This post was contributed by CentricsIT Account Executive Michael Sulka. Michael is a data center solutions expert who specializes in third-party maintenance and cost optimization throughout the IT lifecycle. He works from the CentricsIT office in Charlotte, NC (USA).
When moving your infrastructure to the cloud, what’s the best way to decommission your storage?
The key to keep your data secure during cloud migration is accounting for every state in which your data occurs. This can range from when the data is at-rest, which includes all information’s storage types that exist statically on physical media, or in-transit, whenever the data is going through an input/output process.
However, there is another tier that cannot be overlooked when it comes to data security: how you go about decommissioning your storage once those assets have migrated their workload to another device.
There are a lot of factors associated with decommissioning used equipment. In fact, the complexity of the process even rivals the original deployment of said assets. This process should be treated with the same level of detail as the initial procurement and setup, meaning this takes inter-departmental planning and communication to ensure it’s done not only according to company standards, but also to government regulations.
And why is this the case? For one crucial reason: The equipment has been used.
Because the assets have been used, there are data records stored and collected on those devices. That data is comprised of anything from sensitive client information, protected trade secrets, to confidential information. Whatever it may contain, the protection of that data and the assurance that it will be kept from prying eyes is highly important to your organization. Decommissioning IT equipment, particularly storage hardware, must incorporate data security protocols to ensure that all confidential company information is removed and remains protected.
Another factor to consider is where your data is hidden. A simple erasure of hard drives doesn’t do an adequate job if data is also embedded elsewhere within the device – whether it’s in battery backed cache, microprocessors, remote access cards, etc. According to Tech Target, “An enterprise may believe that erasing the drives of a no-longer-needed storage array will provide sufficient protection. That array’s controller head, however, contains network credential information…” With new technology comes new places for data to hide.
But what does this mean for data security, and how do you ensure proper measures will be taken once your equipment is ready for this process?
With so many different devices out there with their own unique set of requirements, data can be hidden in a lot of different places. The task of finding and securely erasing this data should be left to a third party provider that you can trust.
To help, I’ve added the following check-list as a guide for when your IT equipment has reach the end of its lifecycle.
- Choose a partner that utilizes the correct data erasure software. They should abide by HIPAA & NISPOM standards.
- Make sure they have all the required certifications. This should include certifications such as OHSAS 18001:2015, R2/RIOS, ISO 14001:2015, and ISO 9001:2015.
- Make sure the partner provides the proper documentation, including certification of erasures. This ensures the commitment from the partner to follow all protocols necessary to wipe the data from existence. This will also hold them accountable for any corrupted data or devices that were not wiped to industry standards.
- Lastly, a viable ITAD partner should be in constant communication with your IT department to provide ultimate transparency during this process.
The last segment to consider is the value recovery aspect of these assets. This is the exciting part for IT departments with underwhelming budgets. Choosing the right partner and following a strategic plan to clean sweep the data can boost your bottom line by selling those decommissioned assets.
Think of it as instant ROI for assets that no longer strategic value to your organization.
The provider chosen for this task should exhibit proficiency in testing, repairing, and refurbishment of those assets – this will result in the highest return on their value. Services for repair and refurbishing can be designed to improve your net recovery value on this old inventory by up to 50%. That’s money you can put towards your current migration project or another initiative around the corner.
In summary, decommissioning hardware is more than just getting rid of the old to make way for the new. It is pivotal to find a partner that has a strong track record of data destruction processes in place to protect your company from a security breach. Doing so alleviates the concerns of data falling into the wrong hands, help you unlock value of those assets through sales on the secondary market, and provide a cushy ROI to your bottom line.
If you’re ready to discuss your moving to the cloud, contact your CentricsIT representative or click here to email Michael directly.