The data on the failed of decommissioned data bearing devices and systems is very accessible to any insider threat.
This is a very good article about the Zero Trust Security Model. Many datacenters and enterprise offices have some very valuable data that is sitting on shelves or pallets that still contain 100% of the data when powered down a few days before. When doing assessments, we go inside an unguarded or poorly guarded datacenter that anyone could enter after logging into a kiosk and entering an employee and company name that matches what is in their database. Nothing else. Even though the datacenter has gates, walls, and entry portal, any clever person can enter their secure domain to do service for any other smaller company and stay on premise the entire day. And be within inches of the intended target. As assessors, we would have to say, even though many organizations have a policy to watch the visitor, it typically only lasts a few minutes.
The inside person picks up the solid-state cards or drives, replacing them with fake worthless decoys. When the technician is checked leaving the datacenter which only happens 10% of the time, they show the untrained security guard the solid-state cards or hard drives for the service call and the perpetrators leave the facility with the commandeered data bearing devices. It doesn’t make a difference whether it is solid state cards or hard drives, which are often kept inside unsecured blue plastic bins. As the assessment continues, most companies in the US cannot account for their data bearing devices, and they also fail to report the loss of system data to their managers. So, the Zero Trust Security Model would help those companies develop a better layered security approach to guard their unprotected data.
Related article: What Is Zero Trust? It Depends What You Want to Hear | WIRED
The data on the failed of decommissioned data bearing devices and systems is very accessible to any insider threat. In the Zero Trust Security Model (ZTSM), organizations learn to create system polices that have multi-layered and monitored approaches. When you do, you have the TechR2 Tear-A-Byte® and Tear-A-Vault® systems. The only ZTSM system in the EoL industry.