory aspects regarding data disposal, focusing on standards like NIST and Gartner recommendations.
There seems to be a deep dive into the significance of maintaining a chain of custody, ensuring compliance through an audit trail, and adhering to evolving privacy acts like GDPR, California Privacy Act, etc. They are discussing the importance of data breach insurance and how having proper documentation and compliance measures in place is crucial for insurance coverage in case of unfortunate incidents.
The webinar thus underscored the criticality of meticulous review and scrutiny when selecting a secure service provider for data destruction. The discussions echoed the imperative need for expertise, proper protocols, and secure handling throughout the data disposal process. While Physical destruction is one of the preferred mode of data destruction, the recommended size of shredding is 3 mm and this means the device can’t be reused. The environmental impact of this is huge as there is no contribution to Circular Economy sticking to conventional Take, Make & Waste. Ideal scenario would be NIST wipe & send the device back for reuse thus bridging the digital gap & contributing to Circular Economy.
The insights shared during the webinar offered a comprehensive understanding of the intricate landscape of data sanitization, urging enterprises to prioritize secure practices in data destruction for safeguarding sensitive information.
Greenbox Group, a leading 100% carbon neutral IT Asset Lifecycle Provider has been in the industry for over 24 years. We are the first IT Asset Lifecycle provider in Australia to become 100% carbon neutral and won the AFR Sustainability Award. We provide a secure ITAD services to enterprises maintaining the data security and preserving the environment from e-waste by making sure nothing goes into landfill.