Driving home the data risk

Data leakage from outdated IT equipment creates a unique risk vector, but a range of solutions are available

Written by Jason Walsh, Business Post Driving home the data risk | Business Post

While many fret about the technical side of IT security, it is worth remembering that physical security matters too. This may mean physical access policies and secure door locks, but it also means understanding that data is not just bits, it also consists of atoms with a tangible presence in the material world.

IT lifecycle solutions specialists Vyta understands this, and offers a range of solutions for destroying data when hardware reaches the end of its life including it’s on-site data destruction service, DiskShred.

What was once a relatively uncommon process, secure data destruction is now on the corporate agenda.

“I think it just depends, from customer to customer. Some people will see it as a big issue, and to a certain degree the GDPR has put it to the front of people’s minds,” said Vyta chief executive Philip McMichael.

“It also depends from industry to industry and I think a bit of education needs to be done, as people do need to think about old data on equipment.

“Any organisation has a certain amount of data held, whether that be from providing services to the general public and so holding data on people, there’s risk around that, but even smaller businesses will have data about their employees and so on. Then there’s the commercial risk.”

All of us who have lost precious data, this writer included, could be forgiven for thinking all those ones and zeros on hard drives and solid-state devices were fragile. In fact, they are anything but.

Standard operating systems may offer few tools to recover deleted data, but the open secret is that supposedly “deleted” data is not gone at all: instead, the sectors on the drive are simply marked for future use and are overwritten by the system when needed. This is even true of formatting disks.

“People think reformatting the hard drive is adequate, and it’s certainly not,” said McMichael.

This then poses a question: what to do with devices if the data can be scooped off them by anyone with minimal technical knowledge?

Vyta has more than one approach to data destruction, and while both are final, one is rather more dramatic than the other.

“The two services we provide are overwriting the data using a fully certified piece of software, certified by the UK government, the Japanese government, the US government. The other method is shredding, which we do on-site,” said McMichael.

While shredding hard drives and SSDs sounds like something an intelligence agency would do, McMichael said that for some businesses it was simply a matter of policy.

“It’s not necessarily the data that drives that choice, sometimes it’s the organisation. In fact, nowadays a laptop shouldn’t really contain a lot of data; as it’s all held in the cloud.”

While Vyta has 100 per cent confidence in the erasure process, some businesses simply want to see the destruction.

In both cases, Vyta also records crucial information to help with compliance, such as where an item came from, what it was, what was done to it and where it went. “We can show that data the whole way through and we have the certificate,” said McMichael.

Given this, Vyta is very clear where it fits into the business landscape – and it is not low tech.

“Yes, we do the waste, recycling and so on, but we’re an IT security company,” he said.

Indeed, the security-first approach is just what businesses need when it comes to disposing of devices.

Certainly, recycling and sustainability come into the picture, but only once data has thoroughly been dealt with.

“The whole sustainability agenda is much more at the forefront than it ever was before. It’s not just going to charities and education, which it does, but small businesses often buy three- or four-year old laptops from us. They’re perfectly suitable for most people’s uses,” McMichael said.

According to him, the message of data destruction has got through, particularly where data is central to business activities.

“A lot of our services are used in the data centre space, and we’re seeing a lot of care and attention there,” he said.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_8552212_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Driving home the data risk

Quick Quote

Section 1

Section 2 (Free text)

Contact Us

Section 1

Section 2 (Free text)

Footer

Contact Us

This site uses cookies