614-322-2222 or 877-770-8324

Server Refreshes Create Data Breach Vulnerabilities

Mar

13

Server Refreshes Create Data Breach Vulnerabilities

 

As Big Data Grows so does the Risk

With companies of all sizes moving to cloud computing data centers are playing a bigger role. With this vast increase in data centers come vast increases in purchasing, implementing, removing, and risk. In recent years, 74% of data centers around the globe have added servers to their current environment. When these upgraded environments are being put into place, whom is in charge of disposal of the retired assets?

Assign Responsibilities

When dealing with retired IT assets and data at rest there isn’t always one person who assumes the responsibility. More than 1/3 of companies surveyed do not use proper disposal. It is vital that this process be assigned to one individual, or a small team depending on the data center size, so there is constant observation over the process. The only other party that should assume any responsibility is your data destruction and IT asset disposal vendor, they should provide complete indemnification from the moment it is removed from the network. This should include a detailed audit trail, secure containment, certified onsite data destruction and removal from your facility.

Understanding Your Risks

There are several exposure risks in every data center. Storage media, data tapes, arrays, servers, and hard drives just to list a few. It is imperative there is an action plan for each of these items from the moment they are introduced to your data center until they are decommissioned. When doing this you must also make sure your action plan accounts for all proper regulations and compliances such as HIPPA, HITECH, SOX, PCI, etc. Failure to adhere to these compliances can lead to costly fines and damage your company image. Failure to comply with or follow these regulations can also increase your chances of having data exposed in a breach, which will have similar but more costly consequences.

The Right Vendor for the Job

Those involved in the decommissioning/retirement process need to pay special attention to how their current vendors operate. Key factors to consider when choosing your vendor:

Certifications and Standards- Make sure that the vendor that you are using is compliant and understands your industry regulations and requirements. They should be in accordance with all industry best practices including health care (HIPAA and HITECH), financial (SOX and Gramm-Leach-Bliley), retail (PCI), environmental, Information Security Management Systems (ISMS ISO 27001) and environmental health & safety management systems (ISO 14001, 9001, ISO 45001).

Liability Insurance- Insured vendors protect your business financially in the event there is a data exposure relating to their services. Such coverage can even lead to lower premiums on your company’s cyber security; think along the lines of a safe driver discount. Documentation- This should include a full audit trail, certificate of destruction, and green reports. Every item removed from the network and every drive that is destroyed onsite should be accounted for during each step of the retirement process.

As Big data grows and becomes more accessible, the risk of having it exposed is only going to increase. Implementing a seamless process from beginning to end, will save you hundreds of thousands, even millions, of dollars in fines; and most importantly help keep your company’s brand safe.

To learn more about TechR2’s TEAR-A-BYTE®, {TAB} (Patented) for failed hard drives and data at rest, sign up for an onsite demonstration.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.


  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.