What are you looking for ?
Infinidat
Articles_top

Encryption and Reformatting SSDs Might Seem Convenient and Reliable – Blancco

But are not fail-safe data protection measures.

In recent years, a growing number of data breaches have resulted from the improper data removal and insecure storage of drives.

To educate businesses on the importance of proper data management and security, Blancco Technology Group released the findings of the Security Limitations of SSDs research study, which revealed that organizations face a myriad of internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from SSDs.

According to over 300 IT professionals surveyed in the United States, Canada, Mexico, UK, France, Germany, India, Japan and China, 62% of organizations believe encryption is sufficient to protect data from being accessed or breached. On top of this, 70% said they rely on encryption to prevent data loss/theft from SSDs and 35% reformat the drives.

Moreover, when IT assets containing SSDs hit their end-of-life and are ready to be disposed of, recycled or resold, over half (56%) of organizations either send them to IT asset disposition vendors/recyclers to erase the data or outsource the task to an IT security consultant.

Key findings from the study include:
    •    SSDs contain a myriad of sensitive personal and business information. 47% of organizations store both personal information (from employees) and business data on SSDs
    •    Despite recent data breaches, loss/theft of drives and employees leaking data for personal gain rank low on the list of SSD security challenges. Loss or theft of HDDs (8%) and employees leaking data for monetary gains/personal benefits (5%) were at the bottom of SSD security challenges for organizations.
    •    Organizations prioritize efficiency and cost over data security when selecting IT asset disposition vendors/recyclers. 49% of organizations consider efficiency and cost to be the most important factors when selecting an IT asset disposition vendor. Yet, only 16% factor in the vendor’s ability to permanently remove all data and 13% prioritize certifications and recommendations from governing bodies and institutions into their decision-making process.
    •    Although confidence in SSD security practices is high, monitoring of ITAD vendors/recyclers is a low priority. Although 89% of the survey’s respondents are either ‘very confident’ or ‘confident’ that data cannot be accessed or breached after SSDs have been discarded, recycled or resold, 27% admitted they don’t have any formal process for monitoring how ITAD vendors/recyclers erase data from SSDs.

Our study’s findings underscore the difficulty many organizations face with managing, storing and protecting data on SSDs and are symptomatic of a larger data security problem,” said Richard Stiennon, chief strategy officer, Blancco. “Many organizations and individuals place a great deal of their trust and reliance in encryption and reformatting to prevent data loss/theft from SSDs and minimize their exposure to a potential data breach. But there are certain data security challenges with encryption that are often overlooked when it comes to protecting data stored on SSDs. And we know from our own analysis of 200 used drives purchased from eBay and Craigslist that reformatting of SSDs could result in various types and amounts of personal and corporate information being left exposed and recovered. Organizations cannot afford to be lax in how they manage and erase SSDs – or they could find themselves hit by a data breach.”

One such example is the recent data breach that hit health insurer Centene Corp. In January 2016, the health insurer lost six HDDs that were part of a data project using laboratory results to improve the health outcomes of members. The missing drives contained the health information for 950,000 beneficiaries and included individuals’ names, dates of birth, social security numbers and member ID numbers.

Survey Methodology
The purpose of the study is to understand the data security challenges and limitations organizations face with storage and management of SSDs. Over 300 IT professionals in the United States, Canada, Mexico, UK, France, Germany, Indian, Japan and China completed the survey in December 2016.

Security Limitations of SSDs research study (registration required)

Articles_bottom
AIC
ATTO
OPEN-E