How Secure is Your Destruction Process?
When companies talk about secure hard drive destruction, they typically start by talking about the company they hire to destroy the drives drives. The destruction companies are going to tell you all about how their process for the physical task of destruction is secure. While this is all true and necessary when choosing a destruction partner, the real pain in guaranteeing secure disk destruction is managing all of your hard drives properly prior to destruction. Without a standard process to managing drives when they are offline, how can you guarantee they all get destroyed?
When hard drives go offline, they are valuable. They are worth some sort of prices and may contain sensitive data. Companies need to keep track of them when they are offline to ensure they don’t end up in the wrong hands. It is difficult to manage hundreds or thousands of hard drives efficiently but it needs to be done to ensure all data bearing and valuable assets are accounted for. If you don’t believe, read about how Coca-Cola lost offline assets and exposed sensitive information.
When hard drives go offline, a lot can happen to them prior to disk destruction. They most likely go through a status change, like degaussing or wiping. They probably need to be moved to another location, such as a loading dock, or grouped with other hard drives. There, most likely, is some sort of sign off required by management prior to destruction. Whatever the process is, all of the steps, movements, status changes, etc. need to be verified to ensure all the hard drives complete the stages prior to destruction and reach the destruction vendor properly. Tracking the hard drives prior to destruction is the only way to rest at ease knowing you have a secure disk destruction strategy.
I’ve noticed companies are relying on their destruction vendor to tell them what hard drives were destroyed. Or, they rely on their ITAM solution or spreadsheets to track offline hard drive activity. These methods lack the ability to account for the changes that the hard drives take when they are offline, such as degaussing or moving to a locked box, making it almost impossible to verify chain of custody. Manually managing a vast amount of hard drives increases the risk of human error and the chance of losing or misplacing a hard drive with sensitive data still on it. Furthermore, by not having an automated method for managing assets, your company increases administrative costs and time spent managing these assets – and misses out on money from hard drives that weren’t destroyed!
With an automated method for tracking hard drives during their decommissioning process, companies can guarantee that hard drives are accounted from the moment they go offline to the moment they are destroyed. By having hard drives follow a predetermined workflow, they can verify that each step is completed and have a defensible record of activity, making it easy to satisfy and prepare for audit. An automated method to tracking hard drives prior to destruction is the only way to ensure secure disk destruction.
B&L has the solution for secure disk destruction: AssetAware. As a NAID certified vendor, AssetAware works with your ITAM solution and destruction vendor to ensure your assets are managed throughout their entire lifecycle, and that there isn’t a gap in a key part of an asset’s life. By automating your offline IT asset management strategy with AssetAware, you minimize the risk associated with managing data bearing assets and lower your costs associated with administering offline IT assets.
Wouldn’t it be better to verify that the destruction vendor destroyed all your hard drives instead of relying on their certificate of destruction? Wouldn’t it be better to know where your assets are located prior to disk destruction instead of hoping there isn’t a hard drive hiding in a desk drawer? For all those hard drives that were destroyed properly, the one that doesn’t reach the vendor and ends up causing a data breach is the one that hurts the company. Learn more about AssetAware or contact us for help keeping your hard drives secure.