In the vast and complex world of data centers, the maximization of space is not just a matter of practicality; it is a crucial aspect that has the power to directly affect a facility’s efficiency, sustainability, flow of operations, and, frankly, financial standing.
Today, information isn’t just power, but rather it serves as the lifeblood for countless industries and systems, making data centers stand as the literal bodyguards of this priceless resource. With the ever-expanding volume of data being generated, stored, and processed, the effective use of space within these centers has become more critical than ever.
In layman’s terms, every square foot of a data center holds tremendous value and significance.
Now, we’re not here to focus on how you can maximize the physical space of your data center; we’re not experts in which types of high-density server racks will allow you more floor space or which HVAC unit will optimize airflow.
What we are going to focus on is our expertise in high-security data destruction, an aspect of data center infrastructure that holds an equal amount of value and significance. We’re also going to focus on the right questions you should be asking when selecting destruction solutions. After all, size and space requirements mixed with compliance regulations are aspects of a physical space that need to be addressed when choosing the right solution.
So, we are posing the question, “When every square foot counts, does an in-house destruction machine make sense?”
Let’s find out.
The Important Questions
Let’s start off with the basic questions you need to answer before purchasing any sort of in-house data destruction devices.
What are your specific destruction needs (volume, media type, compliance regulations, etc.) and at what frequency will you be performing destruction?
The first step in determining if an in-house destruction solution is the right move for your facility is assessing your volume, the types of data that need to be destroyed, and whether you will be decommissioning on a regular basis. Are you only going to be destroying hard drives? Maybe just solid state media? What about both? Will destruction take place every day, every month, or once a quarter?
It’s important to also consider factors such as the sensitivity of the data and any industry-specific regulations that dictate the level of security required. Additionally, a high volume of data decommissioning might justify the investment in in-house equipment, while lower-volume needs might require a different kind of solution.
How much physical space can you allocate for in-house equipment?
By evaluating the available square footage in a data center, facility management can ensure that the space allocated for the data destruction equipment is not only sufficient for the machinery but will also allow for efficient workflow and compliance with safety regulations. The dimensions for all of our solutions can be found on our website within their respective product pages.
What is your budget for destruction solutions?
Determining budget constraints for acquiring and maintaining in-house data destruction equipment will allow you to consider not only the upfront costs but also ongoing expenses such as maintenance, training, and potential upgrades. It’s important to note that, in addition to evaluating your budget for in-house equipment, the comparison between an in-house solution and cost of a data breach should also be taken into consideration.
All of the answers to these questions will help determine the type of solution (shredder, crusher, disintegrator, etc.), the compliance regulation it should meet (HIPAA, NSA, NIST, etc.), the physical size, and if there should be any custom specifications that should be implemented.
Data Breaches: A Recipe for Financial Catastrophes
One of the primary reasons why every square foot counts within data centers is the financial element. Building and maintaining data center infrastructures often come with significant expenses, ranging from real estate and construction to cooling, power supply, and hardware installations, just for starters. It’s important to ensure that you are maximizing both your physical space and your budget to get the most bang for your buck.
But even beyond the physical constraints and considerations, the financial implications can loom overhead, especially in the context of data security.
Data breaches represent not just a threat to digital security but also a financial consequence that can reverberate for years. The fallout from a breach extends far beyond immediate remediation costs, encompassing regulatory fines, legal fees, public relations efforts to salvage a damaged reputation, and the intangible loss of customer trust.
For example, from January to June 2019, there were more than 3,800 publicly disclosed data breaches that resulted in 4.1 billion records being compromised. And according to the IBM and Ponemon Institute report, the cost of an average data breach in 2023 is $4.45 million, a 15% increase over the past three years.
So, while, yes, you want to make sure you are making the best use out of your budget to bring in the necessary equipment and storage capability to truly use up every square foot of space, part of that budget consideration should also include secure in-house solutions.
You’re probably saying to yourself, “As long as I can outsource my destruction obligations, I can maximize my physical space with said necessary equipment.”
You’re not wrong.
But you’re not necessarily right, either.
