Tech giants found destroying thousands of data storage devices every year - but why?
Properly decommissioning data storage equipment has many benefits, but it needs to be done right, experts say.
In a practice many experts would describe as “killing a fly with a nuclear bomb”, many of the world’s largest tech companies have been found to be destroying thousands of storage devices every year in order to stay compliant with data protection regulations.
According to the Financial Times (FT), both Amazon and Microsoft (two of the world’s biggest data center operators) would rather physically destroy every piece of data-bearing hardware they no longer plan on using, than risk data leaks by wiping the devices clean and selling them on the secondary market.
“If we let one [piece of data] slip through, we lose the trust of our customers,” one Amazon employee told the FT, on the condition of anonymity. Amazon declined to comment.
Is disk wiping that dangerous?
It’s not just data center operators, though, as public sector organizations, various ministries, police departments, and many others are all reportedly opting for the physical destruction of the gear, for the same reasons.
At the same time, data center gear decommissioning has transformed into a full-blown industry, and professionals working there argue against this practice.
Wiping the endpoints clean, and selling them on the secondary markets, has multiple benefits, and very little risk - if done properly. Some of the materials used to create data storage units are hard to come by. What’s more, refurbished gear is no longer significantly underperforming compared to new gear, so it makes sense on the performance front, as well. And obviously - it’s cheaper and “greener”.
But experts must be brought in, otherwise, the potential for disaster is quite great. A good example of bad practice came from Morgan Stanley, which was fined last month after contracting an inexperienced company to handle hard drive decommissioning. Instead of properly wiping the disks, the contractor sold the devices online - with the data still on them, triggering a painful reaction from the US Securities and Exchange Commission (SEC). Morgan Stanley ended up paying $35 million to settle.
TechRadar Pro has contacted Amazon and Microsoft for comment.
- These are the best endpoint protection services right now
Via: Financial Times