Tag: sem shredder

The Shifting Sands of Data End-Of-Life Destruction

October 7, 2019 at 1:09 pm by Paul Falcone

Ever-increasing data volume is driving change in technology and associated compliance regulations

In this age of Big Data, consumers and organizations alike demand the ability to harvest, create, store, and analyze more data without compromising operation speed. The need for increased storage capacity hard drives and optimal transference of data often eclipses what is currently available on the market. However, things will change soon with the planned introduction of innovative data-writing technologies that will serve to “cram” more data on a disk (i.e., write more data on less surface), thereby increasing data density to yield larger-capacity hard drives.

At the same time, mandated compliance regulations concerning data security are constantly evolving to keep pace with the ever-changing landscape of more complex technology and heightened criminal sophistication. The National Security Administration (NSA), Central Security Service (CSS), National Institute of Standards and Technology (NIST), and Information Security Oversight Office (ISOO) work to keep federal standards of data storage and destruction ahead of cybercriminals, who continue to discover new ways of breaching data security walls. Likewise, numerous regulations are also in place for commercial organizations.

Organizations working with data pertaining to classified information, controlled unclassified information (CUI), information for official use only (FOUO), sensitive but unclassified information (SBU), personal health information (PHI), or personally identifiable information (PII) must be vigilant about following trends in data technology, data-security regulations, data crime, and data end-of-life destruction; otherwise, they risk exposure to a data breach.

Recent trends of note

Manufacturers of data storage technology are always trying to accommodate consumer demand, while simultaneously serving the high security needs of organizations and government agencies. Recently, consumer products such as video cameras and camcorders have become significantly more sophisticated, providing users with a more powerful and engaging experience—and storing more data than ever.

For example, a mere ten years ago it was rare to have the average consumer fill even a one-terabyte hard drive. Today, consumers are “chomping at the bit” for more and more memory-storage capacity within their machines, so they can rid themselves of external hard drives, thumb drives, and discs.

As mentioned, this development has prompted major hard drive manufacturers such as Seagate and Western Digital to develop new writing technologies that increase data density. In turn, this requires that more durable materials be used in hard drive construction. Essentially, since data will be “packaged” closer together within the hard drive, it’s critical that construction materials be highly stable and only modifiable during the writing process. These denser hard drives are commonly referred to as enterprise drives since they are typically found in enterprise environments. This will make destroying “average” hard drives analogous to destroying enterprise hard drives, which are engineered to withstand higher temperatures and 24/7 usage, and are constructed with heavy-duty components. As such, organizations will be forced to adapt and/or upgrade their data storage and data destruction capabilities. Currently, SEM is the only manufacturer to engineer devices specifically for enterprise drive destruction.

Given these developments, it’s not surprising that legislation regulating data destruction continues to get more stringent. The new standards for CUI established by the ISOO in Executive Order 13556 are a prime example. The directive delineates clear requirements for the destruction of CUI at the end of life. Specifically, all paper containing CUI must be destroyed by using either cross-cut shredders that produce particles no larger than 1mm x 5mm or by using a disintegrator equipped with a 2.4mm security screen. Any agency in the public or private sector that handles CUI, FOUO, PII, or SBU is subject to regulation under Executive Order 13556.

Likewise, the NSA and the CSS act jointly to keep the NSA/CSS Evaluated Products Lists for secure data destruction up to date with current standards for government classified data. Standards exist for all types of storage media, including solid state and hard disk drives, magnetic media, optical media, and paper. Recently, new standards for optical media were issued that require CDs to be destroyed to a maximum edge size of 5mm, and DVDs and Blu-ray Discs to be destroyed to a maximum edge size of 2mm. (Previously, requirements for DVDs were 5mm and Blu-Ray discs could only to be incinerated.) As these standards change, previously compliant destruction devices may no longer be acceptable, forcing users to adapt.

As the industry innovates, so do the criminals

In recent years, the growth of massive data breaches has reached a level that has affected branches of government, some of the largest businesses in the United States, and even entire cities and municipalities. In response, the NSA/CSS and the ISOO continue to “raise the bar” on data destruction manufacturers to produce devices that can better prevent destroyed data from being reassembled and used maliciously.

hard-drive-shredder

All agencies and businesses that collect, house, and destroy classified, CUI, FOUO, PII or SBU must ensure data is protected from the moment of collection until the end-of-life, in accordance with the standards established by the appropriate agency. Any organization not in compliance leaves itself vulnerable to a catastrophic data breach that could put its employees, vendors, partners, and/or customers at risk.

In short, as data destruction security standards tighten, government agencies and private businesses must always ensure that the destruction devices they use are compliant.

When considering your organization’s data destruction process, it behooves you to plan for stricter regulations than currently required. By doing so, you will save on the associated costs of meeting new requirements as they are introduced. At SEM, we offer equipment that often exceeds the specified requirements for destruction, such as our Model 344 paper shredder and our line of enterprise class drive destroyers.

Data Destruction Devices and The Importance of Maintenance

September 9, 2019 at 8:02 am by Paul Falcone

Data destruction devices are pretty simple when it boils down to purpose: destruction – put a drive in, it gets shredded. With that in mind, how important is maintenance? Just like with all machines, maintenance is vital with data destruction devices, and the machines need to be periodically checked and serviced to make sure that they are running safely and properly.

