Solid-state drives (SSDs) are a boon for application performance and helping PC makers deliver responsive, energy-efficient systems. The downside of this storage medium is that many organizations appear to be implicitly trusting it not spill secrets to once it’s discarded.
Recently, secure data erasure specialist Blancco Technology Group surveyed 300 IT professionals in the United States, Canada, China, France, Germany, India, Japan, Mexico, and the United Kingdom, to get a handle on their SSD data management practices. Encouragingly, most businesses are taking data security seriously — 70 percent employ drive encryption, for instance – many are taking chances when they finally retire their old drives.
Blancco found the ability to permanently remove all of a drive’s data, rendering it completely unrecoverable, only factored into the decision to contract with an IT asset disposition (ITAD) service or recycler. Nearly half (49 percent) of those polled said they prioritize cost and efficiency when picking an ITAD provider.
Only 13 percent looked for certifications and recommendations from governmental or industry bodies. Over a quarter of (27 percent) admitted they had no formal monitoring process in place to determine how recyclers and ITADs erase data from their SSDs.
Despite this, the vast majority of organizations (89 percent) said they were “confident” or “very confident” that data is inaccessible after their SSDs have been recycled, resold or discarded.
“Many organizations and individuals place a great deal of their trust and reliance in encryption and reformatting to prevent data loss/theft from SSDs and minimize their exposure to a potential data breach,” said Richard Stiennon, chief strategy officer of Blancco Technology Group, in a statement.
“But there are certain data security challenges with encryption that are often overlooked when it comes to protecting data stored on SSDs,” Stiennon continued. “And we know from our own analysis of 200 used drives purchased from eBay and Craigslist that reformatting of SSDs could result in various types and amounts of personal and corporate information being left exposed and recovered.”
Last summer, Blancco found that 67 percent of the hard drives and SSDs the company purchased from those sites contained some manner of personally identifiable information. Eleven percent were found to have sensitive business data, including CRM records and company emails.
“Organizations cannot afford to be lax in how they manage and erase SSDs – or they could find themselves hit by a data breach,” said Stiennon.