The Hidden Costs of Outsourced Data Destruction
Outsourcing data destruction has traditionally been a common practice, with the aim of offloading the burden of secure information disposal. However, as we’ve stated in previous blogs, introducing third party data sanitization vendors into your end-of-life decommissioning procedures can gravely increase the chain of custody, resulting in a far higher risk of data breaches.
Third-party service contracts, transportation costs, and potential delays in data destruction contribute to an ongoing financial outflow. More so, the lack of immediate control raises concerns about the security of sensitive information during transit. For example, in July 2020, the financial institution Morgan Stanley came under fire for an alleged data breach of their clients’ financial information after an IT asset disposition (ITAD) vendor misplaced various pieces of computer equipment that had been storing customers’ sensitive personally identifiable information (PII).
While ITADs certainly have their role within the data decommissioning world, as facilities accumulate more data, and as the financial stakes continue to rise, the need to control the complete chain of custody (including in-house decommissioning) becomes more and more crucial.
In-House Data Destruction: A Strategic Financial Investment
Now that your questions have been answered and your research has been conducted, it’s time to (officially) enter the realm of in-house data destruction solutions – an investment that not only addresses security concerns but aligns with the imperative to make every square foot count.
It’s crucial that we reiterate that while the upfront costs associated with implementing an in-house destruction machine may appear significant, they must be viewed through the lens of long-term cost efficiency and risk mitigation.
In the battle against data breaches, time is truly of the essence. In-house data destruction solutions provide immediate control over the process, reducing the risk of security breaches during transportation and ensuring a swift response to data disposal needs. This agility becomes an invaluable asset in an era where the threat landscape is continually evolving. In-house data destruction emerges not only as a means of maximizing space but as a financial imperative, offering a proactive stance against the potentially catastrophic financial repercussions of data breaches.
Whether your journey leads you to a Model 0101 Automatic Hard Drive Crusher or a DC-S1-3 HDD/SSD Combo Shredder, comparing the costs of these solutions (and their average lifespan) to a potential data breach resulting in millions of dollars, makes your answer that much simpler: by purchasing in-house end-of-life data destruction equipment, your facility is making the most cost-effective, safest, and securest decision.
You can hear more from Ben Figueroa, SEM Global Commercial Sales Director, below.
Top 5 Human Errors That Could Risk A Data Breach
June 3, 2021 at 5:06 pmWe’re all human. We all make mistakes. It’s inevitable! Unfortunately, there are times when our mistakes have consequences. Sometimes those consequences are small and sometimes…they’re not as easy to sweep under the rug. In this blog, we break down the top 5 ways human error can lead to a potential data breach.
Weak Passwords
According to a 2020 study by Verizon Data Breach Investigations, approximately 81% of all data breaches are caused by cybercriminals easily hacking accounts that are so-called “protected” by weak passwords. By not adhering to password guidelines, failing to offer password training to your team, and not implementing multi-factor authentication procedures, businesses continue to put their cybersecurity at risk.
With that being said, what exactly constitutes as a weak password? Weak passwords are any sort of phrase or term that is common, short, or something predictable such as the owner’s name, birthday, or the literal word, “password.” Instead, use a longer password made up of a mix of upper and lowercase letters, numbers, and symbols to help keep your password and data safe. Essentially, the more complex the password, the harder it is for cybercriminals to hack your information.
Lack of Cybersecurity Knowledge
In the modern digital age, the world of cybersecurity has only become more intricate and advanced. Bad news? Most of us need to step up our game when it comes to protecting our data. Good news? You don’t have to be an IT wizard to do so!
Here are just a few minor ways to help combat a lack of cybersecurity knowledge:
- Do not use public Wi-Fi without a VPN when accessing sensitive data such as bank accounts, work emails, etc. By not using a secure network or VPN, it’s much easier for hackers to get their hands on your information.
- Interacting with suspicious email links and attachments. Hackers and thieves have only become more creative when it comes to phishing emails. If an email address is a letter or two off or if that email from your boss asking you to purchase gift cards to send them doesn’t necessarily sound like them, it’s always best to either ignore or send to your IT department to investigate.
