Problems of data storage media utilization in data Centers
On the scale of a data Center or a small cloud, an ordinary hard drive is such a trifle that is bought by thousands and hundreds of breaks, returns to the supplier and changes back. But as soon as the drive gets personal data of ordinary people or confidential data of the company, it is treated as a radioactive element. While the hard drive is new and works, everyone is happy, but if it breaks down or goes out of service by age, it can not be either simply thrown out or returned to the supplier, without making sure that the information from the disk is deleted without the possibility of recovery. It is not enough just to take and erase data, the process of their removal must meet certain requirements and be recorded in a certain Protocol, such requirements are imposed by the legislation of developed countries.
No one thinks about the disposal of personal data
Data centers still do not have well-established processes for recycling old hard drives that may have sensitive company or customer data. A recent survey by Blancco’s data Erasure experts shows that most organizations are unable to properly dispose of discarded drives, risking fines for disclosing customer and employee information or spending hundreds of thousands of dollars storing faulty equipment that they could return under warranty. Often, when working with sensitive data, the organization imposes on the supplier all the costs of replacing failed drives. This process looks quite simple: the hard drive is broken - bring a new one under warranty, we will write you an act, but we will not give the old HDD, since you can extract secret data from it.
In some cases, such a position even allows you to teach a lesson to an unwanted supplier who won the tender for the supply of a storage system: the customer can declare to the supplier that all hard drives are out of order and require replacement, and since they contain personal data, it is not possible to conduct an examination or check their performance. My colleagues once met with such a situation.
To make matters worse , more than 600 data center professionals around the world who participated in the Blancco survey did not even think that their methods of storage and disposal of HDD are not safe and do not comply with such as the General data protection rules in Europe (GPDR) or the California digital privacy Act, which comes into force in January 2020.
Hard drive destruction machine manufacturers
- UNTHA - shaft shredder for every taste. Model RS 30/40 is designed for grinding discs.
- Ultradisc - magnetic destruction of tapes, hard drives, magnetic media
According to the Same Blanco question, only a third of respondents admitted that their company has not only instructions for cleaning hard drives before disposal or return under warranty, but also installed the appropriate equipment. The remaining two-thirds prefer to store old equipment, even if they are legally obliged to send it for disposal.
SSD is not so easy to destroy
Even more difficult is the situation with SSD drives, from which you can pull data even after physical destruction. Giants like Microsoft Azure and Google Cloud use shredders to recycle media, and Google even pulls out the broken disks of their storage using robots, but this method of disposal is not reliable. The fact is that in order for the disk to be considered destroyed, you need to present the serial number and fragments of the fragmented medium to the checking party, which in the case of an industrial shredder is problematic.
For centuries, data on magnetic hard drives have been erased by powerful demagnetizers, but modern drive housings can block magnetic waves, and solid-state drives are not at all exposed to such radiation.
One of the options for effective disposal is to involve a third-party organization that can not just destroy the drive, but also to document that this is the drive was destroyed without the possibility of data recovery at a certain time on a certain date. Documentary evidence is simply necessary in order to protect the customer company from possible claims in case of leakage of confidential data. But here there are other difficulties. First, you need to somehow deliver the hard drives to the recycling point. On an ordinary car they are not lucky - need armored vehicles with armed guards. Accordingly, there is a question of responsibility for the data at the time of transport and at the stage of storage before destruction.
Even if the disk array or management system marks the disk as failed, it still needs to be cleaned up. According to the same company Blancco, in 70-80% of cases the failed disk remains functional enough to pull data from it or Vice versa to carry out guaranteed Erasure.
A set of software for data utilization
- DBAN - is a free, non-commercial data Erasure platform. DoD 5220.22-M, RCMP TSSIT OPS-II, Gutmann, Random Data, Write Zero methods are supported
- KillDisk - is a program for Windows/Mac OS. The free version supports removal in 1 pass. The Write Zero method is supported.
- MacroRit Data Wiper 1 - is a program for Windows, free for home use. DoD 5220.22-M, DoD 5220.28-STD, Random Data, Write Zero methods are supported.
- Remo Drive Wiper - is a small utility that supports DoD 5220.22-M, Random Data, Write Zero methods.
Solution - encryption
The simplest version of the destruction of a large amount of confidential data is encryption with the subsequent removal of the key. More than 64% of companies working with personal data consider this method of disposal as the most promising, and in some industries, such as medicine and pharmaceuticals, this percentage is even higher.
Of course, since you don’t know at what point and what a drive fails, the encrypted to keep all personal and sensitive data in your datacenter. You need a key management system encryption, which ensures their safety, so no one can recover data from recycled drives.