Data Center Decommissioning and Data Destruction Compliance

By Mike Satter

Thousands of organizations are being tasked with addressing their retired data center IT assets including servers, switches, and hard drives prior to and after moving their infrastructure to the cloud. IAITAM professionals understand that specific processes must be followed to ensure every aspect of a data center decommissioning project remains fully compliant. Whether it’s Los Angeles, New York City, Toronto, San Francisco or smaller cities globally, the same logic will apply.

Data security and environmental compliance are the primary concerns during data center decommissioning projects. The data security industry has shifted from shredding hard drives to wiping in order to address environmental concerns.

Addressing environmental concerns

Security is the most critical element of data destruction, and the reality is that shredding a hard drive does not guarantee that security. There are still numerous ways that data can remain vulnerable after a shred – more on that later.

As importantly, it’s not the most ecologically friendly method of disposal, either.
Shredded hard drives may be handled by a recycler that has a zero-landfill policy, but that doesn’t change the fact that yet more scrap electronic waste will end up going through the ringer.

Not only is it more difficult to guarantee that the scraps won’t ultimately be tossed into a landfill by an unscrupulous vendor, where the heavy metals begin to break down and contaminate the soil, water, and air, but it’s also not uncommon for scrap electronics to be sold to countries in Asia for recycling, where an overabundance of electronics to process and recycle are causing severe levels of pollution in certain regions. Data centers are already hotbeds for climate change, but even retired equipment contributes to the problem.

On the domestic front as well, shredding carries a risk of fire that requires strict regulations for the processing facility, and certain states also require air quality permits to perform the shred because of the output from the machinery. It is not a green process.

Furthermore, the amount of energy required to shred, extract raw materials, and transport them is significant, demonstrating again that just because the materials aren’t going to end up in a landfill doesn’t mean the negative environmental impact is eliminated.

The organization behind the ITAD vendors recognizes reusing hard drives as the most environmentally sound form of electronics recycling, which is why data destruction is best accomplished through data wiping.

Data wiping is highly efficient, fast, and the greenest method of recycling a hard drive, since the equipment can be refurbished and resold after the data erasure is completed. With the latest software technology that allows secure data wiping, there is no reason to destroy and dispose of a perfectly good piece of hardware with years of life left in it.

Shredded hard drives hold no guarantees for security

If you’re not intimately familiar with the rigorous standards of national and international data privacy policies and regulations like a data wiping specialist is, the chances are higher that certain best practices might get overlooked that could potentially cost your business hundreds of thousands of dollars in crippling penalties.

Data security is one of the most prescient topics in tech today, and too many companies have allowed major slip-ups and errors to impact millions of people and cost enormous sums of money to mitigate. Don’t be like some of the most prominent offenders, among them Equifax and NHS Surrey, plus a host of other major corporations that allowed mistakes to compromise the security of millions.

To make it simple, here’s a brief rundown for IAITAM professionals of the best practices for securely wiping data from a hard drive and explanations of how shredding can negate them:

  1. A secure location for processing a hard drive is vital for maintaining safety and preventing theft or a breach. Unfortunately, shredding is frequently done in a shared loading dock area that is shared by other vendors, meaning more people can possibly access the equipment. On the other hand, data wiping doesn’t require that the hard drive even be removed from the machine it occupies. The process can be performed in-house, making it easy to require authorization for access prior to the wipe.
  2. Automation utilized in data wiping increases the accuracy and certainty of verification. During a data wipe, the software scans the hard drive’s serial number as part of the process, which is part of confirming, reporting, and archiving the finished wipe for record keeping and auditing purposes. During a hard drive shred, the serial number is manually recorded by the vendor, which opens up a world of potential for mistakes.
  3. Verification is possible on multiple levels after a hard drive wipe, whereas a shredded hard drive does not provide adequate or reliable evidence of the shred. For one, the scraps from a shred make it impossible to pick out one hard drive from another, so once a shred is performed, there is no way to match up a serial number with the actual device to prove the shred occurred. A hard drive that is intact after a wipe can be easily confirmed to have been successful. Reporting for the data erasure helps supplement that certainty, which high-quality, multi-pass data wiping will always provide.

Data wiping is the most modern, efficient, and effective for recycling old hard drives. The return on investment you can receive from routine ITAD services using a trusted data wiping company is the icing on the cake, but the peace of mind knowing you’re compliant with data protection and environmental regulations is priceless.

About the Author

Mike Satter is the President of OceanTech