- Using insecure devices. Whether it is an external hard drive or USB stick, be wary of using just any random external device that could potentially be carrying malicious code designed to steal your information.
Mishandling of Data When Transporting
In May 2006, the U.S. Department of Veteran Affairs announced that a data breach had compromised the records of 26.5 million veterans. Among the private and sensitive information that was stolen were names, dates of birth, and Social Security numbers in addition to other personally identifiable information (PII). The breach was found to be caused by a Veteran Affairs data analyst who had taken computer equipment home that contained the unencrypted information of all 26.5 million affected veterans. The laptop and hard drive were then stolen from the analyst’s home during a burglary which ultimately led to the breach.
Another example of insecure transportation is the 2011 breach of military health program TRICARE. The breach occurred when a TRICARE employee was tasked with transporting devices carrying the healthcare information of 4.9 million subscribers to an off-site storage facility as part of the company’s routine backup procedure, and the employee’s car was subsequently burglarized.
While we’re sure neither one of the employees mentioned above had intended to have their home and vehicle burglarized, unfortunately, that is a risk we all face. It’s the unpredictability of others that we must keep in mind when transporting physical media. To read more about the importance of storing physical media that is awaiting destruction, read one of our previous blogs.
Using Outdated/Unauthorized Software
Rule of thumb: combat cybercriminal efforts by making sure your software is always up to date and is reputable. It is far too easy for cybercriminals to compromise sensitive data when your software is not up to date. Check with your business’s IT department to make sure you are not ignoring any updates or downloading unauthorized software. It’s also important to note that one should never disable their software’s security features, especially if it is on a work-issued computer or laptop. Your online shopping can wait until you are in the safety of your own protected network and home.
Third-Party Vendors
As we’ve stated in previous blogs, by introducing third party data sanitization vendors into your end-of-life destruction procedure, you significantly increase the chain of custody, and subsequently face a far higher risk of data breaches. There have even been reports of some vendors selling end-of-life devices and their sensitive information to online third parties!
We understand that while there are reputable data sanitization vendors out there, it can be far too easy for ITAD (IT asset disposition) vendors to misuse, mishandle, and misplace drives when in transportation, during destruction, and disposal. (Remember when financial institution Morgan Stanley announced that an ITAD vendor had misplaced computer equipment storing customers’ personally identifiable information?)
At SEM, we suggest getting rid of ITADs altogether if they are part of your end-of-life destruction procedure simply because of how unpredictable they can be, and the potentially catastrophic consequences should a breach occur.
A common denominator in the data breaches above is not only human error but the misuse during storing and transporting of drives containing sensitive information. We understand that destruction does not always happen immediately after the drives and data are deemed end-of-life. Businesses may not have the proper equipment in-house or budget to outsource destruction, but it is this reason why we at SEM stress that precautions and protocols should be in place to securely store and protect all data once it meets its end-of-life.
Following all these tips can help protect your most sensitive information. As always, it is important to remember that a data breach is a data breach, no matter the level of impact. At SEM we have an array of various high-quality NSA listed/CUI and unclassified degaussers, IT crushers, and enterprise IT shredders to meet any regulation when the time comes to destroy your end-of-life data. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your personal or regulated destruction needs.
Is In-House Data Destruction Really Necessary? The Answer is a Big YES!
October 29, 2019 at 8:19 amAs we get deeper and deeper into the digital age, the ever-growing demand for the creation, storage, dissemination and destruction of Big Data continues to drive the development of increasingly complex technology. Today the average consumer can create and store more data in more ways and at a faster rate than ever before; likewise, the capability of organizations to create, harvest and analyze head-spinning amounts of data—at speeds faster than the human eye can blink—is simply unprecedented.
While innovation has exponentially enhanced our ability to communicate, it also brings new challenges and risks that must be given serious consideration. With commerce, healthcare, education, finance, government, and municipal industries fully embracing digital technology to migrate and manage data flow across their entire scope of operations, the stakes arising from compromised, breached, and/or exposed data couldn’t be higher.
