Top 5 Ways to Ensure Data Security
According to NIST 800-88 guidelines, it is critical that a business or organization, maintain a record of its data destruction to track the “who, what, when, where, why” of how the data was retired. Only a clear record of proper disposal can protect a business from the harm of a data breach, or suspected faulty IT practices.
In order to understand the importance of adequate data security, it’s important to note the definition of it’s opposite – data vulnerability.
vulnerability (in computing) (n.): a weakness which allows an attacker to reduce a system’s information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
To ensure your enterprise is safe from data exploitation we have transformed “5 Security Holes” to detail the “Top 5” ways to enhance your current data destruction practices
1. Maintain adequate reporting practices – Secure and comprehensive reporting should be a central part of your hard drive retirement plan. Without proper reporting, you remain potentially liable for data breaches. Physically destroying hard drives is particularly weak when it comes to reporting and free software wiping tools are problematic because they don’t have robust, auditable reporting.
2. Plan a secure resting place for your data – Remote locations may not have a dedicated IT staff or the tools to wipe your hardware onsite. Transporting computers back to your headquarters is an option, but at a very high cost and not without its own risk; there’s often no way to monitor what happens to a computer between the time it’s decommissioned and the time it’s actually shipped back to HQ. That’s why it is important to select a data destruction company with a secure process and strong chain of command.
3. Create a strong internal chain of custody for your data – Internal risk occurs if your chain of custody process is either inherently flawed or not enforced diligently. Examples of flawed processes include not collecting hardware promptly after it’s decommissioned, leaving computer hardware in unsecure locations or allowing un-monitored access to decommissioned computers.
4. Find a strong external process for your data destruction – At TechR2, 17 years of industry best practice experience for IT asset retirement allows us to ensure we are dedicated to providing the best possible solution for your company when it comes to secure onsite data destruction.
5. Do not rely solely on encryption – Encryption technologies are constantly changing and improving as are the tools to break encryption. The value proposition is that if you need to retire or recycle the drive, you simply delete the encryption key and your data is safe. While it may be true that the data isn’t accessible in a practical sense, it’s still on the drive and still presents a risk in the longer term.
If you are looking for a data destruction solution or secure containment, check out TechR2’s Tear-A-Byte® solution. Leading edge technology and cloud-based tracking provide an NSA-certified, custom solution to properly care for your data.
Definition from Wikipedia. List adapted from: http://www.linkedin.com/groups/5-SECURITY-HOLES