Types of Maintenance Needed

An IT data destruction device is made to disintegrate, shred, or crush drives; as a result, they generally have trays to catch any bits of drive that missed the take-away conveyors. These bits can be harmful to the longevity of the machine if they are left in the tray, so the trays should be emptied daily to increase the lifespan of the machine. Furthermore, the backs of the devices can get buildups of metal fragments, which need to be cleaned out. In the case of HDD shredders, the cutting heads should be checked for excess magnet buildup. These are all fairly simple tasks, and if possible should be taken care of daily to help increase the health of the machine.

For more in-depth maintenance, technicians should check the machines about three times a year. Essentially, they will take a look around the interior of the machines and clean it out whilst also making sure that everything is running as it should be. The technicians will also lubricate the important parts of the machines to ensure everything runs smoothly.

Why Maintenance Matters

Maintenance is vital for the shredders and crushers, like it is with most machines. The first and simplest reason for its importance is if the machine isn’t running properly, it could function poorly, and data could be recovered from improperly destroyed drives. In that case, a data breach happens, and you could be held accountable for the negligence. On top of that, if the machine isn’t properly taken care of, it could become slower and sluggish, and could even break down completely. In that case, your data destruction programs stops and that you cannot dispose of safely. Lastly, a machine that is not serviced can become damaged, whether from dull blades adding strain onto the motor or loose belts allowing too much gear movement or any number of issues. Repairing a damaged machine is far more costly than preventing the damage in the first place with a scheduled maintenance plan.Maintenance is a simple way to save money in the long term. By ensuring your machines are in tip top shape, you grant them the longest lifespan possible, which in turn means not spending unnecessary money on costly repairs or new machines when the older ones could still be running perfectly well. While technician check-ups cost money short term, the money saved in the long run easily provides a significant return on investment.

The day to day maintenance will eventually become routine and simple, and you will get a feel for the machine and know when the daily maintenance is done. For the less routine maintenance, factory authorized service technicians will be able to determine parts that need maintenance, such as worn belts or cutters, misaligned gears, or any number of mechanical issues. Their eyes are trained to see problems or potential issues with the machines, and they will be able to see things that the operators cannot.

To Summarize

Maintenance is extremely important for data destruction devices. There is the daily maintenance, which becomes routine and is fairly simple to do. There is also the more technical maintenance, where service technicians come in for routine service. Both types of maintenance are vital to the machine to ensure maximum lifespan and to ensure everything is running properly, and, most importantly, is safely destroying your data.

Why Casinos Shouldn’t Gamble on Data Security

June 21, 2019 at 4:51 pm by Paul Falcone

Casinos have long been high-risk targets for theft and fraud. As such, most gambling institutions establish stringent policies in anticipation of every possible criminal heist activity, and some even partner with security firms to further ensure safeguards are met and followed. Yet, casinos are still playing catch-up in their policies and procedures to safeguard against digital heists, even though they are a veritable treasure trove of private and personally identifying information (PII).

The Perils to Overlooked Casino Data

Casinos often offer more than just a place for adults to gamble. Most include hotels, stores, restaurants, and entertainment experiences on the casino premises, and all payment transactions through these businesses funnel through the casino’s payment processing system. There’s also a plethora of ATMs strategically placed across gaming floors to make sure customers can continue to play and spend money with the casino with ease. And let’s not forget the casino reward cards given out to players to use during their visit which requires PII like name, birth date and address to sign up. In short, casinos store and promise to protect mass amounts of sensitive and private data. Whether the data is stored in drives on the premises or with a third-party cloud system, casinos must establish an equally strict set of regulations on the handling, management, and disposal of all data that passes through their doors.

If that isn’t complicated enough, casinos must also establish data protection and disposal policies that incorporate the myriad of state and federal privacy regulations that have recently arisen. Though there are no laws (yet) specific to casinos for mandating data safeguarding, these businesses must comply with their state’s financial privacy regulations and consumer protection and privacy laws as well as those set by the federal government. Casino operators can make this easier by complying with industry encryption standards as well as by limiting their data-sharing partnerships. And, of course, as with physical heists, casinos should have data breach notification plans and safeguarding procedures outlined in their overall IT security measures.

Securing Data at Game-Level

There’s also the security around the gaming personnel and game pieces like chips, playing cards, and dice to consider. All casino personnel are issued their own personal identification badges and keycards for secure entry into private areas of the casino, including non-gaming areas where money and data is stored. Ensuring the security of these keycards is therefore paramount, especially when they reach end-of-life and need to be disposed of properly.

Additionally, play data is tracked through advanced technology like invisible bar codes on cards, weight sensors for dice, and radio-frequency identification (RFID) embedded in the chips. Chips are also uniquely designed for each casino, with identifying marks like color combinations for the edges and UV markings on the chip inlay that are impossible to replicate. This makes it easier for casinos to identify counterfeit chips as well as chips that do not belong to their establishment (and therefore cannot be used in play or turned in for cash).

Complying with Security Regulations for Data Disposal

As part of their stringent policies to thwart fraud and criminal heist activity, casinos must also establish security measures for the destruction and disposal of these authorized personnel keycards and for the playing cards, dice, and chips when they reach end-of-life. The same can be said for any hard copy paperwork and digital data stored in drives or on a cloud system, whether it be consumer PII or casino-specific information.

It’s recommended that a casino purchase data destruction devices from a vendor like SEM to keep on-site and thereby further limit access to the data and devices during destruction. SEM, in fact, has been supplying destruction equipment to the gaming industry and casinos throughout the globe for decades, offering several casino and gaming destruction solutions for the proper and irrevocable destruction of playing cards, dice, casino chips, and ID/keycards.

In short, if casino operators don’t comply with consumer privacy and data regulations as well as security regulations to minimize fraud and theft, you might as well call it: game over.