Since such data is of inestimable value, protecting it from unauthorized access through end-of-life is essential. Accordingly, legislation and regulations regarding data collection, storage, and destruction for any organizations handling personally identifiable information (PII), classified information, controlled unclassified information (CUI), sensitive but unclassified information (SBU), or information for official use only (FOUO) continuously get more stringent.
Unfortunately, egregious data breaches are becoming almost commonplace, with regular news coverage highlighting the dangers down to the consumer level. After a slight decrease in data breaches from 2017 to 2018, there has been a massive increase from 2018 to 2019. According to the 2019 MidYear QuickView Data Breach Report as of July 2019, 3,813 breaches have exposed over 4.1 billion records. The average cost of each breach is $3.86 million, which equates to an average cost of $148 per lost or stolen record.
Another alarming trend is the growing frequency of attacks on third-party vendors. Criminals have been targeting organizations that provide data management, control, and destruction services for multiple entities, thereby increasing the amount of data that can be harvested from one source. A recent survey found that 59% of companies experienced a third-party data breach in 2018.
So how does an organization protect itself?
Data encryption, management, transference, and destruction are increasingly robust tasks, which often prompts companies to rely on third-party solutions to help mitigate in-house workload. Doing so, however, represents the single largest cause of data security violations.
Using a third party for your data destruction puts your organization at high risk during multiple touchpoints within the destruction process. The first point of risk is immediate—the transfer of the data from your facility to the third-party destruction facility. To ensure maximum safety, classified data and sensitive data such as PII, CUI, SBU, and FOUO should be destroyed immediately and on site at end-of-life.
Several concrete examples serve to illustrate the severe risks inherent in using third-party, off-site sources for IT asset disposition (ITAD). Particularly concerning are real-life episodes in which third-party providers do not destroy the data as promised (which has been documented as occurring at all levels of commerce). In one such instance, a man went to a Best Buy in Cincinnati, OH, in 2005 to replace a hard drive and was assured that his old one would be destroyed. Six months later, however, he received a phone call from a complete stranger in Chicago who had purchased his hard drive for $25 at a local flea market. The stranger was able to contact the man because all his personal information was still stored on the hard drive.
In 2009, British telecom firm BT and the University of Glamorgan randomly purchased 300 hard disks from various fairs and auctions and discovered that 34% of them still housed personal data. In fact, in addition to banking and medical details, the research team even found Terminal High Altitude Area Defense (THAAD) data pertaining to missile defense systems.
In 2017, technology firm Kroll Ontrack purchased 64 used hard drives on eBay. The company discovered that more than 50% of the hard drives contained sensitive data, sometimes belonging to commercial organizations. It was determined that one of the drives originated at a company that reportedly used a service provider to erase and sell its old drives; the drive still contained sensitive information, including home addresses, phone numbers, user names, credit card details, and a database containing a host of employee-related information.
Just this year, Finnish company Blancco published the results of a study in which it purchased 159 used hard drives on eBay from American and European sellers who stated the data had been wiped clean prior to resale. Nonetheless, 42% of the hard drives housed data from the previous owner, and 15% contained PII, such as passports, birth certificates, financial records, internal FOUO emails, and files from a freight company that included vehicle registrations and records from a school containing student photos, names,, and grades.
Clearly, the solution is to thoroughly destroy personal and sensitive data—well past the point of possible reconstruction—when it reaches end-of-life. Although many companies claim to provide this service, the only way to guarantee the data is completely obliterated is to destroy it in-house with properly rated equipment. The National Security Agency (NSA) and the Central Security Service (CSS) maintain an updated list of evaluated and approved devices for data destruction—from paper and optical media to hard disks and solid state drives.
At SEM, we take data destruction seriously. We have destruction devices that meet and frequently exceed all current requirements for even the highest levels of security. An investment in in-house destruction equipment is more cost-effective than employing a third-party service long term—but, most importantly, such an investment eliminates potentially catastrophic risks associated with data breaches.
For more information on the importance of maximizing every square foot of your facility with in-house data destruction, you can hear from Ben Figueroa, SEM’s Global Commercial Sales Director, below.