As Big Data Grows so does the Risk
With companies of all sizes moving to cloud computing data centers are playing a bigger role. With this vast increase in data centers come vast increases in purchasing, implementing, removing, and risk. In recent years, 74% of data centers around the globe have added servers to their current environment. When these upgraded environments are being put into place, whom is in charge of disposal of the retired assets?
When dealing with retired IT assets and data at rest there isn’t always one person who assumes the responsibility. More than 1/3 of companies surveyed do not use proper disposal. It is vital that this process be assigned to one individual, or a small team depending on the data center size, so there is constant observation over the process. The only other party that should assume any responsibility is your data destruction and IT asset disposal vendor, they should provide complete indemnification from the moment it is removed from the network. This should include a detailed audit trail, secure containment, certified onsite data destruction and removal from your facility.
Understanding Your Risks
There are several exposure risks in every data center. Storage media, data tapes, arrays, servers, and hard drives just to list a few. It is imperative there is an action plan for each of these items from the moment they are introduced to your data center until they are decommissioned. When doing this you must also make sure your action plan accounts for all proper regulations and compliances such as HIPPA, HITECH, SOX, PCI, etc. Failure to adhere to these compliances can lead to costly fines and damage your company image. Failure to comply with or follow these regulations can also increase your chances of having data exposed in a breach, which will have similar but more costly consequences.
The Right Vendor for the Job
Those involved in the decommissioning/retirement process need to pay special attention to how their current vendors operate. Key factors to consider when choosing your vendor:
Certifications and Standards- Make sure that the vendor that you are using is compliant and understands your industry regulations and requirements. They should be in accordance with all industry best practices including health care (HIPAA and HITECH), financial (SOX and Gramm-Leach-Bliley), retail (PCI), environmental, Information Security Management Systems (ISMS ISO 27001) and environmental health & safety management systems (ISO 14001, 9001, ISO 45001).
Liability Insurance- Insured vendors protect your business financially in the event there is a data exposure relating to their services. Such coverage can even lead to lower premiums on your company’s cyber security; think along the lines of a safe driver discount. Documentation- This should include a full audit trail, certificate of destruction, and green reports. Every item removed from the network and every drive that is destroyed onsite should be accounted for during each step of the retirement process.
As Big data grows and becomes more accessible, the risk of having it exposed is only going to increase. Implementing a seamless process from beginning to end, will save you hundreds of thousands, even millions, of dollars in fines; and most importantly help keep your company’s brand safe.