Data Destruction Services Ensure that Data is Sincerely Dead

Vendor ecosystems offer both system refurb and data destruction services that can help companies meet compliance and security concerns.

Tom Henderson

August 14, 2018

3 Min Read
keyboard with magnifying glass

Some data must eventually die. GDPR regulations, for example, guarantee the right to erasure of personal data, or the right to be forgotten. The hardware underneath the data may be repurposed, but all traces of data must be erased or destroyed. It's all part of the data processing lifecycle, but it's harder to ensure that data is truly dead than many people think. That's where refurb and data destruction services come in.

Hard drives, and the computers/printers/devices that contain them, have a finite service life. Once that life has ended, or a still-usable system is handed down, data traces should be erased or destroyed. In many cases, including compliance with regulatory mandates, data must be destroyed. And, not just destroyed, but verifiably destroyed. So, when you dispose of that potentially fleet-sized inventory of smartphones, tablets, notebooks, printers and, certainly, file server assets, the data they house has to be gone--as in forever gone from this dimension in time and space.

Again, that is easier said than done, and there are lots of stories about interesting data found on what were supposedly dead-and-gone hard drives and storage media. And there are many "events" other than system end of life that can (and should) raise data destruction concerns, including personnel changes, when hardware devices must be repurposed or updated for replacements; disaster replacement hardware; and the wholesale movement of hardware between and among departments, branches and business units. Even warranty returns raise asset concerns.

Many organizational policies require procedures with a clear audit trail, and no uncertain destruction of data. Data destruction work is typically done internally and/or under the auspices of contractors. Within the supply chain of contractors are the vendors that originally provisioned the gear and contractors whose services revolve around large-volume asset reprovisioning or destruction. And, within the data destruction/repurposing ecosystems are vendor relationships that might include paper asset destruction, along with retired asset repurposing, such as the services from Iron Mountain. On-site and offsite services are available to move retired assets into either a known-destroyed state (shred, crunch or other satisfying destruction sounds) or a fully verified wipe for repurposing hardware into secondary and refurbished markets. (Indeed, the notebook that I’m writing this article on was purchased on the refurbished market. It's bereft of identifying marks and, so far as I can tell, has a replacement SSD drive. Everyone wins.)

FutureDial is an example of a supply chain partner that provisions/reprovisions smartphones, tablets and hard drives on a medium to large scale, often for carriers, telcos and corporate controllers. The service offerings range from cloud-controlled software diagnostics, erasure and reprovisioned application payloads to erasures and new payloads for off-lease equipment, used components and secondary market asset movements. They also perform hard drive/SSD/media "wipes as a service," full destruction or wipe-then-reloads. FutureDial also plans to bring robotic services to increase capacity and scale for larger operations and relationships.

In the enhanced regulatory climate that protects both corporate data and private information, such services are evolving rapidly to suit convenience and prevent rapid depreciation. Organizations facing the growing data dilemma should be looking for data destruction services models that align with corporate culture, budget, legal/regulatory requirements and asset security.

 

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like